version 17.3R2.10;
system {
    host-name vr-vqfx;
    root-authentication {
        encrypted-password "$1$a$/nr2uXmtaTqW504hxM3Yw0"; ## SECRET-DATA
    }
    login {
        user admin {
            uid 2001;
            class super-user;
            authentication {
                encrypted-password "$6$g7XN4vy8$S7d7Xl5RDgnFhzYgGNhvKDot4vEAiMo8ZFipF7WWGmSbih8xbnaSWmAnJn5/nSq3mA2gOs/ts6pBv2PPi3yYO."; ## SECRET-DATA
            }
        }
        user boxen {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$a$/nr2uXmtaTqW504hxM3Yw0"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh;
        telnet;
        netconf {
            ssh;
            rfc-compliant;
        }
        web-management {
            http {
                interface fxp0.0;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: 'queue-size' is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
        }
        security-zone untrust {
            screen untrust-screen;
        }
    }
}
interfaces {
    fxp0 {
        unit 0 {
            family inet {
                address 10.0.0.15/24;
            }
        }
    }
}