vSRX: ge-0/0/0 { description "to vMX"; unit 0 { family inet { address 10.100.80.2/30; } } } ge-0/0/1 { description "Downstream to vQFX"; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members all; } } } } ge-0/0/2 { description "Internet"; unit 0 { family inet { address 180.200.5.2/30; } } } fxp0 { unit 0 { family inet { address 192.168.1.82/24; } } } irb { unit 81 { family inet { address 192.81.1.1/24; } } unit 82 { family inet { address 192.81.2.1/24; } } } lo0 { unit 0 { family inet { address 10.5.80.3/32; } } } Security Policies: policies { from-zone trust to-zone trust { policy intra-zone-communication { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone untrust { host-inbound-traffic { system-services { ping; traceroute; } } interfaces { ge-0/0/2.0; } } security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; lo0.0; irb.81; irb.82; } } } vQFX: xe-0/0/0 { description "Upstream to vSRX"; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members all; } } } } xe-0/0/1 { description "Downstream to Tiny Core Host"; unit 0 { family ethernet-switching { interface-mode access; vlan { members End-User-Devices; } } } } em0 { unit 0 { family inet { address 192.168.1.83/24; } } } em1 { unit 0 { family inet { address 169.254.0.2/24; } } }