JSEC : JUNOS Security

  • Duration: 5 Days
  • Test Level: Intermediate
  • Certifications: JNCIS-SEC
  • Price: USD 4000
  • Exams: JN0-333
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include: security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and high availability clusters, as well as how to implement these features by using Junos Space and Security Director.

Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. The course also includes some hands-on labs that use Junos Space and Security Director to configure and manage Junos security devices.

This course is based on Junos OS Release 15.1X49-D70, vSRX 2.0, Junos Space 16.1R1, and Security Director 16.1R1.
This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
After successfully completing this course, you should be able to:

Describe traditional routing and security.
Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
Describe, configure, and monitor zones.
Describe, configure, and monitor security policies.
Troubleshoot security zones and policies.
Describe, configure, and monitor NAT, as implemented on Junos security platforms.
Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
Implement and monitor route-based IPsec VPNs.
Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
Troubleshoot IPsec VPNs.
Describe, configure, and monitor chassis clusters.
Troubleshoot chassis clusters.

Day 1

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

  • Traditional Routing and Security
  • Architecture Overview of Junos Security Devices
  • Logical Packet Flow through Junos Security Devices
  • Junos Space and Security Director Overview

Chapter 3: Zones and Screen Options

  • The Definition of Zones
  • Zone Configuration
  • Monitoring Security Zones
  • Configuring Screen Options
  • Screen Options Case Study
  • Lab 1: Zones and Screen Options

Chapter 4: Security Policies

  • Security Policy Overview
  • Policy Components
  • Policy Case Study
  • Lab 2: Security Policies

Chapter 5: Security Director Firewall Policies

  • Firewall Policy Configuration
  • Firewall Policy Processing Order
  • Deploying Firewall Policies
  • Monitoring Firewall Policies
  • Lab 3: Security Director Firewall Policies

Day 2

Chapter 6: Advanced Security Policy

  • Session Management
  • Junos ALGs
  • Policy Scheduling
  • Logging
  • Advanced Security Policy with Security Director
  • Lab 4: Advanced Policy Options

Chapter 7: Troubleshooting Zones and Policies

  • General Troubleshooting for Junos Devices
  • Troubleshooting Tools
  • Troubleshooting Zones and Policies
  • Zone and Policy Case Studies
  • Lab 5: Troubleshooting Security Zones and Policies

Chapter 8: Network Address Translation

  • NAT Overview
  • Source NAT
  • Destination NAT
  • Static NAT
  • Proxy ARP
  • Configuring NAT in Security Director
  • Lab 6: Network Address Translation

Chapter 9: Advanced NAT

  • Persistent NAT
  • DNS Doctoring
  • IPv6 with NAT
  • Advanced NAT Scenarios
  • Troubleshooting NAT
  • Lab 7: Advanced NAT

Day 3

Chapter 10: IPsec VPN Concepts

  • VPN Types
  • Secure VPN Requirements
  • IPsec Tunnel Establishment
  • IPsec Traffic Processing

Chapter 11: IPsec VPN Implementation

  • IPsec VPN Configuration
  • IPsec VPN Configuration Case Study
  • Proxy IDs and Traffic Selectors
  • Monitoring IPsec VPNs
  • Lab 8: Implementing IPsec VPNs

Chapter 12: Hub-and-Spoke VPNs

  • Hub-and-Spoke VPN Overview
  • Hub-and-Spoke Configuration and Monitoring
  • Hub-and-Spoke Configuration with Security Director
  • Lab 9: Implementing Hub-and-Spoke VPNs

Chapter 13: Group VPNs

  • Group VPN Overview
  • Group VPN Configuration and Monitoring
  • Lab 10: Implementing Group VPNs

Day 4

Chapter 14: PKI and ADVPNs

  • Public Key Infrastructure
  • ADVPN Overview
  • ADVPN Configuration and Monitoring
  • Lab 11: Implementing PKI and ADVPNs

Chapter 15: Advanced IPsec

  • NAT with IPsec
  • Class of Service with IPsec
  • Enterprise Best Practices
  • Routing OSPF over IPsec
  • IPsec with Overlapping Addresses
  • IPsec with Dynamic Gateway IP Addresses
  • Lab 12: Advanced IPsec VPN Scenarios

Chapter 16: Troubleshooting IPsec

  • IPsec Troubleshooting Overview
  • Troubleshooting IKE Phase 1 and 2
  • IPsec Logging
  • IPsec Case Studies
  • Lab 13: Troubleshooting IPsec

Chapter 17: Chassis Cluster Concepts

  • Chassis Clustering Overview
  • Chassis Cluster Components
  • Chassis Cluster Operation

Day 5

Chapter 18: Chassis Cluster Implementation

  • Chassis Cluster Configuration
  • Advanced Chassis Cluster Options
  • Lab 14: Implementing High Availability Techniques

Chapter 19: Troubleshooting Chassis Clusters

  • Troubleshooting Chassis Clusters
  • Chassis Cluster Case Studies
  • Lab 15: Troubleshooting Chassis Clusters

Appendix A: SRX Series Hardware and Interfaces

  • Branch SRX Platform Overview
  • High-End SRX Platform Overview
  • SRX Traffic Flow and Distribution
  • SRX Interfaces

Appendix B: Virtual SRX

  • Virtualization Overview
  • Network Virtualization and SDN
  • Overview of the Virtual SRX
  • Deployment Scenarios
  • Integration with AWS
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.