Junos Security (JSEC)
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include: security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and high availability clusters, as well as how to implement these features by using Junos Space and Security Director.
Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. The course also includes some hands-on labs that use Junos Space and Security Director to configure and manage Junos security devices.
This course is based on Junos OS Release 15.1X49-D70, vSRX 2.0, Junos Space 16.1R1, and Security Director 16.1R1.
JSEC is an intermediate-level course.
This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.
After successfully completing this course, you should be able to:
- Describe traditional routing and security.
- Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
- Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
- Describe, configure, and monitor zones.
- Describe, configure, and monitor security policies.
- Troubleshoot security zones and policies.
- Describe, configure, and monitor NAT, as implemented on Junos security platforms.
- Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
- Implement and monitor route-based IPsec VPNs.
- Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
- Troubleshoot IPsec VPNs.
- Describe, configure, and monitor chassis clusters.
- Troubleshoot chassis clusters.
Chapter 1: Course Introduction
Chapter 2: Introduction to Junos Security
- Traditional Routing and Security
- Architecture Overview of Junos Security Devices
- Logical Packet Flow through Junos Security Devices
- Junos Space and Security Director Overview
Chapter 3: Zones and Screen Options
- The Definition of Zones
- Zone Configuration
- Monitoring Security Zones
- Configuring Screen Options
- Screen Options Case Study
- Lab 1: Zones and Screen Options
Chapter 4: Security Policies
- Security Policy Overview
- Policy Components
- Policy Case Study
- Lab 2: Security Policies
Chapter 5: Security Director Firewall Policies
- Firewall Policy Configuration
- Firewall Policy Processing Order
- Deploying Firewall Policies
- Monitoring Firewall Policies
- Lab 3: Security Director Firewall Policies
Chapter 6: Advanced Security Policy
- Session Management
- Junos ALGs
- Policy Scheduling
- Advanced Security Policy with Security Director
- Lab 4: Advanced Policy Options
Chapter 7: Troubleshooting Zones and Policies
- General Troubleshooting for Junos Devices
- Troubleshooting Tools
- Troubleshooting Zones and Policies
- Zone and Policy Case Studies
- Lab 5: Troubleshooting Security Zones and Policies
Chapter 8: Network Address Translation
- NAT Overview
- Source NAT
- Destination NAT
- Static NAT
- Proxy ARP
- Configuring NAT in Security Director
- Lab 6: Network Address Translation
Chapter 9: Advanced NAT
- Persistent NAT
- DNS Doctoring
- IPv6 with NAT
- Advanced NAT Scenarios
- Troubleshooting NAT
- Lab 7: Advanced NAT
Chapter 10: IPsec VPN Concepts
- VPN Types
- Secure VPN Requirements
- IPsec Tunnel Establishment
- IPsec Traffic Processing
Chapter 11: IPsec VPN Implementation
- IPsec VPN Configuration
- IPsec VPN Configuration Case Study
- Proxy IDs and Traffic Selectors
- Monitoring IPsec VPNs
- Lab 8: Implementing IPsec VPNs
Chapter 12: Hub-and-Spoke VPNs
- Hub-and-Spoke VPN Overview
- Hub-and-Spoke Configuration and Monitoring
- Hub-and-Spoke Configuration with Security Director
- Lab 9: Implementing Hub-and-Spoke VPNs
Chapter 13: Group VPNs
- Group VPN Overview
- Group VPN Configuration and Monitoring
- Lab 10: Implementing Group VPNs
Chapter 14: PKI and ADVPNs
- Public Key Infrastructure
- ADVPN Overview
- ADVPN Configuration and Monitoring
- Lab 11: Implementing PKI and ADVPNs
Chapter 15: Advanced IPsec
- NAT with IPsec
- Class of Service with IPsec
- Enterprise Best Practices
- Routing OSPF over IPsec
- IPsec with Overlapping Addresses
- IPsec with Dynamic Gateway IP Addresses
- Lab 12: Advanced IPsec VPN Scenarios
Chapter 16: Troubleshooting IPsec
- IPsec Troubleshooting Overview
- Troubleshooting IKE Phase 1 and 2
- IPsec Logging
- IPsec Case Studies
- Lab 13: Troubleshooting IPsec
Chapter 17: Chassis Cluster Concepts
- Chassis Clustering Overview
- Chassis Cluster Components
- Chassis Cluster Operation
Chapter 18: Chassis Cluster Implementation
- Chassis Cluster Configuration
- Advanced Chassis Cluster Options
- Lab 14: Implementing High Availability Techniques
Chapter 19: Troubleshooting Chassis Clusters
- Troubleshooting Chassis Clusters
- Chassis Cluster Case Studies
- Lab 15: Troubleshooting Chassis Clusters
Appendix A: SRX Series Hardware and Interfaces
- Branch SRX Platform Overview
- High-End SRX Platform Overview
- SRX Traffic Flow and Distribution
- SRX Interfaces
Appendix B: Virtual SRX
- Virtualization Overview
- Network Virtualization and SDN
- Overview of the Virtual SRX
- Deployment Scenarios
- Integration with AWS