AJSEC – Advanced Junos Security

Duration:   3 Days
Price:   $2,850.00
Test Level:    2
Certifications:   JNCIP-SEC
Exams:   JNO-632

 
Course Overview
This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of IPsec deployments, virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, Layer 2 security, and Sky ATP. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release 15.1X49-D60.7.

Course Objective
After successfully completing this course, students should be able to:

  • Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
  • Describe the various forms of security supported by the Junos OS.
  • Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.
  • Configure custom application signatures.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Implement next generation Layer 2 security features.
  • Demonstrate understanding of Logical Systems (LSYS).
  • Implement address books with dynamic addressing.
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing instances.
  • Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • Describe and implement static, source, destination, and dual NAT in complex LAN environments.
  • Describe and implement variations of persistent NAT.
  • Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.
  • Describe the interaction between NAT and security policy.
  • Demonstrate understanding of DNS doctoring.
  • Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, AD VPNs, and group VPNs.
  • Implement IPsec tunnels using virtual routers.
  • Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
  • Monitor the operations of the various IPsec VPN implementations.
  • Describe public key cryptography for certificates.
  • Utilize Junos tools for troubleshooting Junos security implementations.
  • Perform successful troubleshooting of some common Junos security issues.

Target Audience
Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and/or maintaining the advanced Juniper Networks products covered in this course.

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Course Outline
Day 1

Chapter 1: Course Introduction

Chapter 2: AppSecure

  • AppSecure Overview
  • AppID
  • AppTrack
  • AppFW
  • AppDoS
  • AppQoS

Chapter 3: Junos Layer 2 Packet Handling and Security Features

  • Transparent Mode Security
  • Layer 2 Ethernet Switching

Chapter 4: Virtualization

  • Virtualization Overview
  • Routing Instances
  • Logical Systems
  • Lab 3: Implementing Junos Virtual Routing

Day 2

Chapter 5: Advanced NAT Concepts

  • Operational Review
  • NAT: Beyond Layer 3 and Layer 4 Headers
  • DNS Doctoring
  • IPv6 NAT
  • Advanced NAT Scenarios

Chapter 6: IPsec Implementations

  • Standard VPN Implementations Review
  • Public Key Infrastructure
  • Hub-and-Spoke VPNs

Day 3

Chapter 7: Enterprise IPsec Technologies: Group and Dynamic VPNs

  • Group VPN Overview
  • GDOI Protocol
  • Group VPN Configuration and Monitoring
  • Dynamic VPN Overview
  • Dynamic VPN Implementation

Chapter 8: IPsec VPN Case Studies and Solutions

  • Routing over VPNs
  • IPsec with Overlapping Addresses
  • Dynamic Gateway IP Addresses
  • Enterprise VPN Deployment Tips and Tricks

Chapter 9: Troubleshooting Junos Security

  • Troubleshooting Methodology
  • Troubleshooting Tools
  • Identifying IPsec Issues

Appendix A: SRX Series Hardware and Interfaces

Prerequisites
Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the “Introduction to the Junos Operating System (IJOS)], [[http://www.dwwtc.com/outline/juniper/jre | Junos Routing Essentials (JRE), and Junos Security (JSEC)courses prior to attending this class.

All courses are available as open-enrollment Classroom events, instructor-led Live Virtual Classes, REAL-ILT™ or as custom Onsite Training for up to 16 students.