Advanced Junos Security (AJSEC)

Course Description Schedule Course Outline
 

Who should attend

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Certifications

Prerequisites

Attendees should meet the following prerequisites: Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.

Course Objectives

After you complete this course you will be able to:

  • Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
  • Describe the various forms of security supported by the Junos OS.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Describe the placement and traffic distribution of the various components of SRX devices.
  • Configure, utilize, and monitor the various interface types available to the SRX Series product line.
  • Describe Junos OS processing of Application Layer Gateways (ALGs).
  • Alter the Junos default behaviour of ALG and application processing.
  • Implement address books with dynamic addressing.
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing-instances.
  • Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • Implement selective packet-based forwarding.
  • Implement filter-based forwarding.
  • Describe and implement static, source, destination, and dual NAT in complex LAN environments.
  • Describe and implement variations of cone, or persistent NAT.
  • Describe the interaction between NAT and security policy.
  • Implement optimized chassis clustering.
  • Describe IP version 6 (IPv6) support for chassis clusters.
  • Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
  • Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
  • Monitor the operations of the various IPsec VPN implementations.
  • Describe public key cryptography for certificates.
  • Utilize Junos tools for troubleshooting Junos security implementations.
  • Perform successful troubleshooting of some common Junos security issues.
  • Recall and solidify concepts covered in the prerequisite JSEC course.
  • Understand the various forms of security supported by the Junos OS.
  • Have a clear understanding of the fundamentals of session-based Junos OS.
  • Understand Junos security handling at Layer 2 versus Layer 3.
  • Give an overview of the SRX Series Services Gateways product lines.
  • Understand the placement and traffic distribution of the various components of SRX Series devices.
  • Configure, utilize, and monitor the various interface types available to the SRX Series product line.
  • Understand Junos OS processing of Application Layer Gateways (ALG).
  • Alter the Junos default behaviour of ALG and application processing.
  • Implement address books with dynamic addressing.
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing-instances.
  • Selectively forward traffic between virtual routing-instances.
  • Implement policy-based routing.
  • Describe and implement static, source, destination, and dual Network Address Translation (NAT).
  • Describe and implement variations of cone NAT.
  • Describe the interaction between NAT and security policy.
  • Implement NAT traversal.
  • Implement and monitor optimized chassis clustering.
  • Understand IPv6 support for chassis clusters.
  • Implement graceful restart and nonstop routing with SRX Series devices.
  • Describe the Junos server load-balancing feature.
  • Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs.
  • Monitor the operations of the various IP Security (IPsec) VPN implementations.
  • Describe public key cryptography for certificates.
  • Describe, implement, and monitor Group VPNs in an enterprise environment.
  • Describe, implement, and monitor Dynamic VPNs in an enterprise environment.
  • Utilize IPsec VPN tunnels with OSPF.
  • Implement dynamic VPNs.
  • Describe some IPsec VPN best practices for the Enterprise.
  • Understand and utilize Junos tools for troubleshooting Junos security implementations.
  • Utilize a sound methodology for troubleshooting Junos security issues.
  • Be familiar with the successful troubleshooting of some common Junos security issues.

Course Content

Day 1

Chapter 1: Course Introduction

Chapter 2: Junos Security Review Junos OS Security Components Overview and Selective Packet-Based Forwarding Junos Layer 2 Versus Layer 3 Packet Handling and Security Features Data Center and Branch Deployment s Lab 1: Selective Forwardings

Chapter 3: Security Policy Components RX Series Hardware and Interfaces ALG Overview Junos ALGs Custom Application Definitions Branch Platform Overview Advanced Addressing Data Center Platform Overview Policy Matching Traffic Flow and Distribution SRX Series Interfaces Lab 2: Implementing Advanced Security Policy Setting Up the Initial Baseline Interfaces and Network

Chapter 4: Virtualization Advanced Security Policy Virtualization Overview Junos OS ALGs Custom Application Definitions Routing Instances Advanced Policy Design Filter-Based Forwarding Dynamic Addressing Policy Logging DNS Doctoring Lab 3: Implementing Advanced Security Policy Junos Virtual Routing

Day 2

Chapter 5: Advanced NAT Concepts Virtualization Operational Review Junos Routing Instances NAT: Beyond Layer 3 and Layer 4 Headers Forwarding Between Instances Advanced NAT Scenarios Filter-based Forwarding and Policy -based Routing Lab 4: Advanced NAT Implementations Implementing Junos Virtual Routing

Chapter 6: High Availability Clustering Advanced NAT Concepts High Availability Overview NAT Interaction with Policy and ALGs Chassis Clustering Implementations Advanced HA Topics Junos NAT Implementation Review Cone NAT Multitenant NAT IPv4-to-IPv6 NAT Lab 5: Implementing Advanced NAT Scenarios High Availability Techniques

Chapter 7: IPsec Implementations High Availability Standard VPN Implementations Review Public Key Infrastructure Hub-and-Spoke VPNs Chassis Clustering Implementations Monitoring Chassis Clusters Advanced HA Topics Lab 6: Implementing Advanced High Availability Techniques Hub-and-Spoke IPsec VPNs

Day 3

Chapter 8: Enterprise IPsec Technologies: Group and Dynamic VPNs IPsec Implementations Group VPN Overview GDOI Protocol Group VPN Configuration and Monitoring Dynamic VPN Overview Dynamic VPN Implementation Standard VPN Implementations Review Public Key Infrastructure Hub-and-Spoke VPNs Group VPNs Lab 7: Implementing Variations of IPsec Configuring Group VPN s Deployments

Chapter 9: IPsec VPN Case Studies and Solutions Enterprise IPsec Technologies: Group and Dynamic VPNs Routing over VPNs IPsec with Overlapping Addresses Dynamic Gateway IP Addresses Enterprise VPN Deployment Tips and Tricks Group VPN Overview GDOI Protocol Group VPN Configuration and Monitoring Dynamic VPN Overview Dynamic VPN Implementation Lab 8: OSPF over GRE over IPsec VPNs Implementing the Group VPN Feature

Chapter 10: Troubleshooting Junos Security IPsec VPN Case Studies and Solutions Troubleshooting Methodology Troubleshooting Tools Routing over VPNs Identifying IPsec Issues NAT with IPsec Enterprise VPN Deployment Best Practices Lab 9: Performing Security Troubleshooting Techniques Implementing Routing over VPN Tunnels and IPsec Best Practices

Appendix A Chapter 11: SRX Series Hardware and Interfaces Troubleshooting Junos Security Branch SRX Platform Overview Troubleshooting Tools Troubleshooting Methodology High-End SRX Platform Overview Case Study A SRX Traffic Flow and Distribution Case Study B SRX Interfaces Lab 9: Performing Security Troubleshooting Techniques

Classroom Training

Duration 3 days

Price (excl. tax)
  • Germany: 1,890.- €
  • Switzerland: Fr. 2,900.-
incl. catering
Catering includes:

  • Coffee, Tea, Juice, Water, Soft drinks
  • Pastry and Sweets
  • Bread
  • Fresh fruits
  • Lunch in a nearby restaurant

* Catering information only valid for courses delivered by Fast Lane.


Digital courseware Dates and Booking
Online Training

Duration 3 days

Price (excl. tax)
  • Germany: US$ 2,100.-
Digital courseware Dates and Booking
 
Click on town name to bookSchedule
This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
This is a FLEX course, which is delivered both virtually and in the classroom.
Germany
13/03/2017 - 15/03/2017 Hamburg
13/03/2017 - 15/03/2017 Hamburg Course language: English
15/05/2017 - 17/05/2017 Frankfurt
10/07/2017 - 12/07/2017 Munich
11/09/2017 - 13/09/2017 Hamburg
11/09/2017 - 13/09/2017 Hamburg Course language: English
13/11/2017 - 15/11/2017 Berlin
Switzerland
13/11/2017 - 15/11/2017 Zurich
Austria
13/11/2017 - 15/11/2017 Vienna (iTLS)

Fast Lane Flex™ Classroom If you can't find a suitable date, don't forget to check our world-wide FLEX™ training schedule.