ISG Complete

This 5-day course covers the majority of features available on Juniper ISG Integrated Products including basic Firewall, Security Manager and Intrusion Detection and Prevention available on the ISG platform.This combination of 3 Juniper courses teaches configuration of the ScreenOS products in a variety of situations including administrative access, firewall policies and options, attack prevention, address translation, and VPN implementations.

Students will have the opportunity to configure ISG devices in a wide range of scenarios using most features.

• Introduction to ScreenOS CLI
• Configure Administrative setting
• Configure communications w/ external devices
• Perform disaster recovery procedure
• Configuring Interfaces
• Configuring Policy based/Route-based VPNs
• Advanced Policy Configuration
• Define terminology used when deploying Network & Security Manager
• Describe the components of Network Security Manager
• Server Administration
• Describe the NSM architecture and daemons that run NSM
• Domains and Administrators
• Create subdomains, administrators, and roles
• Add devices to a Domain using the four methods
• Manual
• Rapid Deployment (RD)
• Device Import
• Bulk Add
• Configure Zones and Interfaces
• Understand and configure three types of NAT on a device
• MIP, DIP, VIP, HA Cluster
• Abstraction: Objects, Template & Policies
• Virtual Private Networks and VPN Manager
• Managing Devices
• Monitoring, Logging and Reporting
• Statistical Report Server
• ISG 2000-IDP hardware architecture
• Describe packet data flows
• Use Security Manager to
• Create subdomains
• Add devices
• Configure device-specific settings
• Add address objects
• Intrusion Prevention Concepts
• Attack Prevention Policies
• Logging and Reporting
• Maintenance

Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and or maintaining the Juniper Networks products covered in this course.

Day 1

Course Introduction

NSMF Chapter 3: Server Administration

• Network and Security Manager Processes and Directory Structure
• High Availability
• Installation Overview–Network and Security Manager
• Installation Overview–NSMXpress
• NSM UI Installation
• NSM UI Overview
• Licensing

NSMF Chapter 4: Domains and Administrators

• Domains and Subdomains
• Role-Based Administration
• Configuration

NSMF Chapter 5: Adding Devices

• Scenarios and Methods
• Device Exists
• Device Does Not Yet Exist
• VSYS, Cluster, Extranet, Group
• Add Device Wizard
• Automatic Discovery

NSMF Chapter 6: Abstraction–Objects and Templates

• Objects
• Templates

NSMF Chapter 7: Abstraction–Policies

• What Is a Policy?
• Creating New Policies
• Merging Policies

Day 2

NSMF Chapter 8: Managing Devices

• Directives
• Configuring Devices
• Configuration Management
• Device Management

NSMF Chapter 9: Logging, Reporting, and Monitoring

• Logging
• Reporting
• Action Manager
• Monitoring

NSMF Chapter 10: Central Manager

• Central Manager
• Global Policy and Polymorphic Objects

CJFV Chapter 2: ScreenOS Concepts, Terminology, and Platforms

• Security Device Requirements
• ScreenOS Security Architecture
• Juniper Networks Platforms

CJFV Chapter 3: Initial Connectivity

• System Components
• Establishing Connectivity
• Verifying Connectivity

Day 3

CJFV Chapter 4: Device Management

• Management
• Recovery

CJFV Chapter 5: Layer 3 Operations

• Need for Routing
• Configuring Layer 3
• Verifying Layer 3
• Loopback Interface
• Interface-Based NAT

CJFV Chapter 6: Basic Policy Configuration

• Functionality
• Policy Configuration
• Common Problems
• Global Policy
• Verifying Policies

CJFV Chapter 7: Policy Options

• Overview
• Logging
• Counting
• Scheduling
• User Authentication

Day 4

CJFV Chapter 8: Address Translation

• Scenarios
• NAT-src
• NAT-dst
• VIP Addresses
• MIP Addresses

CJFV Chapter 9: Transparent Mode

• Description
• Configuration
• Verifying Operations

CJFV Chapter 10: VPN Concepts

• Concepts and Terminology
• IP Security

Day 5

CJFV Chapter 11: Policy-Based VPNs

• Configuration
• Verifying Operations

CJFV Chapter 12: Route-Based VPNs

• Concepts and Terminology
• Configuring VPNs
• Verifying IPv6 Operations

IAP Chapter 3: IDP Concepts

• Types of Attacks
• Functions and capabilities of network protection devices
• Attack detection and prevention methods

IAP Chapter 4: Policy Configuration

• The attack objects database
• Configuring IDP rules
• Configuring terminal rules
• Configuring exempt rules
• Configuring backdoor rules

IAP Chapter 5: Logs and Reporting

• Viewing log entries
• Customizing the log viewer
• Generating reports
• Management and Maintenance
• Updating policies

This course is available as open-enrollment Classroom event, instructor-led Live Virtual Class, REAL-ILT™ or as part of a custom Onsite Training for up to 16 students.

This course assumes that students have basic networking knowledge and experience in the following areas:

• Ethernet
• Transparent Bridging
• TCP/IP Operations
• IP Addressing
• Routing