Compare commits
1 Commits
ai-suggest
...
ai-suggest
| Author | SHA1 | Date | |
|---|---|---|---|
|
b010ecab15 |
33
ai-suggestions/suggestion-20250904-214416.conf
Normal file
33
ai-suggestions/suggestion-20250904-214416.conf
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
# AI-Generated SRX Configuration
|
||||||
|
# Generated: 2025-09-04T21:44:16.799400
|
||||||
|
# Analysis Period: Last 7 days
|
||||||
|
|
||||||
|
# MANDATORY: Address-set definitions
|
||||||
|
set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
|
||||||
|
set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
|
||||||
|
set security address-book global address-set DMZ-NETS address 10.0.0.0/8
|
||||||
|
### Address Book Entries:
|
||||||
|
# SECURITY FOCUS: Generate ONLY advanced security enhancements
|
||||||
|
### Rate Limiting per source IP:
|
||||||
|
set security screen rate-limit-extended WAN-screen icmp-flood-threshold 20
|
||||||
|
set security screen rate-limit-extended WAN-screen tcp-syn-flood-attack-threshold 20
|
||||||
|
set security screen rate-limit-extended WAN-screen udp-flood-protection threshold 20
|
||||||
|
set security zones security-zone WAN screen WAN-screen
|
||||||
|
### DDoS Protection Screens:
|
||||||
|
set security screen ids-option WAN-screen icmp-flood-threshold 20
|
||||||
|
set security screen ids-option WAN-screen tcp-syn-flood-attack-threshold 20
|
||||||
|
set security screen ids-option WAN-screen udp-flood-protection threshold 20
|
||||||
|
set security screen WAN-screen enable-logging session-init session-close
|
||||||
|
### IDS/IPS Features:
|
||||||
|
set security policy-map WAN-policy custom-policy
|
||||||
|
set security policy-map WAN-policy custom-policy apply rule id <urn:ietf:params:xml:ns:yang:ietf-ipsec-profile> profile-name custom-profile
|
||||||
|
set security application-identity WAN-screen custom-identity
|
||||||
|
set security application-identity WAN-screen custom-identity policy-map WAN-policy
|
||||||
|
### Address Book Entries:
|
||||||
|
### Example commands to generate:
|
||||||
|
set security screen ids-option WAN-screen icmp flood threshold 20
|
||||||
|
set security screen ids-option WAN-screen tcp syn flood attack threshold 20
|
||||||
|
set security screen rate limit extended WAN-screen icmp flood threshold 20
|
||||||
|
set security screen rate limit extended WAN-screen udp flood protection threshold 20
|
||||||
|
set security policy-map WAN-policy custom-policy
|
||||||
|
set security application-identity WAN-screen custom-identity
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
# AI-Generated SRX Configuration
|
|
||||||
# Generated: 2025-09-05T03:46:59.387474
|
|
||||||
# Analysis Period: Last 7 days
|
|
||||||
|
|
||||||
{'config': 'set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security address-book global address-set DMZ-NETS address 10.0.0.0/8', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security screen ids-option WAN-screen icmp flood threshold 20', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security screen ids-option WAN-screen udp-flood-protection threshold 20', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security address-book entry ANY-EXTERNAL to 0.0.0.0/0', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security address-book entry DISCORD-NET1 to 162.159.0.0/16', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security address-book entry GAMING-NETWORK to 192.168.10.0/24', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security logging session-init enable', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security logging session-close enable', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security idps-signature-set input-tag 1000', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security idps-signature-set output-tag 2000', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule WAN-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule HOME-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule GUEST-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule IOT-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule ENTERTAINMENT-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule MGMT-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security application-control rule INFRA-rule permit any', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address WAN-rule any 1000/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address HOME-rule any 500/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address GUEST-rule any 300/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address IOT-rule any 200/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address ENTERTAINMENT-rule any 150/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address MGMT-rule any 100/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule source-address INFRA-rule any 50/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address WAN-rule any 1000/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address HOME-rule any 500/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address GUEST-rule any 300/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address IOT-rule any 200/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address ENTERTAINMENT-rule any 150/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address MGMT-rule any 100/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
{'config': 'set security rate-limiting rule destination-address INFRA-rule any 50/sec', 'reason': 'AI-generated optimization'}
|
|
||||||
Reference in New Issue
Block a user