From 208a239b4fcf3ed54b13d834bfe30c45cdcc2990 Mon Sep 17 00:00:00 2001 From: AI Orchestrator Date: Fri, 5 Sep 2025 03:46:04 +0000 Subject: [PATCH] Add AI-generated configuration suggestions for 2025-09-05 --- .../suggestion-20250905-034604.conf | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ai-suggestions/suggestion-20250905-034604.conf diff --git a/ai-suggestions/suggestion-20250905-034604.conf b/ai-suggestions/suggestion-20250905-034604.conf new file mode 100644 index 0000000..f78ae48 --- /dev/null +++ b/ai-suggestions/suggestion-20250905-034604.conf @@ -0,0 +1,70 @@ +# AI-Generated SRX Configuration +# Generated: 2025-09-05T03:46:04.520883 +# Analysis Period: Last 7 days + +# MANDATORY: Address-set definitions +set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24 +set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8 +set security address-book global address-set DMZ-NETS address 10.0.0.0/8 +set security screen ids-option WAN-screen icmp flood threshold 20 +# Prevent ICMP floods from overwhelming the network +set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20 +# Protect against TCP SYN floods +set security screen ids-option WAN-screen udp-flood-protection threshold 20 +# Prevent UDP floods from consuming bandwidth +set security address-book entry ANY-EXTERNAL to 0.0.0.0/0 +# Define address book entry for any external source +set security address-book entry DISCORD-NET1 to 162.159.0.0/16 +# Define address book entry for Discord net1 +set security address-book entry GAMING-NETWORK to 192.168.10.0/24 +# Define address book entry for gaming network +set security logging session-init enable +# Enable logging for all sessions +set security logging session-close enable +# Enable logging for all session closures +set security idps-signature-set input-tag 1000 +# Define IDPS signature set for input tag 1000 +set security idps-signature-set output-tag 2000 +# Define IDPS signature set for output tag 2000 +set security application-control rule WAN-rule permit any +# Allow all traffic from WAN to home network +set security application-control rule HOME-rule permit any +# Allow all traffic from home network to WAN +set security application-control rule GUEST-rule permit any +# Allow all traffic from guest network to WAN +set security application-control rule IOT-rule permit any +# Allow all traffic from IoT network to WAN +set security application-control rule ENTERTAINMENT-rule permit any +# Allow all traffic from entertainment network to WAN +set security application-control rule MGMT-rule permit any +# Allow all traffic from management network to WAN +set security application-control rule INFRA-rule permit any +# Allow all traffic from infrastructure network to WAN +set security rate-limiting rule source-address WAN-rule any 1000/sec +# Limit the rate of incoming traffic from any source on WAN to 1000 packets per second +set security rate-limiting rule source-address HOME-rule any 500/sec +# Limit the rate of incoming traffic from any source on home network to 500 packets per second +set security rate-limiting rule source-address GUEST-rule any 300/sec +# Limit the rate of incoming traffic from any source on guest network to 300 packets per second +set security rate-limiting rule source-address IOT-rule any 200/sec +# Limit the rate of incoming traffic from any source on IoT network to 200 packets per second +set security rate-limiting rule source-address ENTERTAINMENT-rule any 150/sec +# Limit the rate of incoming traffic from any source on entertainment network to 150 packets per second +set security rate-limiting rule source-address MGMT-rule any 100/sec +# Limit the rate of incoming traffic from any source on management network to 100 packets per second +set security rate-limiting rule source-address INFRA-rule any 50/sec +# Limit the rate of incoming traffic from any source on infrastructure network to 50 packets per second +set security rate-limiting rule destination-address WAN-rule any 1000/sec +# Limit the rate of outgoing traffic to any destination on WAN to 1000 packets per second +set security rate-limiting rule destination-address HOME-rule any 500/sec +# Limit the rate of outgoing traffic to any destination on home network to 500 packets per second +set security rate-limiting rule destination-address GUEST-rule any 300/sec +# Limit the rate of outgoing traffic to any destination on guest network to 300 packets per second +set security rate-limiting rule destination-address IOT-rule any 200/sec +# Limit the rate of outgoing traffic to any destination on IoT network to 200 packets per second +set security rate-limiting rule destination-address ENTERTAINMENT-rule any 150/sec +# Limit the rate of outgoing traffic to any destination on entertainment network to 150 packets per second +set security rate-limiting rule destination-address MGMT-rule any 100/sec +# Limit the rate of outgoing traffic to any destination on management network to 100 packets per second +set security rate-limiting rule destination-address INFRA-rule any 50/sec +# Limit the rate of outgoing traffic to any destination on infrastructure network to 50 packets per second \ No newline at end of file -- 2.49.1