Junos Security

The course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.

After successfully completing this course, you should be able to perform the following:

• Describe traditional routing and security.
• Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
• Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
• Describe, configure, and monitor zones.
• Describe, configure, and monitor security policies.
• Troubleshoot security zones and policies.
• Describe, configure, and monitor NAT, as implemented on Junos security platforms.
• Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
• Implement and monitor route-based IPsec VPNs.
• Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
• Troubleshoot IPsec VPNs.
• Describe, configure, and monitor chassis clusters.
• Troubleshoot chassis clusters.

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

• Traditional Routing and Security
• Architecture Overview of Junos Security Devices
• Logical Packet Flow through Junos Security Devices
• J-Web Overview

Chapter 3: Zones and Screen Options

• Zones Overview
• Zone Configuration
• Monitoring Security Zones
• Configuring Screen Options
• Screen Options Case Study
• LAB 1: Zones and Screen Options

Chapter 4: Security Policies

• Security Policy Overview
• Policy Components
• Security Policy Configuration in J-Web
• Policy Case Study (CLI)
• Policy Case Study (J-Web)
• LAB 2: Security Policies

Chapter 5: Advanced Security Policy

• Session Management
• Junos ALGs
• Policy Scheduling
• Logging
• Advanced Security Policy
• Lab 3: Advanced Policy Options

Chapter 6. Troubleshooting Zones and Policies

• General Troubleshooting for Junos Devices
• Troubleshooting Tools
• Troubleshooting Zones and Policies
• Zone and Policy Case Studies
• Lab 4: Troubleshooting Security Zones and Policies

Chapter 7. Network Address Translation

• NAT Overview
• Source NAT
• Destination NAT
• Static NAT
• Proxy ARP
• Lab 5: Network Address Translation

Chapter 8. Advanced NAT

• Persistent NAT
• DNS Doctoring
• IPv6 with NAT
• Advanced NAT Scenarios
• Troubleshooting NAT
• Lab 6: Advanced NAT

Chapter 9. IPsec VPN Concepts

• VPN Types
• Secure VPN Requirements
• IPsec Tunnel Establishmen
• IPsec Traffic Processing

Chapter 10. IPsec VPN Implementation

• IPsec VPN Configuration
• IPsec VPN Case Study
• Proxy IDs and Traffic Selectors
• Monitoring IPsec VPNs
• Lab 7: Implementing IPsec VPNs

Chapter 11.  Hub-and-Spoke VPNs

• Hub-and-Spoke VPN Overview
• Hub-and-Spoke Configuration and Monitoring
• Lab 8: Hub-and-Spoke VPNs

Chapter 12. Group VPNs

• Group VPN Overview
• Group VPN Configuration and Monitoring
• Lab 9: Group VPNs

Chapter 13. PKI and ADVPNs

• Public Key Infrastructure Overview
• PKI Configuration
• ADVPN Overview
• ADVPN Configuration and Monitoring
• Lab 10: PKI and ADVPNs

Chapter 14. Advanced IPsec

• NAT with IPsec
• Class of Service with IPsec
• Best Practices
• Routing OSPF over IPsec
• IPsec with Overlapping Addresses
• IPsec with Dynamic Gateway IP Addresses
• Lab 11: Advanced IPsec VPN Solutions

Chapter 15. Troubleshooting IPsec

• IPsec Troubleshooting Overview
• Troubleshooting IKE Phase 1 and 2
• IPsec Logging
• IPsec Case Studies
• Lab 12: Troubleshooting IPsec

Chapter 16. Chassis Cluster Concepts

• Chassis Clustering Overview
• Chassis Cluster Components
• Chassis Cluster Operation

Chapter 17. Chassis Cluster Implementation

• Chassis Cluster Configuration
• Advanced Chassis Cluster Options
• Lab 14: Implementing Chassis Clusters

Chapter 18. Troubleshooting Chassis Clusters

• Troubleshooting Chassis Clusters
•  Chassis Cluster Case Studies
• Lab 14: Troubleshooting Chassis Clusters

Appendix A. SRX Series Hardware

• Branch SRX Platform Overview
• Mid-Range SRX Platform Overview
• High-End SRX Platform Overview
• SRX Traffic Flow and Distribution
• SRX Interfaces

Appendix B. Virtual SRX

• Virtualization Overview
• Network Virtualization and SDN
• Overview of the Virtual SRX
• Deployment Scenarios
• Integration with AWS

Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.

• This course is recommended training for the Juniper Networks Certified Specialist Security (JNCIS-SEC) exam

• Advanced Junos Security (AJSEC)

• AJSEC - Advanced Junos Security