Compare commits
1 Commits
ai-suggest
...
ai-suggest
| Author | SHA1 | Date | |
|---|---|---|---|
|
b010ecab15 |
33
ai-suggestions/suggestion-20250904-214416.conf
Normal file
33
ai-suggestions/suggestion-20250904-214416.conf
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
# AI-Generated SRX Configuration
|
||||||
|
# Generated: 2025-09-04T21:44:16.799400
|
||||||
|
# Analysis Period: Last 7 days
|
||||||
|
|
||||||
|
# MANDATORY: Address-set definitions
|
||||||
|
set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
|
||||||
|
set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
|
||||||
|
set security address-book global address-set DMZ-NETS address 10.0.0.0/8
|
||||||
|
### Address Book Entries:
|
||||||
|
# SECURITY FOCUS: Generate ONLY advanced security enhancements
|
||||||
|
### Rate Limiting per source IP:
|
||||||
|
set security screen rate-limit-extended WAN-screen icmp-flood-threshold 20
|
||||||
|
set security screen rate-limit-extended WAN-screen tcp-syn-flood-attack-threshold 20
|
||||||
|
set security screen rate-limit-extended WAN-screen udp-flood-protection threshold 20
|
||||||
|
set security zones security-zone WAN screen WAN-screen
|
||||||
|
### DDoS Protection Screens:
|
||||||
|
set security screen ids-option WAN-screen icmp-flood-threshold 20
|
||||||
|
set security screen ids-option WAN-screen tcp-syn-flood-attack-threshold 20
|
||||||
|
set security screen ids-option WAN-screen udp-flood-protection threshold 20
|
||||||
|
set security screen WAN-screen enable-logging session-init session-close
|
||||||
|
### IDS/IPS Features:
|
||||||
|
set security policy-map WAN-policy custom-policy
|
||||||
|
set security policy-map WAN-policy custom-policy apply rule id <urn:ietf:params:xml:ns:yang:ietf-ipsec-profile> profile-name custom-profile
|
||||||
|
set security application-identity WAN-screen custom-identity
|
||||||
|
set security application-identity WAN-screen custom-identity policy-map WAN-policy
|
||||||
|
### Address Book Entries:
|
||||||
|
### Example commands to generate:
|
||||||
|
set security screen ids-option WAN-screen icmp flood threshold 20
|
||||||
|
set security screen ids-option WAN-screen tcp syn flood attack threshold 20
|
||||||
|
set security screen rate limit extended WAN-screen icmp flood threshold 20
|
||||||
|
set security screen rate limit extended WAN-screen udp flood protection threshold 20
|
||||||
|
set security policy-map WAN-policy custom-policy
|
||||||
|
set security application-identity WAN-screen custom-identity
|
||||||
@@ -1,70 +0,0 @@
|
|||||||
# AI-Generated SRX Configuration
|
|
||||||
# Generated: 2025-09-05T03:46:04.520883
|
|
||||||
# Analysis Period: Last 7 days
|
|
||||||
|
|
||||||
# MANDATORY: Address-set definitions
|
|
||||||
set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
|
|
||||||
set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
|
|
||||||
set security address-book global address-set DMZ-NETS address 10.0.0.0/8
|
|
||||||
set security screen ids-option WAN-screen icmp flood threshold 20
|
|
||||||
# Prevent ICMP floods from overwhelming the network
|
|
||||||
set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20
|
|
||||||
# Protect against TCP SYN floods
|
|
||||||
set security screen ids-option WAN-screen udp-flood-protection threshold 20
|
|
||||||
# Prevent UDP floods from consuming bandwidth
|
|
||||||
set security address-book entry ANY-EXTERNAL to 0.0.0.0/0
|
|
||||||
# Define address book entry for any external source
|
|
||||||
set security address-book entry DISCORD-NET1 to 162.159.0.0/16
|
|
||||||
# Define address book entry for Discord net1
|
|
||||||
set security address-book entry GAMING-NETWORK to 192.168.10.0/24
|
|
||||||
# Define address book entry for gaming network
|
|
||||||
set security logging session-init enable
|
|
||||||
# Enable logging for all sessions
|
|
||||||
set security logging session-close enable
|
|
||||||
# Enable logging for all session closures
|
|
||||||
set security idps-signature-set input-tag 1000
|
|
||||||
# Define IDPS signature set for input tag 1000
|
|
||||||
set security idps-signature-set output-tag 2000
|
|
||||||
# Define IDPS signature set for output tag 2000
|
|
||||||
set security application-control rule WAN-rule permit any
|
|
||||||
# Allow all traffic from WAN to home network
|
|
||||||
set security application-control rule HOME-rule permit any
|
|
||||||
# Allow all traffic from home network to WAN
|
|
||||||
set security application-control rule GUEST-rule permit any
|
|
||||||
# Allow all traffic from guest network to WAN
|
|
||||||
set security application-control rule IOT-rule permit any
|
|
||||||
# Allow all traffic from IoT network to WAN
|
|
||||||
set security application-control rule ENTERTAINMENT-rule permit any
|
|
||||||
# Allow all traffic from entertainment network to WAN
|
|
||||||
set security application-control rule MGMT-rule permit any
|
|
||||||
# Allow all traffic from management network to WAN
|
|
||||||
set security application-control rule INFRA-rule permit any
|
|
||||||
# Allow all traffic from infrastructure network to WAN
|
|
||||||
set security rate-limiting rule source-address WAN-rule any 1000/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on WAN to 1000 packets per second
|
|
||||||
set security rate-limiting rule source-address HOME-rule any 500/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on home network to 500 packets per second
|
|
||||||
set security rate-limiting rule source-address GUEST-rule any 300/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on guest network to 300 packets per second
|
|
||||||
set security rate-limiting rule source-address IOT-rule any 200/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on IoT network to 200 packets per second
|
|
||||||
set security rate-limiting rule source-address ENTERTAINMENT-rule any 150/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on entertainment network to 150 packets per second
|
|
||||||
set security rate-limiting rule source-address MGMT-rule any 100/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on management network to 100 packets per second
|
|
||||||
set security rate-limiting rule source-address INFRA-rule any 50/sec
|
|
||||||
# Limit the rate of incoming traffic from any source on infrastructure network to 50 packets per second
|
|
||||||
set security rate-limiting rule destination-address WAN-rule any 1000/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on WAN to 1000 packets per second
|
|
||||||
set security rate-limiting rule destination-address HOME-rule any 500/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on home network to 500 packets per second
|
|
||||||
set security rate-limiting rule destination-address GUEST-rule any 300/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on guest network to 300 packets per second
|
|
||||||
set security rate-limiting rule destination-address IOT-rule any 200/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on IoT network to 200 packets per second
|
|
||||||
set security rate-limiting rule destination-address ENTERTAINMENT-rule any 150/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on entertainment network to 150 packets per second
|
|
||||||
set security rate-limiting rule destination-address MGMT-rule any 100/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on management network to 100 packets per second
|
|
||||||
set security rate-limiting rule destination-address INFRA-rule any 50/sec
|
|
||||||
# Limit the rate of outgoing traffic to any destination on infrastructure network to 50 packets per second
|
|
||||||
Reference in New Issue
Block a user