Microsoft Course Lists
JSEC : JUNOS Security
- Duration: 5 Days
- Test Level: Intermediate
- Certifications: JNCIS-SEC
- Price: USD 4000
- Exams: JN0-333
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include: security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and high availability clusters, as well as how to implement these features by using Junos Space and Security Director.
Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. The course also includes some hands-on labs that use Junos Space and Security Director to configure and manage Junos security devices.
This course is based on Junos OS Release 15.1X49-D70, vSRX 2.0, Junos Space 16.1R1, and Security Director 16.1R1.
This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
After successfully completing this course, you should be able to:
• Describe traditional routing and security.
• Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
• Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
• Describe, configure, and monitor zones.
• Describe, configure, and monitor security policies.
• Troubleshoot security zones and policies.
• Describe, configure, and monitor NAT, as implemented on Junos security platforms.
• Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
• Implement and monitor route-based IPsec VPNs.
• Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
• Troubleshoot IPsec VPNs.
• Describe, configure, and monitor chassis clusters.
• Troubleshoot chassis clusters.
Day 1
Chapter 1: Course Introduction
Chapter 2: Introduction to Junos Security
- Traditional
Routing and Security
- Architecture
Overview of Junos Security Devices
- Logical
Packet Flow through Junos Security Devices
- Junos
Space and Security Director Overview
Chapter 3: Zones and Screen Options
- The
Definition of Zones
- Zone
Configuration
- Monitoring
Security Zones
- Configuring
Screen Options
- Screen
Options Case Study
- Lab
1: Zones and Screen Options
Chapter 4: Security Policies
- Security
Policy Overview
- Policy
Components
- Policy
Case Study
- Lab
2: Security Policies
Chapter 5: Security Director Firewall Policies
- Firewall
Policy Configuration
- Firewall
Policy Processing Order
- Deploying
Firewall Policies
- Monitoring
Firewall Policies
- Lab
3: Security Director Firewall Policies
Day 2
Chapter 6: Advanced Security Policy
- Session
Management
- Junos
ALGs
- Policy
Scheduling
- Logging
- Advanced
Security Policy with Security Director
- Lab
4: Advanced Policy Options
Chapter 7: Troubleshooting Zones and Policies
- General
Troubleshooting for Junos Devices
- Troubleshooting
Tools
- Troubleshooting
Zones and Policies
- Zone
and Policy Case Studies
- Lab
5: Troubleshooting Security Zones and Policies
Chapter 8: Network Address Translation
- NAT
Overview
- Source
NAT
- Destination
NAT
- Static
NAT
- Proxy
ARP
- Configuring
NAT in Security Director
- Lab
6: Network Address Translation
Chapter 9: Advanced NAT
- Persistent
NAT
- DNS
Doctoring
- IPv6
with NAT
- Advanced
NAT Scenarios
- Troubleshooting
NAT
- Lab
7: Advanced NAT
Day 3
Chapter 10: IPsec VPN Concepts
- VPN
Types
- Secure
VPN Requirements
- IPsec
Tunnel Establishment
- IPsec
Traffic Processing
Chapter 11: IPsec VPN Implementation
- IPsec
VPN Configuration
- IPsec
VPN Configuration Case Study
- Proxy
IDs and Traffic Selectors
- Monitoring
IPsec VPNs
- Lab
8: Implementing IPsec VPNs
Chapter 12: Hub-and-Spoke VPNs
- Hub-and-Spoke
VPN Overview
- Hub-and-Spoke
Configuration and Monitoring
- Hub-and-Spoke
Configuration with Security Director
- Lab
9: Implementing Hub-and-Spoke VPNs
Chapter 13: Group VPNs
- Group
VPN Overview
- Group
VPN Configuration and Monitoring
- Lab
10: Implementing Group VPNs
Day 4
Chapter 14: PKI and ADVPNs
- Public
Key Infrastructure
- ADVPN
Overview
- ADVPN
Configuration and Monitoring
- Lab
11: Implementing PKI and ADVPNs
Chapter 15: Advanced IPsec
- NAT
with IPsec
- Class
of Service with IPsec
- Enterprise
Best Practices
- Routing
OSPF over IPsec
- IPsec
with Overlapping Addresses
- IPsec
with Dynamic Gateway IP Addresses
- Lab
12: Advanced IPsec VPN Scenarios
Chapter 16: Troubleshooting IPsec
- IPsec
Troubleshooting Overview
- Troubleshooting
IKE Phase 1 and 2
- IPsec
Logging
- IPsec
Case Studies
- Lab
13: Troubleshooting IPsec
Chapter 17: Chassis Cluster Concepts
- Chassis
Clustering Overview
- Chassis
Cluster Components
- Chassis
Cluster Operation
Day 5
Chapter 18: Chassis Cluster Implementation
- Chassis
Cluster Configuration
- Advanced
Chassis Cluster Options
- Lab
14: Implementing High Availability Techniques
Chapter 19: Troubleshooting Chassis Clusters
- Troubleshooting
Chassis Clusters
- Chassis
Cluster Case Studies
- Lab
15: Troubleshooting Chassis Clusters
Appendix A: SRX Series Hardware and Interfaces
- Branch
SRX Platform Overview
- High-End
SRX Platform Overview
- SRX
Traffic Flow and Distribution
- SRX
Interfaces
Appendix B: Virtual SRX
- Virtualization
Overview
- Network
Virtualization and SDN
- Overview
of the Virtual SRX
- Deployment
Scenarios
- Integration with AWS
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.
