ASRX Advanced Junos Routing and Security

This five-day compressed course delves deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with SRX Services Gateway devices. Students will also learn the tools required for implementing, monitoring, and troubleshooting Layer 3 components in an enterprise network. Detailed coverage of OSPF, BGP, class of service (CoS), and multicast is strongly emphasized.

Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos operating system and in monitoring device and protocol operations.

After successfully completing this course, students should be able to:

• Understand Junos security handling at Layer 2 versus Layer 3
• Understand the placement and traffic distribution of the various components of SRX Series devices
• Configure, utilize, and monitor the various interface types available to the SRX Series product line
• Understand Junos OS processing of Application Layer Gateways (ALG)
• Alter the Junos default behavior of ALG and application processing
• Implement address books with dynamic addressing
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
• Implement virtual routing-instances
• Selectively forward traffic between virtual routing-instances
• Implement policy-based routing
• Describe and implement static, source, destination, and dual Network Address Translation (NAT)
• Describe the interaction between NAT and security policy
• Implement NAT traversal
• Implement and monitor optimized chassis clustering
• Understand IPv6 support for chassis clusters
• Describe the Junos server load-balancing feature
• Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs
• Monitor the operations of the various IP Security (IPsec) VPN implementations
• Describe, implement, and monitor Group VPNs in an enterprise environment
• Describe, implement, and monitor Dynamic VPNs in an enterprise environment
• Utilize IPsec VPN tunnels with OSPF
• Implement dynamic VPNs
• Describe some IPsec VPN best practices for the Enterprise
• Understand and utilize Junos tools for troubleshooting Junos security implementations
• Utilize a sound methodology for troubleshooting Junos security issues
• Become familiar with the successful troubleshooting of common Junos Security issues
• Describe OSPF area types and operations
• Configure various OSPF area types
• Summarize and restrict routes
• Describe basic BGP operation
• Explain the route selection process for BGP
• Configure advanced options for BGP peers
• Manipulate BGP attributes using routing policy
• Describe common routing policies used in the enterprise environment
• Implement a routing policy for inbound and outbound traffic using BGP
• Describe the various CoS components and their respective functions
• Explain the CoS processing along with CoS defaults on SRX Series Services Gateways devices
• Implement some CoS features in an enterprise environment
• Identify the components of IP multicast
• Describe the need for reverse path forwarding (RPF) in multicast
• Configure and monitor Internet Group Management Protocol (IGMP)
• Identify common multicast routing protocols
• Describe rendezvous point (RP) discovery options
• Configure and monitor Protocol Independent Multicast-Sparse Mode (PIM-SM)
• Configure and monitor RP discovery mechanisms
• Describe the basic requirements, benefits, and caveats of source-specific multicast (SSM)
• Configure and monitor SSM

Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and/or maintaining the Juniper Networks products covered in this course.

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Day 1

AJSEC Chapter 1: Course Introduction

AJSEC Chapter 2: Junos Security Review

• Junos OS Security Components
• Layer 2 Versus Layer 3 Packet Handling
• Data Center and Branch Deployments

AJSEC Chapter 3: SRX Series Hardware and Interfaces

• Branch Platform Overview
• Data Center Platform Overview
• Traffic Flow and Distribution
• SRX Series Interfaces

AJSEC Chapter 4: Advanced Security Policy

• Junos OS ALGs
• Custom Application Definitions
• Advanced Policy Design
• Dynamic Addressing
• Policy Logging
• DNS Doctoring

Day 2

AJSEC Chapter 5: Virtualization

• Junos Routing Instances
• Forwarding Between Instances
• Filter-based Forwarding and Policy-based Routing

AJSEC Chapter 6: Advanced NAT Concepts

• NAT Interaction with Policy and ALGs
• Junos NAT Implementation Review
• Cone NAT
• Multitenant NAT
• IPv4-to-IPv6 NAT

AJSEC Chapter 7: High Availability

• Chassis Clustering Implementations
• Monitoring Chassis Clusters
• Advanced HA Topics

Day 3

AJSEC Chapter 8: IPsec Implementations

• Standard VPN Implementations Review
• Public Key Infrastructure
• Hub-and-Spoke VPNs
• Group VPNs

AJSEC Chapter 9: Enterprise IPsec Technologies: Group and Dynamic VPNs

• Group VPN Overview
• GDOI Protocol
• Group VPN Configuration and Monitoring
• Dynamic VPN Overview
• Dynamic VPN Implementation

AJSEC Chapter 10: IPsec VPN Case Studies and Solutions

• Routing over VPNs
• NAT with IPsec
• Enterprise VPN Deployment Best Practices

AJSEC Chapter 11: Troubleshooting Junos Security

• Troubleshooting Tools
• Troubleshooting Methodology
• Case Study A
• Case Study B

AJER Chapter 2: OSPF

• OSPFv2 Review
• Link State Advertisements
• Protocol Operations
• OSPF Authentication

AJER Chapter 3: OSPF Areas

• Review of OSPF Areas
• Stub Area Operation
• Stub Area Configuration
• NSSA Operation
• NSSA Configuration
• Route Summarization

AJER Chapter 4: OSPF Case Studies and Solutions

• Transitioning to OSPF from a Different IGP
• External Reachability
• Virtual Links
• Multiarea Adjacency

Day 4

AJER Chapter 5: BGP

• Review of BGP
• BGP Operations
• BGP Path Selection and Options
• Configuration Options

AJER Chapter 6: BGP Attributes and Policy

• BGP Policy
• Next Hop
• Origin and MED
• AS Path
• Local Preference
• Communities

AJER Chapter 7: Enterprise Routing Policies

• Topology-Driven Routing Policy
• Primary/Secondary Routing Policy
• Load-Shared Per Prefix Routing Policy

Day 5

AJER Chapter 8: Class of Service

• Review of CoS Components
• CoS Processing and Feature Overview
• Policing
• Virtual Channels

AJER Chapter 9: Introduction to Multicast

• Overview of Multicast
• Multicast Addresses
• Reverse Path Forwarding
• Internet Group Management Protocol

AJER Chapter 10: Multicast Routing Protocols and SSM

• Overview of Multicast Routing Protocols
• PIM-SM
• Source-Specific Multicast

Before attending this course, students should have already attended these course ==OR== have equivalent knowledge with Junos Routing principles and Junos Security best practices:

• JRE

• JIR

• JSEC