PDF Schedule
PDF Schedule
TR-JSEC
Juniper Network Course

Junos for Security Platforms

LEVEL 25 DAY COURSE
LEVEL 2

COURSE DESCRIPTION

This five-day course uses the Junos J-Web, CLI, Junos Space, and other user interfaces to introduce students to the concept of Juniper Connected Security. Key topics include tasks for advanced security policies, application layer security using the AppSecure suite, IPS rules and custom attack objects, Security Director management, Sky ATP management, JATP management, JSA management, Policy Enforcer management, JIMS management, Juniper Sky Enterprise usage, vSRX and cSRX usage, SSL Proxy configuration, and SRX chassis clustering configuration and troubleshooting. Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS and monitoring basic device operations. Course Level Junos Security (JSEC) is an intermediate-level course.

$4750

TR-JSEC

REGISTER NOW

Available Certifications

Students must pass exam to be certified.

TFS JSEC Certification $150

Questions?
Call 877.529.9114

Objectives
Lectures
Labs
Prerequisites

Objectives

After successfully completing this course, you should be able to:

  • Identify security challenges in today’s networks.
  • Identify products that are incorporated into the Juniper Connected Security solution.
  • Explain the value of implementing security solutions.
  • Explain how Juniper Connected Security solves the cyber security challenges of the future.
  • Explain SRX Series session management.
  • Explain Junos ALG functions and when to use them.
  • Describe policy logging on the SRX series device.
  • Explain security policy scheduling.
  • Describe application security theory.
  • Explain application signature usage in AppID.
  • Describe the AppTrack service.
  • Describe the AppFW service.
  • Describe the AppQoS service.
  • Configure security policies using the AppSecure suite of services.
  • Explain unified security policies.
  • Describe IPS signatures.
  • Configure an IPS policy using pre-defined templates.
  • Describe how to update the IPS attack object database.
  • Describe IPS rules and rule bases.
  • Configure custom attack objects.
  • Describe Junos Space and Security Director.
  • Configure policy management using Security Director.
  • Describe Security Director objects.
  • Explain the different licensing options for Sky ATP
  • List Sky ATP’s features and benefits.
  • Configure Sky ATP profiles and enroll an SRX Series device.
  • Configure file scanning on Sky ATP.
  • Configure Sky ATP to scan email
  • Configure GeoIP on Sky ATP.
  • Describe the JATP features and benefits
  • List the JATP device options.
  • Explain the JATP architecture.
  • List 3rd party support options for JATP.
  • Explain JATP SmartCore analytics processes.
  • Describe Policy Enforcer configuration options.
  • Describe Policy Enforcer integration with Sky ATP.
  • Configure Policy Enforcer to block lateral malware movement.
  • Explain Juniper Secure Analytics features and benefits.
  • Describe JSA log collection.
  • Describe JSA network flow collection.
  • Describe the JSA Offense Management workspace.
  • Explain the JSA Risk Manager features.
  • Configure JSA to collect network and log collection.
  • Explain the features of JIMS.
  • Describe JIMS integration into the current AD network.
  • Describe the Sky Enterprise service and how it can save resources.
  • Explain the Sky Enterprise monitoring service.
  • Explain the vSRX Series device benefits.
  • Describe use cases for the vSRX.
  • Explain the cSRX Series device benefits.
  • Describe use cases for the cSRX.
  • Describe SSL Proxy Concepts.
  • Explain Forward and Reverse Proxy and the limitations of each.
  • Configure both Forward and Reverse Proxy.
  • Troubleshoot SSL Proxy configurations.
  • Explain how to cluster the SRX Series.
  • Describe chassis cluster interfaces.
  • Explain advanced chassis clustering options.
  • Configure chassis clustering on the vSRX.
  • Troubleshoot chassis clustering on the vSRX

Lectures

Day 1

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

  • Traditional Routing and Security
  • Architecture Overview of Junos Security Devices
  • Logical Packet Flow through Junos Security Devices
  • Junos Space and Security Director Overview

Chapter 3: Zones and Screen Options

  • The Definition of Zones
  • Zone Configuration
  • Monitoring Security Zones
  • Configuring Screen Options
  • Screen Options Case Study
  • Lab 1: Zones and Screen Options

Chapter 4: Security Policies

  • Security Policy Overview
  • Policy Components
  • Policy Case Study
  • Lab 2: Security Policies

Chapter 5: Security Director Firewall Policies

  • Firewall Policy Configuration
  • Firewall Policy Processing Order
  • Deploying Firewall Policies
  • Monitoring Firewall Policies
  • Lab 3: Security Director Firewall Policies

Day 2

Chapter 6: Advanced Security Policy

  • Session Management
  • Junos ALGs
  • Policy Scheduling
  • Logging
  • Advanced Security Policy with Security Director
  • Lab 4: Advanced Policy Options

Chapter 7: Troubleshooting Zones and Policies

  • General Troubleshooting for Junos Devices
  • Troubleshooting Tools
  • Troubleshooting Zones and Policies
  • Zone and Policy Case Studies
  • Lab 5: Troubleshooting Security Zones and Policies

Chapter 8: Network Address Translation

  • NAT Overview
  • Source NAT
  • Destination NAT
  • Static NAT
  • Proxy ARP
  • Configuring NAT in Security Director
  • Lab 6: Network Address Translation

Chapter 9: Advanced NAT

  • Persistent NAT
  • DNS Doctoring
  • IPv6 with NAT
  • Advanced NAT Scenarios
  • Troubleshooting NAT
  • Lab 7: Advanced NAT

Day 3

Chapter 10: IPsec VPN Concepts

  • VPN Types
  • Secure VPN Requirements
  • IPsec Tunnel Establishment
  • IPsec Traffic Processing

Chapter 11: IPsec VPN Implementation

  • IPsec VPN Configuration
  • IPsec VPN Configuration Case Study
  • Proxy IDs and Traffic Selectors
  • Monitoring IPsec VPNs
  • Lab 8: Implementing IPsec VPNs

Chapter 12: Hub-and-Spoke VPNs

  • Hub-and-Spoke VPN Overview
  • Hub-and-Spoke Configuration and Monitoring
  • Hub-and-Spoke Configuration with Security Director
  • Lab 9: Implementing Hub-and-Spoke VPNs

Chapter 13: Group VPNs

  • Group VPN Overview
  • Group VPN Configuration and Monitoring
  • Lab 10: Implementing Group VPNs

Day 4

Chapter 14: PKI and ADVPNs

  • Public Key Infrastructure
  • ADVPN Overview
  • ADVPN Configuration and Monitoring
  • Lab 11: Implementing PKI and ADVPNs

Chapter 15: Advanced IPsec

  • NAT with IPsec
  • Class of Service with IPsec
  • Enterprise Best Practices
  • Routing OSPF over IPsec
  • IPsec with Overlapping Addresses
  • IPsec with Dynamic Gateway IP Addresses
  • Lab 12: Advanced IPsec VPN Scenarios

Chapter 16: Troubleshooting IPsec

  • IPsec Troubleshooting Overview
  • Troubleshooting IKE Phase 1 and 2
  • IPsec Logging
  • IPsec Case Studies
  • Lab 13: Troubleshooting IPsec

Chapter 17: Chassis Cluster Concepts

  • Chassis Clustering Overview
  • Chassis Cluster Components
  • Chassis Cluster Operation

Day 5

Chapter 18: Chassis Cluster Implementation

  • Chassis Cluster Configuration
  • Advanced Chassis Cluster Options
  • Lab 14: Implementing High Availability Techniques

Chapter 19: Troubleshooting Chassis Clusters

  • Troubleshooting Chassis Clusters
  • Chassis Cluster Case Studies
  • Lab 15: Troubleshooting Chassis Clusters

Appendix A: SRX Series Hardware and Interfaces

  • Branch SRX Platform Overview
  • High-End SRX Platform Overview
  • SRX Traffic Flow and Distribution
  • SRX Interfaces

Appendix B: Virtual SRX

  • Virtualization Overview
  • Network Virtualization and SDN
  • Overview of the Virtual SRX
  • Deployment Scenarios
  • Integration with AWS

Labs

No lab information available.

Prerequisites: Level 1

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Juniper Security (JSEC) course prior to attending this class.

Target Audience

The course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.

 

SCHEDULE

Call 877.529.9114 for scheduling information.

On-Site
Training

Call: 877.529.9114

Remember, if you have 5 or more students, we can bring our class to you at your own facility – saving you time and money!

Customized Training

Call: 877.529.9114

Any of our courses can be customized to focus on your needs – like using specific equipment, or working in a particular situation.

Cancellation Policy

FiberOptic.com and The Fiber School may cancel a course that lacks sufficient enrollment a week before it is scheduled to begin. When a course is cancelled, we make every effort to notify all registered students promptly. If The Fiber School cancels the course, students may elect to transfer to a future date.

Students who cancel within a week of the start of the course will be subject to a 50% cancellation fee and onsite or custom courses will be subject to a 100% cancellation fee.