Junos Security – (JNCIS-SEC) Course
Course Description
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and chassis clustering.
Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component.
This course is based on Junos OS Release 17.4R1.16 and the vSRX virtual appliance.
Audience Profile
- Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices
- Anyone seeking JNCIS-SEC certification
Prerequisites
Introduction to the Junos Operating Systems (IJOS)
Learning Objectives
After successfully completing this course, you should be able to perform the following:
- Describe traditional routing and security and the current trends in internetworking.
- Provide an overview of SRX Series devices and software architecture.
- Describe the logical packet flow and session creation performed by SRX Series devices.
- Describe, configure, and monitor zones.
- Describe, configure, and monitor security policies.
- Describe, configure, and monitor user firewall authentication
- Describe various types of network attacks.
- Configure and monitor Screen options to prevent network attacks.
- Explain, implement, and monitor NAT, as implemented on Junos security platforms.
- Explain the purpose and mechanics of IP Security (IPsec) virtual private networks
(VPNs). - Implement and monitor policy-based and route-based IPsec VPNs.
- Describe, configure, and monitor high availability chassis clusters.
- Describe how to deploy and manage vSRX.
- Describe and configure Group VPNs.
- Describe and configure ADVPNs.
- Troubleshoot chassis clusters, IPsec VPNs, zones, and Security Policies
Course Outline
Course Introduction
Introduction to Junos Security
- Traditional Routing and Security
- Architecture Overview of Junos Security Devices
- Logical Packet Flow through Junos Security Devices
- J-Web Overview
Zones and Screen Options
- Zones Overview
- Zone Configuration
- Monitoring Security Zones
- Configuring Screen Options
- Screen Options Case Study
Security Policies
- Security Policy Overview
- Policy Components
- Security Policy Configuration in J-Web
- Policy Case Study (CLI)
- Policy Case Study (J-Web)
Advanced Security Policy
- Session Management
- Junos ALGs
- Policy Scheduling
- Logging
- Advanced Security Policy
Troubleshooting Zones and Policies
- General Troubleshooting for Junos Devices
- Troubleshooting Tools
- Troubleshooting Zones and Policies
- Zone and Policy Case Studies
Network Address Translation
- NAT Overview
- Source NAT
- Destination NAT
- Static NAT
- Proxy ARP
Advanced NAT
- Persistent NAT
- DNS Doctoring
- IPv6 with NAT
- Advanced NAT Scenarios
- Troubleshooting NAT
IPsec VPN Concepts
- VPN Types
- Secure VPN Requirements
- IPsec Tunnel Establishment
- IPsec Traffic Processing
IPsec VPN Implementation
- IPsec VPN Configuration
- IPsec VPN Case Study
- Proxy IDs and Traffic Selectors
- Monitoring IPsec VPNs
Hub-and-Spoke VPNs
- Hub-and-Spoke VPN Overview
- Hub-and-Spoke Configuration and Monitoring
Group VPNs
- Group VPN Overview
- Group VPN Configuration and Monitoring
PKI and ADVPNs
- Public Key Infrastructure Overview
- PKI Configuration
- ADVPN Overview
- ADVPN Configuration and Monitoring
Advanced IPsec
- NAT with IPsec
- Class of Service with IPsec
- Best Practices
- Routing OSPF over IPsec
- IPsec with Overlapping Addresses
- IPsec with Dynamic Gateway IP Addresses
Troubleshooting IPsec
- IPsec Troubleshooting Overview
- Troubleshooting IKE Phase 1 and 2
- IPsec Logging
- IPsec Case Studies
Chassis Cluster Concepts
- Chassis Clustering Overview
- Chassis Cluster Components
- Chassis Cluster Operation
Chassis Clutter Implementation
- Chassis Cluster Configuration
- Advanced Chassis Cluster Options
Troubleshooting Chassis Clusters
- Troubleshooting Chassis Clusters
- Chassis Cluster Case Studies
SRX Series Hardware
- Branch SRX Platform Overview
- Mid-Range SRX Platform Overview
- High-End SRX Platform Overview
- SRX Traffic Flow and Distribution
- SRX Interfaces
Virtual SRX
- Virtualization Overview
- Network Virtualization and SDN
- Overview of the Virtual SRX
- Deployment Scenarios
- Integration with AWS
LAB 1: Zones and Screen Options
LAB 2: Security Policies
Lab 3: Advanced Policy Options
Lab 4: Troubleshooting Security Zones and Policies
Lab 5: Network Address Translation
Lab 6: Advanced NAT
Lab 7: Implementing IPsec VPNs
Lab 8: Hub-and-Spoke VPNs
Lab 9: Group VPNs
Lab 10: PKI and ADVPNs
Lab 11: Advanced IPsec VPN Solutions
Lab 12: Troubleshooting IPsec
Lab 13: Implementing Chassis Clusters
Lab 14: Troubleshooting Chassis Clusters