策略路由配置模板

set interfaces ge-0/0/0 unit 0 family inet address 192.168.201.231/24
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.2/24
set interfaces vlan unit 0 family inet filter input acl-to-100M
set interfaces vlan unit 0 family inet address 192.168.1.1/24 //配置接口


set routing-options interface-routes rib-group inet to-100M-group
set routing-options static route 0.0.0.0/0 next-hop 192.168.201.251
set routing-options rib-groups to-100M-group import-rib inet.0
set routing-options rib-groups to-100M-group import-rib to-100M.inet.0

set firewall family inet filter acl-to-100M term 1 from source-address 192.168.1.2/32
set firewall family inet filter acl-to-100M term 1 from destination-address 0.0.0.0/0
set firewall family inet filter acl-to-100M term 1 then routing-instance to-100M
set firewall family inet filter acl-to-100M term 2 then accept
deactive firewall family inet filter acl-to-100M term 2 then accept
set routing-instances to-100M instance-type forwarding
set routing-instances to-100M routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
set routing-instances to-100M routing-options static route 0.0.0.0/0 qualified-next-hop 192.168.201.251 preference 100

set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.0
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone untrust interfaces ge-0/0/2.0