PRODUCT CENTRIC >> JUNIPER NETWORKS >> FIREWALL / VPN (FWV)
....................................................................................................
Juniper NetScreen Firewall / VPN (FWV) Certification Track & Course Details

Certification Level

Firewall / VPN

JNCIS – Juniper Networks Certified Internet Specialist

INHN
NAVI
NMTP

JNCIA – Juniper Networks Certified Internet Associate

INSG

     Read about Juniper new courses and names


CERTIFICATION TRACK – JNCIA– FWV (CJFV)
 Configuring Juniper Networks Firewall/IPSec VPN Products (CJFV)
( Formerly-INSG)

Course No: EDU-JUN-CJFV
Length: 3 days
Cost: $2,500 (US)

Course Overview
This three-day course provides a broad overview of the firewall and VPN functions provided by ScreenOS-based products. Key topics include administrative configuration, Layer 2 and Layer 3 operations, basic and advanced policy features, network address translation, and VPN configuration and operations.

Target audience

Network engineers, support personnel, reseller support, and others responsible for implementing Juniper firewall products.

Prerequisites

This course assumes that students have basic networking knowledge and experience in the following areas:

  • Ethernet
  • Transparent Bridging
  • TCP/IP Operations
  • IP Addressing
  • IP Addressing

Course Contents

Day One
Introduction

  • ScreenOS Concepts, Terminology, and Platforms
    • Describe the requirements of a security device
    • Describe the ScreenOS Security Architecture
    • Describe the flow of a packet through a ScreenOS device
    • Select ScreenOS-based devices based on deployment requirement
  • Initial Connectivity
    • Describe the functions performed by different system components
    • Select a user interface based on business and task requirements
    • Establish connectivity to the ScreenOS device using best-practice recommendations
  • Device Management
    • Connect to external management devices
    • Manage license keys
    • Manage configuration and software image files
    • Perform disaster recovery procedures

Day Two

  • Layer 3 Operations
    • Layer 3 Operations
    • Explain the virtual router architecture
    • Configure static routes
    • Explain the use of a loopback interface
    • Configure a loopback interface
    • Configure interfaces for NAT or route mode
    • Verify and troubleshoot Layer 3 operations
  • Basic Policy Configuration
    • Review security policy functionality
    • Configure a basic security policy using the following elements
      • Address book entries and groups
      • Custom services and service groups
      • Multi-cell policies>
    • List potential problems associated with policy creation and modification
    • Configure global policy rules
    • Verifying policies
  • Policy Options
    • Configure policy options, including:
      • Traffic logging
      • Traffic counters
      • Scheduling
      • User Authentication
    • Verify operations of policy options
  • Address Translation
    • Discuss scenarios for policy-based translation
      • Unidirectional outbound
      • Unidirectional inbound
      • Bidirectional
    • Configure policy-based translation
      • NAT-src
      • NAT-dst
      • VIP
      • MIP

Day Three

  • Transparant Mode
    • Describe the advantages of Transparent Mode operation
    • Distinguish between transparent mode zones and interfaces and Layer 3 mode zones and interfaces
    • Use the VLAN1 interface to manage the ScreenOS device in Transparent Mode
  • VPN Concepts
    • Define virtual private network
    • List three security concerns and describe how to address them
    • List the components of the IPSec protocol suite
    • Explain the IKE protocol process for tunnel establishment
  • Policy Based VPNs
    • Define the term policy-based VPN
    • Identify the minimum components needed to configure a Policy-based VPN
    • Configure a IKE based VPN binding to Policies with:
      • Phase 1 Gateways
      • Phase 2 AutoKey IKE
      • Address and Service Books
    • Verify operations
  • Route Based VPNs
    • Explain the concepts of a route-based VPN
    • Configure route-based VPNs with the following options:
      • Fixed IP v Unnumbered IP
      • Proxy ID Settings
      • VPN Monitoring
    • Verify operations

CERTIFICATION TRACK – JNCIS – FWV (INHN, NAVI, NMTP)

Integrating Juniper Networks Firewall and VPNs into High-Performance Networks (IFVH)  - (Formerly INHN)

Course No: EDU-JUN-IFVH
Length: 3 days
Cost: $2,500 (US)

Course Overview

This three-day course focuses on the ScreenOS features that are typically required in large-scale networks, including dynamic routing, virtual systems, traffic shaping, and high availability. Upon completing this course, a student should be able to return to work and successfully install, configure, and verify that a ScreenOS-based device is interoperating in the network as desired. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting these advanced features of ScreenOS.

Target audience

Network engineers, support personnel, and reseller support.

Prerequisites

Completion of CJFV or equivalent product experience. Completion of SMF or equivalent product experience if using Security Manager. General networking knowledge, including Ethernet, TCP/IP, and routing concepts.

Course Contents

Day One: Introduction

  • ScreenOS Review
    • Review key ScreenOS configuration, including L3 operations and basic policy
    • Review troubleshooting commands and procedures
  • OSPF
    • OSPF Operations
    • OSPF Config
    • Verifying Operations
    • Route Redistribution
    • Summarization
  • BGP
    • BGP Operations
    • EBGP Configuration
    • Verifying Operations
    • IBGP Configuration
    • BGP Connectivity

Day Two

  • Advanced Static Routing
    • Source-Based Routing
    • Policy-Based Routing
    • Advanced Destination Routing
  • Multicast
    • IGMP Operations
    • IGMP Configuration
    • PIM-SM Operations
    • PIM-SM Configuration
  • Virtual Systems
    • VSYS Operations
    • VSYS Configuration -interface classification
    • Verifying Operations
    • VSYS Configuration - IP Classification
    • VSYS Configuration - Transparent Mode

Day Three

  • NSRP
    • NSRP Operations
    • NSRP Active/Passive Configuration
    • NSRP Active/Active Configuration
    • NSRP and VSYS
    • NSRP and Dynamic Routing
  • Traffic Shaping
    • Priority Queuing
    • Ingress Policing
    • DSCP Marking and Shaping

Advanced Juniper Networks IPSec VPN Implementations (AJVI)- (formerly NAVI)

Course No: EDU-JUN-AJVI
Length: 2 days
Cost: $2,000 (US)

Course Overview

This two-day course is a survey of various IPSec VPN configurations as well as alternatives (i.e. GRE), and includes instruction on deploying dynamic routing over VPNs. Upon completing this course, a student should be able to return to work and successfully install, configure, and verify that a ScreenOS-based device is functioning in a VPN configuration. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting the VPN designs discussed in class.

Target audience

Network engineers, support personnel, and reseller support.

Prerequisites

Completion of CJFV or equivalent product experience. Completion of SMF or equivalent product experience if using Security Manager. General networking knowledge, including Ethernet, TCP/IP, and routing concepts.

Course Contents

Day One: Introduction

  • ScreenOS VPN Review
    • Review policy-based VPN configuration
    • Review route-based VPN configuration
    • Review Security Manager VPN Manager
    • Review verification commands
    • Review troubleshooting tools
    • Describe and configure VPN Monitor
  • VPN Variations
    • Configure LAN-to-LAN VPN with a dynamic peer using ID
    • Configure LAN-to-LAN VPN with a dynamic peer using FQDN
    • Configure VPN with ScreenOS device in transparent mode
    • Configure VPN with ScreenOS device in transparent mode
  • Hub and Spoke VPNs
    • Describe the concept of a Hub and Spoke VPN
    • Describe different Hub and Spoke scenarios
    • Configure Hub and Spoke VPNs using the following scenarios:
      • Policy-based
      • Interfaces in same zone as protected resources (using NHTB)
      • Interfaces in different zones than protected resources
      • Centralized spoke-to-spoke control
    • Verify Configuration
  • Routing over VPNs
    • Explain dynamic routing operations over VPN links
    • Configure RIP over VPN links
    • Configure OSPF over VPN links

Day Two

  • Using Certificates
    • Define and explain the following concepts:
      • Public Key Cryptography
      • Digital Signatures
      • Digital Certificates
      • Public Key Cryptography Standard (PKCS)
      • Certification Authority (CA)
      • Certificate Revocation List (CRL)
      • Online Certificate Status Protocol (OCSP)
    • Acquire and load certificates and CRLs
    • Configure LAN-to-LAN IPSec VPN using certificates for authentication
  • Redundant VPN Gateways
    • Describe the functionality of the ScreenOS redundant VPN gateway feature
    • Configure redundant VPN gateways
    • Discuss other redundancy
  • GRE
    • Explain GRE technology and terminology
    • Discuss GRE applications
    • Configure GRE
    • Verify operations
  • Dial-Up VPNs
    • Discuss dial-up VPN options
      • Basic
      • Multiple tunnels/split tunneling
      • Group IKE ID
      • Shared IKE ID and XAUTH
    • Compare/contrast dial-up IPSec VPNs with SSL VPNs
    • Configure ScreenOS device for dial-up VPN connection
  • NetScreen-Remote
    • Introduce NetScreen-Remote VPN client product
    • Configure client for dial-up VPN connectivity

NetScreen Management, Troubleshooting, and Performance Tuning (NMTP)

Course No: EDU-NS-NMTP
Length: 2 days
Cost: $2,000 (US)

Course Overview

This two-day course focuses on advanced management and troubleshooting of NetScreen Firewall/VPN products. Through a combination of lecture and hands-on labs, students will learn to configure multiple management options for NetScreen Firewall/VPN products, including SYSLOG and SNMP. They will troubleshoot basic configuration, address translation, and VPNs using the embedded snoop and debug tools. They will be able to perform bandwidth management and allocation based on policy configuration. Finally, students will learn to configure NSRP.

Target audience

Network engineers, support personnel, reseller support, and others responsible for management and troubleshooting of NetScreen Firewall/VPN products.

Prerequisites

Completion of INSG or equivalent experience.
Basic networking knowledge and experience in the following areas:

  • Ethernet
  • Transparent Bridging
  • TCP/IP Operations
  • IP Addressing
  • Routing
  • Basic IPSec VPN deployments

Course Contents

Security Concepts Review

  • System Architecture
  • Packet data flow

Services and Management Tools

  • Securing management access
  • Configuring SNMP
  • Configuring SYSLOG

Troubleshooting Tools

  • "get" commands
  • Debug
  • Snoop

Troubleshooting Routing and Policies

  • Working examples
  • Broken examples

Troubleshooting Address Translation

  • Working examples
  • Broken examples

Troubleshooting VPNs

  • Working examples
  • Broken examples

Traffic Management

  • Priority queuing
  • Bandwidth allocation

NSRP

  • Operations
  • Active/Passive configuration
  • Tuning NSRP behavior

Security Manager Fundamentals (SMF)
(Formerly INSM)

Course No: EDU-JUN-SMF
Length: 2 days
Cost: $2,000 (US)

Overview
This two-day course discusses the basic operations of Security Manager. Key topics include server and domain administration, device configuration, template creation and management, policy creation and management, logging, and report generation. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of Security Manager.

Target audience

Target Audience

Network engineers, support personnel, reseller support, and others responsible for implementing Juniper firewall products.

Prerequisites

This course assumes that students have general networking knowledge, including Ethernet, TCP/IP, and routing concepts, and experience in the following areas:

  • Ethernet
  • Transparent bridging
  • TCP/IP operations
  • IP addressing

Course Contents

Day one

Introduction
Security Manager Concepts

  • Define Security Manager terms
  • Describe Security Manager architecture components
  • Explain Security Manager communications

Server Administration

  • List Security Manager daemons and describe their functionality
  • Describe Security Manager directory structure and files
  • Describe HA functionality and options
  • Use daemon commands to validate process operations

Domains and Administrators

  • Explain domain and sub-domains
  • Explain role-based administration
  • Configure subdomains and custom administrator roles
  • Configure administration authentication options

Adding Devices

  • Describe why/how to add a device to a domain
  • List and describe methods to add devices
  • Add devices to domain

Abstractions: Objects and Templates

  • Explain the concept of objects
  • List different types of objects available in Security Manager
  • Configure commonly-used objects
  • List the benefits of using templates
  • List elements that should not be configured via templates
  • Create and apply templates
  • Work with template overrides

Day Two

Policies

  • Describe components of a Security Manager policy
  • Create policies for firewall and IDP devices
  • Discuss best practices for policy import/merge/management

Managing Devices

  • Manage configurations between Security Manager and managed devices
  • Perform routine device management tasks
  • Logging and Reporting
    • Discuss the logging and reporting capabilities of Security Manager
    • Create custom log views
    • Export log data for use in external reporting systems
    • Use the Log Investigator to summarize attack information
    • Run and customize the built in reports
    • Use Action Manager

    Statstical Report Server

    • Describe the SRS architecture
    • Configure admin console to communicate with the GUI Server and Device Server
    • Set up users and user groups
    • Set up devices and device groups
    • Use the Web UI to generate reports
    • Manage the database

    VPNs

    • Describe Policy-based and Route-based VPNs
    • Describe Security Manager VPN Concepts
    • Describe 2 methods for configuring VPNs within Security Manager

    •  



























    Test Level

    Exam Information

    Description
    Juniper Networks Certified Internet Associate (JNCIA-FWV)
    • Exam code: JN0-520
    • Written exam administered at Prometric testing centers worldwide
    • Exam length: 60 minutes
    • Exam type: 60 multiple-choice questions
    • Passing grade: 70%
    • Scoring and pass/fail status is available immediately
    • Prerequisite certification: none
    • Recommended Training:

    Designed for experienced networking professionals with beginner to intermediate knowledge of Juniper Firewall/VPN products and ScreenOS software, this written exam verifies the candidate's basic understanding of Internet and security technology and related device configuration. JNCIA-FWV exam topics are based on the content of the Implementing NetScreen Security Gateways (INSG) instructor-led training course. This exam is NOT a prerequisite for the JNCIS-FWV certification.
    The JNCIA-FWV is valid for two years. Re-certification is achieved by passing the current version of the JNCIA-FWV exam.
     Exam topics include:
    Multilevel administration; routing, including dual-VR configuration; zone and policy configuration; address
    translation options; IPSec VPN technology and implementation
    Juniper Networks Certified Internet Specialist (JNCIS-FWV)

    The JNCIS-FWV is designed for networking professionals with advanced knowledge of, and experience with, Juniper Firewall/VPN products and ScreenOS software. The JNCIS-FWV exam tests for a wider and deeper level of knowledge than does the JNCIA-FWV exam. Sources of question content include all ScreenOS training courses, the NetScreen Firewall/VPN and ScreenOS documentation set, on-the-job product experience, as well as Internet technologies and design principles considered to be common knowledge at the Specialist level.
    The JNCIS- FWV is valid for two years. Re-certification is achieved by passing the current version of the JNCIS-FWV exams.
     Exam topics include:
    Device operations and packet flow; IPSec VPNs, including PKI, hub-and-spoke, transparent mode, dynamic,
    and overlapping address designs; NSRP; troubleshooting of policy, routing, and IPSec VPNs; traffic management; advanced management configurations; VLANs and virtual systems
    Note—In cases of identical topics in both the JNCIA-FWV and JNCIS-FWV exam, questions are of a more advanced nature on the JNCIS-FWV exam.

    		 

    Download PDF version -  Firewall/VPN (FWV)
    		 

     

    Dec 2006 Spectrum wins 2 prestigious awards at the Juniper Technology Summit hosted in Europe. {More}
     
     

     
     
     
    All rights reserved with Spectrum. Site best viewed in 1024x76. Designed and maintened by VIVID REALITY