Add AI-generated configuration suggestions for 2025-09-05

2025-09-05 03:33:00 +00:00
2 changed files with 25 additions and 70 deletions
--- a/ai-suggestions/suggestion-20250905-033300.conf
+++ b/ai-suggestions/suggestion-20250905-033300.conf
@@ -0,0 +1,25 @@
 # AI-Generated SRX Configuration
 # Generated: 2025-09-05T03:33:00.426249
 # Analysis Period: Last 7 days
 {'config': 'set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24', 'reason': 'AI-generated optimization'}
 {'config': 'set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8', 'reason': 'AI-generated optimization'}
 {'config': 'set security address-book global address-set DMZ-NETS address 10.0.0.0/8', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen ids-option WAN-screen icmp flood threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security zones security-zone WAN screen WAN-screen', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS to APP-IDENTITY', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS app-identity junos-https', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS app-identity junos-ssh', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen to THREAT-DETECTION', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen threat-detection source-INTERNAL-NETS -> sid-200', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen threat-detection source-INTERNAL-NETS -> sid-300', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen to ANOMaly-DETECTION', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen anomaly-detection source-INTERNAL-NETS -> sid-400', 'reason': 'AI-generated optimization'}
 {'config': 'set security rate-limit input interface ge-0/0/1.0.0.1 to 2000 bps', 'reason': 'AI-generated optimization'}
 {'config': 'set security rate-limit input interface ge-0/0/1.1.1.1 to 500 bps', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen for WAN-screen', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen icmp-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen udp-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen tcp-syn-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen port-scan-detection enable', 'reason': 'AI-generated optimization'}
--- a/ai-suggestions/suggestion-20250905-034604.conf
+++ b/ai-suggestions/suggestion-20250905-034604.conf
@@ -1,70 +0,0 @@
 # AI-Generated SRX Configuration
 # Generated: 2025-09-05T03:46:04.520883
 # Analysis Period: Last 7 days
 # MANDATORY: Address-set definitions
 set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
 set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
 set security address-book global address-set DMZ-NETS address 10.0.0.0/8
 set security screen ids-option WAN-screen icmp flood threshold 20
 # Prevent ICMP floods from overwhelming the network
 set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20
 # Protect against TCP SYN floods
 set security screen ids-option WAN-screen udp-flood-protection threshold 20
 # Prevent UDP floods from consuming bandwidth
 set security address-book entry ANY-EXTERNAL to 0.0.0.0/0
 # Define address book entry for any external source
 set security address-book entry DISCORD-NET1 to 162.159.0.0/16
 # Define address book entry for Discord net1
 set security address-book entry GAMING-NETWORK to 192.168.10.0/24
 # Define address book entry for gaming network
 set security logging session-init enable
 # Enable logging for all sessions
 set security logging session-close enable
 # Enable logging for all session closures
 set security idps-signature-set input-tag 1000
 # Define IDPS signature set for input tag 1000
 set security idps-signature-set output-tag 2000
 # Define IDPS signature set for output tag 2000
 set security application-control rule WAN-rule permit any
 # Allow all traffic from WAN to home network
 set security application-control rule HOME-rule permit any
 # Allow all traffic from home network to WAN
 set security application-control rule GUEST-rule permit any
 # Allow all traffic from guest network to WAN
 set security application-control rule IOT-rule permit any
 # Allow all traffic from IoT network to WAN
 set security application-control rule ENTERTAINMENT-rule permit any
 # Allow all traffic from entertainment network to WAN
 set security application-control rule MGMT-rule permit any
 # Allow all traffic from management network to WAN
 set security application-control rule INFRA-rule permit any
 # Allow all traffic from infrastructure network to WAN
 set security rate-limiting rule source-address WAN-rule any 1000/sec
 # Limit the rate of incoming traffic from any source on WAN to 1000 packets per second
 set security rate-limiting rule source-address HOME-rule any 500/sec
 # Limit the rate of incoming traffic from any source on home network to 500 packets per second
 set security rate-limiting rule source-address GUEST-rule any 300/sec
 # Limit the rate of incoming traffic from any source on guest network to 300 packets per second
 set security rate-limiting rule source-address IOT-rule any 200/sec
 # Limit the rate of incoming traffic from any source on IoT network to 200 packets per second
 set security rate-limiting rule source-address ENTERTAINMENT-rule any 150/sec
 # Limit the rate of incoming traffic from any source on entertainment network to 150 packets per second
 set security rate-limiting rule source-address MGMT-rule any 100/sec
 # Limit the rate of incoming traffic from any source on management network to 100 packets per second
 set security rate-limiting rule source-address INFRA-rule any 50/sec
 # Limit the rate of incoming traffic from any source on infrastructure network to 50 packets per second
 set security rate-limiting rule destination-address WAN-rule any 1000/sec
 # Limit the rate of outgoing traffic to any destination on WAN to 1000 packets per second
 set security rate-limiting rule destination-address HOME-rule any 500/sec
 # Limit the rate of outgoing traffic to any destination on home network to 500 packets per second
 set security rate-limiting rule destination-address GUEST-rule any 300/sec
 # Limit the rate of outgoing traffic to any destination on guest network to 300 packets per second
 set security rate-limiting rule destination-address IOT-rule any 200/sec
 # Limit the rate of outgoing traffic to any destination on IoT network to 200 packets per second
 set security rate-limiting rule destination-address ENTERTAINMENT-rule any 150/sec
 # Limit the rate of outgoing traffic to any destination on entertainment network to 150 packets per second
 set security rate-limiting rule destination-address MGMT-rule any 100/sec
 # Limit the rate of outgoing traffic to any destination on management network to 100 packets per second
 set security rate-limiting rule destination-address INFRA-rule any 50/sec
 # Limit the rate of outgoing traffic to any destination on infrastructure network to 50 packets per second