After successfully completing this course, you should be able to:

• Identify security challenges in today’s networks.
• Identify products that are incorporated into the Juniper Connected Security solution.
• Explain the value of implementing security solutions.
• Explain how Juniper Connected Security solves the cyber security challenges of the future.
• Explain SRX Series session management.
• Explain Junos ALG functions and when to use them.
• Describe policy logging on the SRX series device.
• Explain security policy scheduling.
• Describe application security theory.
• Explain application signature usage in AppID.
• Describe the AppTrack service.
• Describe the AppFW service.
• Describe the AppQoS service.
• Configure security policies using the AppSecure suite of services.
• Explain unified security policies.
• Describe IPS signatures.
• Configure an IPS policy using pre-defined templates.
• Describe how to update the IPS attack object database.
• Describe IPS rules and rule bases.
• Configure custom attack objects.
• Describe Junos Space and Security Director.
• Configure policy management using Security Director.
• Describe Security Director objects.
• Explain the different licensing options for Sky ATP
• List Sky ATP’s features and benefits.
• Configure Sky ATP profiles and enroll an SRX Series device.
• Configure file scanning on Sky ATP.
• Configure Sky ATP to scan email
• Configure GeoIP on Sky ATP.
• Describe the JATP features and benefits
• List the JATP device options.
• Explain the JATP architecture.
• List 3rd party support options for JATP.
• Explain JATP SmartCore analytics processes.
• Describe Policy Enforcer configuration options.
• Describe Policy Enforcer integration with Sky ATP.
• Configure Policy Enforcer to block lateral malware movement.
• Explain Juniper Secure Analytics features and benefits.
• Describe JSA log collection.
• Describe JSA network flow collection.
• Describe the JSA Offense Management workspace.
• Explain the JSA Risk Manager features.
• Configure JSA to collect network and log collection.
• Explain the features of JIMS.
• Describe JIMS integration into the current AD network.
• Describe the Sky Enterprise service and how it can save resources.
• Explain the Sky Enterprise monitoring service.
• Explain the vSRX Series device benefits.
• Describe use cases for the vSRX.
• Explain the cSRX Series device benefits.
• Describe use cases for the cSRX.
• Describe SSL Proxy Concepts.
• Explain Forward and Reverse Proxy and the limitations of each.
• Configure both Forward and Reverse Proxy.
• Troubleshoot SSL Proxy configurations.
• Explain how to cluster the SRX Series.
• Describe chassis cluster interfaces.
• Explain advanced chassis clustering options.
• Configure chassis clustering on the vSRX.
• Troubleshoot chassis clustering on the vSRX

Day 1

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

• Traditional Routing and Security
• Architecture Overview of Junos Security Devices
• Logical Packet Flow through Junos Security Devices
• Junos Space and Security Director Overview

Chapter 3: Zones and Screen Options

• The Definition of Zones
• Zone Configuration
• Monitoring Security Zones
• Configuring Screen Options
• Screen Options Case Study
• Lab 1: Zones and Screen Options

Chapter 4: Security Policies

• Security Policy Overview
• Policy Components
• Policy Case Study
• Lab 2: Security Policies

Chapter 5: Security Director Firewall Policies

• Firewall Policy Configuration
• Firewall Policy Processing Order
• Deploying Firewall Policies
• Monitoring Firewall Policies
• Lab 3: Security Director Firewall Policies

Day 2

Chapter 6: Advanced Security Policy

• Session Management
• Junos ALGs
• Policy Scheduling
• Logging
• Advanced Security Policy with Security Director
• Lab 4: Advanced Policy Options

Chapter 7: Troubleshooting Zones and Policies

• General Troubleshooting for Junos Devices
• Troubleshooting Tools
• Troubleshooting Zones and Policies
• Zone and Policy Case Studies
• Lab 5: Troubleshooting Security Zones and Policies

Chapter 8: Network Address Translation

• NAT Overview
• Source NAT
• Destination NAT
• Static NAT
• Proxy ARP
• Configuring NAT in Security Director
• Lab 6: Network Address Translation

Chapter 9: Advanced NAT

• Persistent NAT
• DNS Doctoring
• IPv6 with NAT
• Advanced NAT Scenarios
• Troubleshooting NAT
• Lab 7: Advanced NAT

Day 3

Chapter 10: IPsec VPN Concepts

• VPN Types
• Secure VPN Requirements
• IPsec Tunnel Establishment
• IPsec Traffic Processing

Chapter 11: IPsec VPN Implementation

• IPsec VPN Configuration
• IPsec VPN Configuration Case Study
• Proxy IDs and Traffic Selectors
• Monitoring IPsec VPNs
• Lab 8: Implementing IPsec VPNs

Chapter 12: Hub-and-Spoke VPNs

• Hub-and-Spoke VPN Overview
• Hub-and-Spoke Configuration and Monitoring
• Hub-and-Spoke Configuration with Security Director
• Lab 9: Implementing Hub-and-Spoke VPNs

Chapter 13: Group VPNs

• Group VPN Overview
• Group VPN Configuration and Monitoring
• Lab 10: Implementing Group VPNs

Day 4

Chapter 14: PKI and ADVPNs

• Public Key Infrastructure
• ADVPN Overview
• ADVPN Configuration and Monitoring
• Lab 11: Implementing PKI and ADVPNs

Chapter 15: Advanced IPsec

• NAT with IPsec
• Class of Service with IPsec
• Enterprise Best Practices
• Routing OSPF over IPsec
• IPsec with Overlapping Addresses
• IPsec with Dynamic Gateway IP Addresses
• Lab 12: Advanced IPsec VPN Scenarios

Chapter 16: Troubleshooting IPsec

• IPsec Troubleshooting Overview
• Troubleshooting IKE Phase 1 and 2
• IPsec Logging
• IPsec Case Studies
• Lab 13: Troubleshooting IPsec

Chapter 17: Chassis Cluster Concepts

• Chassis Clustering Overview
• Chassis Cluster Components
• Chassis Cluster Operation

Day 5

Chapter 18: Chassis Cluster Implementation

• Chassis Cluster Configuration
• Advanced Chassis Cluster Options
• Lab 14: Implementing High Availability Techniques

Chapter 19: Troubleshooting Chassis Clusters

• Troubleshooting Chassis Clusters
• Chassis Cluster Case Studies
• Lab 15: Troubleshooting Chassis Clusters

Appendix A: SRX Series Hardware and Interfaces

• Branch SRX Platform Overview
• High-End SRX Platform Overview
• SRX Traffic Flow and Distribution
• SRX Interfaces

Appendix B: Virtual SRX

• Virtualization Overview
• Network Virtualization and SDN
• Overview of the Virtual SRX
• Deployment Scenarios
• Integration with AWS

No lab information available.

Prerequisites: Level 1

Target Audience

The course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.