Thank u this is the best explaination.
2. i would also like to have inside to have acces to the internet.
A:I'm not sure which is your inside zone, so I can't comment about it. However, you can follow the same as the above-mentioned security policies to access the internet from inside to outside. But I have a concern regarding one of our policies where you have allowed anyone from the Internet can access your Trust side. This means you're exposing your trust side all over the internet.
the srx config that i have send is an old config. I have put some limitation on the security policy untrust to zone trust. is only allowed to established ssh and https.
The appropriate configuration would be,
policies {
from-zone trust to-zone untrust {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit