Add AI security improvements with feedback learning

Initial commit
2025-09-05 00:25:04 +00:00 · 2025-09-04 21:38:13 +00:00
3 changed files with 11 additions and 24 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,2 @@
+# SRX AI Configuration Repository
+AI-generated network configurations for Juniper SRX
--- a/ai-suggestions/suggestion-20250905-031932.conf
+++ b/ai-suggestions/suggestion-20250905-031932.conf
@@ -1,24 +0,0 @@
-# AI-Generated SRX Configuration
-# Generated: 2025-09-05T03:19:32.980510
-# Analysis Period: Last 7 days
-
-set security screen ids-option WAN-screen icmp flood threshold 20
-set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20
-set security zones security-zone WAN screen WAN-screen
-set security policy INGRESS-POLICY permit ip any any -> any any any (policy-name "INGRESS-POLICY")
-set security policy EGRESS-POLICY deny ip any any -> any any any (policy-name "EGRESS-POLICY")
-set security address-book entry ANY-EXTERNAL 0.0.0.0/0
-set security address-book entry DISCORD-NET1 162.159.0.0/16
-set security address-book entry GAMING-NETWORK 192.168.10.0/24
-set security address-book entry LAPTOP-BATTLENET 192.168.20.111/32
-set security address-book entry RFC1918-1 10.0.0.0/8
-set security address-book entry RFC1918-2 172.16.0.0/12
-set security address-book entry RFC1918-3 192.168.0.0/16
-set security screen ids-option WAN-screen udp-flood-protection threshold 20
-set security screen ids-option WAN-screen http-flood-protection threshold 20
-set security policy INGRESS-POLICY permit ip any any -> any any any (policy-name "INGRESS-POLICY")
-set security policy EGRESS-POLICY deny ip any any -> any any any (policy-name "EGRESS-POLICY")
-set security id 10.0.0.1 permit ip any any -> any any any (policy-name "INGRESS-POLICY")
-set security id 10.0.0.2 deny ip any any -> any any any (policy-name "EGRESS-POLICY")
-set security address-book entry NEST-THERMO 192.168.40.20/32
-set security address-book entry WYZE-CAM-1 192.168.40.106/32
--- a/ai_suggestions.conf
+++ b/ai_suggestions.conf
@@ -0,0 +1,9 @@
+# MANDATORY: Address-set definitions
+set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
+set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
+set security address-book global address-set DMZ-NETS address 10.0.0.0/8
+
+# DDoS Protection - Fixed thresholds (no XML!)
+set security screen ids-option WAN-screen icmp flood threshold 20
+set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20
+set security zones security-zone WAN screen WAN-screen
Author	SHA1	Message	Date
netops	9b03b78da3	Add AI security improvements with feedback learning	2025-09-05 00:25:04 +00:00
netops	c05ce2eb26	Initial commit	2025-09-04 21:38:13 +00:00