Junos Security Skills Camp (JSEC, AJSEC)
TThis course covers implementing, configuring, and monitoring the Junos OS for SRX Series devices.Junos Security (JSEC) and Advanced Junos Security (AJSEC) to create an intensive, extended-hours Labs covering:
- Security zones
- Security policies
- Intrusion detection and prevention (IDP)
- Network Address Translation (NAT)
- IP Security (IPsec) deployments
- Virtualization
- Layer 2 security with SRX Series Services Gateways
Objectives
- SRX Series devices and software architecture
- Logical packet flow and session creation performed by SRX Series devices
- Placement and traffic distribution of the various components of SRX devices
- Configure, utilize, and monitor the various interface types available to the SRX Series product line
- Configure and monitor zones, security policies, and firewall user authentication
- Configure and monitor SCREEN options to prevent network attacks
- Implement and monitor NAT on Junos security platforms
- Implement static, source, destination, and dual NAT in complex LAN environments
- Implement variations of cone or persistent NAT
- Interaction between NAT and security policy
- Purpose and mechanics of IPsec virtual private networks (VPNs)
- Implement and monitor policy-based and route-based IPsec VPNs
- Differentiate and configure standard point-to-point IPsec VPN tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs
- Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls
- Monitor the operations of the various IPsec VPN implementations
- Use and update the IDP signature database
- Configure and monitor IDP policy with policy templates
- Configure and monitor high availability (HA) chassis clusters
- Security supported by the Junos OS
- Junos security handling at Layer 2 vs. Layer 3
- Junos OS processing of Application Layer Gateways (ALGs)
- Alter the Junos default behavior of ALG and application processing
- Implement address books with dynamic addressing
- Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
- Junos routing instance types used for virtualization
- Implement virtual routing instances
- Configure route sharing between routing instances using logical tunnel interfaces
- Implement packet-based and filter-based forwarding
- Implement optimized chassis clustering
- IPv6 support for chassis clusters
- Public key cryptography for certificates
- Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
- Junos tools for troubleshooting Junos security implementations
Who can take this course
Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices
Prerequisites
- Introduction to the Junos Operating System (IJOS)
- Junos Routing Essentials (JRE)
Or
- Junos Foundations: JNCIA-Junos Boot Camp (IJOS, JRE)
Follow-On Courses
There are no follow-ons for this course.
Certification Programs
This course is part of the following programs
Course Content
1. Junos Security Platforms
- Traditional Routing
- Traditional Security
- Breaking the Tradition
- The Junos OS Architecture
2. Zones
- The Definition of Zones
- Zone Configuration
- Monitoring Security Zones
3. Security Policies
- Policy Components
- Verifying Policy Operation
- Policy Scheduling and Rematching
- ALGs
- Custom Application Definitions
- Advanced Addressing
- Policy Matching
4. Firewall User Authentication
- Firewall User Authentication Overview
- Pass-Through Authentication
- Web Authentication
- Client Groups
- Using External Authentication Servers
- Verifying Firewall User Authentication
5. SCREEN Options
- Multilayer Network Protection
- Stages and Types of Attacks
- Using Junos SCREEN Options
- Reconnaissance Attack Handling
- Denial of Service Attack Handling
- Suspicious Packets Attack Handling
- Applying and Monitoring SCREEN Options
6. NAT
- Source NAT Operation and Configuration
- Destination NAT Operation and Configuration
- Static NAT Operation and Configuration
- Proxy ARP
- Monitoring and Verifying NAT Operation
- Beyond Layer 3 and Layer 4 Headers
- Advanced NAT Scenarios
7. IPsec VPNs
- VPN Types
- Secure VPN Requirements
- IPsec Details
- Configuration of IPsec VPNs
- IPsec VPN Monitoring
- Routing over VPNs
- IPsec with Overlapping Addresses
- Dynamic Gateway IP Addresses
- Enterprise VPN Deployment Tips and Tricks
8. IPsec Implementations
- Standard VPN Implementations
- Public Key Infrastructure
- Hub-and-Spoke VPNs
9. Enterprise IPsec Technologies
- Group VPN
- GDOI Protocol
- Group VPN Configuration and Monitoring
- Dynamic VPN Implementation
10. IDP
- Junos IDP
- Policy Components
- Configuration
- Signature Database
- Monitoring IDP Operation
11. HA Clustering
- Chassis Cluster
- Components
- Operation
- Configuration
- Monitoring
- Implementations
- Advanced HA Topics
12. Virtualization
- Routing Instances
- Filter-Based Forwarding
13. Troubleshooting Junos Security
- Troubleshooting Methodology
- Troubleshooting Tools
- Identifying IPsec Issues
14. SRX Series Hardware and Interfaces
- Branch SRX Platform
- High-End SRX Platform
- SRX Traffic Flow and Distribution
- SRX Interfaces
Labs
Lab 1: Configuring and Monitoring Zones
Lab 2: Security Policies
Case Study 1: Security Policy
Lab 3: Configuring Firewall Authentication
Lab 4: Implementing SCREEN Options
Lab 5: Network Address Translation
Lab 6: Implementing IPsec VPNs
Lab 7: Implementing IDP
Case Study 2: Applying the Recommended IDP Policy
Lab 8: Implementing Chassis Clusters
Lab 9: Selective Forwarding
Lab 10: Implementing Advanced Security Policy
Lab 11: Implementing Junos Virtual Routing
Lab 12: Advanced NAT Implementations
Lab 13: Implementing Advanced HA Techniques
Lab 14: Hub-and-Spoke IPsec VPNs
Lab 15: Configuring Group VPNs
Lab 16: OSPF over GRE over IPsec VPNs
Lab 17: Performing Security Troubleshooting Techniques
| |
Corporate training |
Quality can only be experienced, not described.
|
|
CCIE Bootcamp Schedule |
CCIE R&S 10-DAY BOOTCAMP
CCIE SERVICE PROVIDER V3.0 10-DAY BOOTCAMP
CCIE SECURITY V4.0 10-DAY BOOTCAMP
CCIE VOICE 10-DAY BOOTCAMP
|
|