Duration: 3 Days
In this course, you will go deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with Juniper Networks SRX Series Services Gateways. Through demonstrations and hands-on labs, you will gain experience configuring and monitoring advanced security features of the Junos operating system.
Certification:
JNCIP-SEC
What You Will Learn
- Security supported by the Junos OS
- Junos security handling at Layer 2 vs. Layer 3
- Placement and traffic distribution of the various components of SRX devices
- Configure, utilize, and monitor the various interface types available to the SRX Series product line
- Junos OS processing of Application Layer Gateways (ALGs)
- Alter the Junos default behavior of ALG and application processing
- Implement address books with dynamic addressing
- Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
- Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
- Junos routing instance types used for virtualization
- Implement virtual routing instances
- Configure route sharing between routing instances using logical tunnel interfaces
- Implement selective packet-based forwarding
- Implement filter-based forwarding
- Implement static, source, destination, and dual NAT in complex LAN environments
- Implement variations of cone or persistent NAT
- Interaction between NAT and security policy
- Implement optimized chassis clustering
- IP version 6 (IPv6) support for chassis clusters
- Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs
- Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls
- Monitor the operations of the various IPsec VPN implementations
- Public key cryptography for certificates
- Junos tools for troubleshooting Junos security implementations
- Perform successful troubleshooting of some common Junos security issues
Audience
Network technicians and engineers responsible for implementing, monitoring, and troubleshooting Junos security components.
Prerequistes
- Introduction to the Junos Operating System (IJOS)
- Junos Routing Essentials (JRE)
- Junos Security (JSEC)
Course Outline
1. Junos Security Review
- Junos Security Components
- Selective Packet-Based Forwarding
- Junos Layer 2 Packet Handling
2. Security Policy Components
- Application Layer Gateways (ALGs)
- Junos ALGs
- Custom Application Definitions
- Advanced Addressing
- Policy Matching
3. Virtualization
- Routing Instances
- Filter-Based Forwarding
4. Advanced NAT Concepts
- Beyond Layer 3 and Layer 4 Headers
- Advanced NAT Scenarios
5. High Availability Clustering
- High Availability
- Chassis Clustering Implementations
- Advanced HA Topics
6. IPsec Implementations
- Standard VPN Implementations
- Public Key Infrastructure
- Hub-and-Spoke VPNs
7. Enterprise IPsec Technologies
- Group VPN
- GDOI Protocol
- Group VPN Configuration and Monitoring
- Dynamic VPN Implementation
8. IPsec VPN Case Studies and Solutions
- Routing over VPNs
- IPsec with Overlapping Addresses
- Dynamic Gateway IP Addresses
- Enterprise VPN Deployment Tips and Tricks
9. Troubleshooting Junos Security
- Troubleshooting Methodology
- Troubleshooting Tools
- Identifying IPsec Issues
10. SRX Series Hardware and Interfaces
- Branch SRX Platform
- High End SRX Platform
- SRX Traffic Flow and Distribution
- SRX Interfaces
Course Labs
Lab 1: Selective Forwarding
Lab 2: Implementing Advanced Security Policy
Lab 3: Implementing Junos Virtual Routing
Lab 4: Advanced NAT Implementations
Lab 5: Implementing Advanced High Availability Techniques
Lab 6: Hub-and-Spoke IPsec VPNs
Lab 7: Configuring Group VPNs
Lab 8: OSPF over GRE over IPsec VPNs
Lab 9: Performing Security Troubleshooting Techniques