security {
    zones {
        security-zone DMZ {
            replace: address-book {
                address RFC1918_0 10.0.0.0/8;
                address RFC1918_1 172.16.0.0/12;
                address RFC1918_2 192.168.0.0/16;
                address-set RFC1918 {
                    address RFC1918_0;
                    address RFC1918_1;
                    address RFC1918_2;
                }
            }
        }
    }
    replace: policies {
        /*
        $Id: ./filters/sample_srx.srx $
        $Date: 2015/03/26 $
        */
        from-zone Untrust to-zone DMZ {
            policy test-tcp {
                match {
                    source-address any;
                    destination-address [ RFC1918 ];
                    application test-tcp-app;
                }
                then {
                    permit;
                    log {
                        session-init;
                    }
                }
            }
            policy test-icmp {
                match {
                    source-address any;
                    destination-address [ RFC1918 ];
                    application test-icmp-app;
                }
                then {
                    permit;
                }
            }
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
    }
}
replace: applications {
    application-set test-tcp-app {
        application test-tcp-app1;
        application test-tcp-app2;
    }
    application test-tcp-app1 {
        term t1 protocol tcp;
    }
    application test-tcp-app2 {
        term t2 protocol udp;
    }
    application test-icmp-app {
        term t1 protocol icmp icmp-type 0 inactivity-timeout 60;
        term t2 protocol icmp icmp-type 8 inactivity-timeout 60;
    }
}