AJSEC Advanced Junos Security

This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with SRX Services Gateway devices. Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring advanced security features of the Junos operating system.

After successfully completing this course, students should be able to:

• Understand Junos security handling at Layer 2 versus Layer 3
• Understand the placement and traffic distribution of the various components of SRX Series devices
• Configure, utilize, and monitor the various interface types available to the SRX Series product line
• Understand Junos OS processing of Application Layer Gateways (ALG)
• Alter the Junos default behavior of ALG and application processing
• Implement address books with dynamic addressing
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
• Implement virtual routing-instances
• Selectively forward traffic between virtual routing-instances
• Implement policy-based routing
• Describe and implement static, source, destination, and dual Network Address Translation (NAT)
• Describe the interaction between NAT and security policy
• Implement NAT traversal
• Implement and monitor optimized chassis clustering
• Understand IPv6 support for chassis clusters
• Describe the Junos server load-balancing feature
• Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs
• Monitor the operations of the various IP Security (IPsec) VPN implementations
• Describe, implement, and monitor Group VPNs in an enterprise environment
• Describe, implement, and monitor Dynamic VPNs in an enterprise environment
• Utilize IPsec VPN tunnels with OSPF
• Implement dynamic VPNs
• Describe some IPsec VPN best practices for the Enterprise
• Understand and utilize Junos tools for troubleshooting Junos security implementations
• Utilize a sound methodology for troubleshooting Junos security issues
• Become familiar with the successful troubleshooting of common Junos Security issues

Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and/or maintaining the Juniper Networks products covered in this course.

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Day 1

Chapter 1: Course Introduction

Chapter 2: Junos Security Review

• Junos OS Security Components
• Layer 2 Versus Layer 3 Packet Handling
• Data Center and Branch Deployments

Chapter 3: SRX Series Hardware and Interfaces

• Branch Platform Overview
• Data Center Platform Overview
• Traffic Flow and Distribution
• SRX Series Interfaces

Chapter 4: Advanced Security Policy

• Junos OS ALGs
• Custom Application Definitions
• Advanced Policy Design
• Dynamic Addressing
• Policy Logging
• DNS Doctoring

Day 2

Chapter 5: Virtualization

• Junos Routing Instances
• Forwarding Between Instances
• Filter-based Forwarding and Policy-based Routing

Chapter 6: Advanced NAT Concepts

• NAT Interaction with Policy and ALGs
• Junos NAT Implementation Review
• Cone NAT
• Multitenant NAT
• IPv4-to-IPv6 NAT

Chapter 7: High Availability

• Chassis Clustering Implementations
• Monitoring Chassis Clusters
• Advanced HA Topics

Day 3

Chapter 8: IPsec Implementations

• Standard VPN Implementations Review
• Public Key Infrastructure
• Hub-and-Spoke VPNs
• Group VPNs

Chapter 9: Enterprise IPsec Technologies: Group and Dynamic VPNs

• Group VPN Overview
• GDOI Protocol
• Group VPN Configuration and Monitoring
• Dynamic VPN Overview
• Dynamic VPN Implementation

Chapter 10: IPsec VPN Case Studies and Solutions

• Routing over VPNs
• NAT with IPsec
• Enterprise VPN Deployment Best Practices

Chapter 11: Troubleshooting Junos Security

• Troubleshooting Tools
• Troubleshooting Methodology
• Case Study A
• Case Study B

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the "Introduction to the Junos Operating System (IJOS)], [[http://www.dwwtc.com/outline/juniper/jre | Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.

All courses are available as open-enrollment Classroom events, instructor-led Live Virtual Classes, REAL-ILT™ or as custom Onsite Training for up to 16 students.