http://oneconfig.com/solutions/by-use-case/srx-evaluations/
1- delete all config
2- add mgt address
3- Download & install IDP database
4- copy and paste the OneConfig
1- delete all config
delete
...
1.1 functional zone ( management zone)
3- Download & install IDP database
request security idp security-package download
request security idp security-package install
set security forwarding-process enhanced-services-modecommit and-quit
>>> request system reboot
4- copy and paste the OneConfig
load set terminal
>>>>>> CTRL + d ( at the end ) +then commit
set system host-name SRXbuffalo
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system login announcement "BUFFALO GOLDEN CONFIG V2.6"
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system name-resolution no-resolve-on-input
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set services ssl initiation profile ssli protocol-version all
set services ssl initiation profile ssli actions ignore-server-auth-failure
set services ssl initiation profile ssli trusted-ca all
set services ssl initiation profile ssli actions crl disable
set security log mode stream
set security log format sd-syslog
set security log source-interface ge-0/0/0.0
set security log transport protocol tls
set security log transport tls-profile ssli
set security log stream oneconfig severity debug
set security log stream oneconfig category all
set security log transport protocol tls tcp-connections 1
set security log stream oneconfig rate-limit 300
set #set interfaces ge-0/0/0 unit 0 family inet dhcp
set interfaces ge-0/0/0 description " Outbound interface to the Internet "
set #set security zones security-zone LAN-ACCESS host-inbound-traffic protocols all
set #set security zones security-zone LAN-ACCESS interfaces ge-0/0/0.0
set #set security zones security-zone LAN-ACCESS host-inbound-traffic system-services all
delete system autoinstallation
set chassis alarm management-ethernet link-down ignore
set interfaces ge-0/0/1 promiscuous-mode
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set interfaces ge-0/0/1 description " Tap Mode "
set interfaces ge-0/0/1 unit 0 family inet address 192.168.255.1/24 arp 192.168.255.254 mac 00:00:01:01:01:01
set routing-instances Sniffer instance-type virtual-router
set routing-instances Sniffer routing-options static route 0.0.0.0/0 next-hop 192.168.255.254
set routing-instances Sniffer interface ge-0/0/1.0
set vlans eval vlan-id 10
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members eval
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan -id 10members eval
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members eval
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members eval
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members evalinterface-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members evalinterface-mode access
set interfaces ge-0/0/2 4 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/3 5 unit 0 family ethernet-switching interface-mode access
set services application-identification
set security application-tracking
set security application-tracking session-update-interval 180
set security flow tcp-session no-syn-check
set security flow tcp-session no-sequence-check
set security forwarding-process enhanced-services-mode
set security zones security-zone Sniffer host-inbound-traffic protocols all
set security zones security-zone Sniffer host-inbound-traffic system-services all
set security zones security-zone Sniffer interfaces ge-0/0/1.0
set security zones security-zone Sniffer application-tracking
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match source-address any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match destination-address any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match application any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then permit application-services idp
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then permit application-services utm-policy UTM-POC
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then log session-close
set security zones security-zone Inline host-inbound-traffic protocols all
set security zones security-zone Inline host-inbound-traffic system-services all
set security zones security-zone Inline interfaces ge-0/0/2.0
set security zones security-zone Inline interfaces ge-0/0/3.0
set security zones security-zone Inline application-tracking
set security policies from-zone Inline to-zone Inline policy Inline1 match source-address any
set security policies from-zone Inline to-zone Inline policy Inline1 match destination-address any
set security policies from-zone Inline to-zone Inline policy Inline1 match application any
set security policies from-zone Inline to-zone Inline policy Inline1 then permit application-services idp
set security policies from-zone Inline to-zone Inline policy Inline1 then permit application-services utm-policy UTM-POC
set security policies from-zone Inline to-zone Inline policy Inline1 then log session-close
...
set system services ssh protocol-version v2
set system login user oneconfig class super-user
set system login user oneconfig authentication encrypted-password $1$oneconfi$JnzIHO9k1Ku3lrc7NGqKt0
set system services outbound-ssh client oneconfig-ncd01 device-id srx320-jnprjkriker
set system services outbound-ssh client oneconfig-ncd01 secret c178338103a4de0bb32b4b919a94268e
set system services outbound-ssh client oneconfig-ncd01 services netconf keep-alive retry 3 timeout 5
set system services outbound-ssh client oneconfig-ncd01 ncd01.oneconfig.com port 4087 timeout 60 retry 1000
set system services outbound-ssh client oneconfig-ncd02 device-id srx320-jnprjkriker
set system services outbound-ssh client oneconfig-ncd02 secret c178338103a4de0bb32b4b919a94268e
set system services outbound-ssh client oneconfig-ncd02 services netconf keep-alive retry 3 timeout 5
set system services outbound-ssh client oneconfig-ncd02 ncd02.oneconfig.com port 4087 timeout 60 retry 1000
set security log mode stream
set security log transport protocol tls tls-profile oneconfig tcp-connections 1
set security log stream oneconfig severity debug category all
set security log stream oneconfig rate-limit 300
set services ssl initiation profile oneconfig protocol-version all
set services ssl initiation profile oneconfig actions ignore-server-auth-failure crl disable
set security log stream oneconfig host 138.68.58.31 port 5261
### Customize your source-interface for on device setup (uncomment next line)
# set security log source-interface ge-0/0/0.0
#JLK add on:
set vlans eval vlan-id 10
set vlans eval l3-interface irb.0
set interfaces irb unit 0 family inet address 192.168.10.1/24
set vlans eval l3-interface irb.0
set security zones security-zone Inline interfaces irb.0