Junos Security Skills Camp (JSEC, AJSEC)

Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices

After successfully completing this course, you should be able to:

• Describe traditional routing and security and the current trends in internetworking.
• Provide an overview of SRX Series devices and software architecture.
• Describe the logical packet flow and session creation performed by SRX Series devices.
• Describe, configure, and monitor zones.
• Describe, configure, and monitor security policies.
• Describe, configure, and monitor firewall user authentication.
• Describe various types of network attacks.
• Configure and monitor SCREEN options to prevent network attacks.
• Explain, implement, and monitor NAT on Junos security platforms.
• Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
• Implement and monitor policy-based and route-based IPsec VPNs.
• Utilize and update the IDP signature database.
• Configure and monitor IDP policy with policy templates.
• Describe, configure, and monitor high availability chassis clusters.
• Describe the various forms of security supported by the Junos OS.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Describe the placement and traffic distribution of the various components of SRX devices.
• Configure, utilize, and monitor the various interface types available to the SRXSeries product line.
• Describe Junos OS processing of Application Layer Gateways (ALGs).
• Alter the Junos default behavior of ALG and application processing.
• Implement address books with dynamic addressing.
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
• Describe Junos routing instance types used for virtualization.
• Implement virtual routing instances.
• Describe and configure route sharing between routing instances using logical tunnel interfaces.
• Implement selective packet-based forwarding.
• Implement filter-based forwarding.
• Describe and implement static, source, destination, and dual NAT in complex LAN environments.
• Describe and implement variations of cone, or persistent NAT.
• Describe the interaction between NAT and security policy.
• Implement optimized chassis clustering.
• Describe IP version 6 (IPv6) support for chassis clusters.
• Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
• Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
• Monitor the operations of the various IPsec VPN implementations.
• Describe public key cryptography for certificates.
• Utilize Junos tools for troubleshooting Junos security implementations.
• Perform successful troubleshooting of some common Junos security issues.

Introduction to Junos security platforms

• Traditional Routing
• Traditional Security
• Breaking the Tradition
• The Junos OS Architecture

Zones

• The Definition of Zones
• Zone Configuration
• Monitoring Security Zones
• Lab: Configuring and Monitoring Zones

Security Policies

• Overview of Security Policy
• Policy Components
• Verifying Policy Operation
• Policy Scheduling and Rematching
• Policy Case Study
• Lab: Security Policies

Firewall User Authentication

• Firewall User Authentication Overview
• Pass-Through Authentication
• Web Authentication
• Client Groups
• Using External Authentication Servers
• Verifying Firewall User Authentication
• Lab: Configuring Firewall Authentication

SCREEN Options

• Multilayer Network Protection
• Stages and Types of Attacks
• Using Junos SCREEN Options—Reconnaissance Attack Handling
• Using Junos SCREEN Options—Denial of Service Attack Handling
• Using Junos SCREEN Options—Suspicious Packets Attack Handling
• Applying and Monitoring SCREEN Options
• Lab: Implementing SCREEN Options

Network Address Translation

• NAT Overview
• Source NAT Operation and Configuration
• Destination NAT Operation and Configuration
• Static NAT Operation and Configuration
• Proxy ARP
• Monitoring and Verifying NAT Operation
• Lab: Network Address Translation

IPsec VPNs

• VPN Types
• Secure VPN Requirements
• IPsec Details
• Configuration of IPsec VPNs
• IPsec VPN Monitoring
• Lab: Implementing IPsec VPNs

Introduction to Intrusion Detection and Prevention

• Introduction to Junos IDP
• IDP Policy Components and Configuration
• Signature Database
• Case Study: Applying the Recommended IDP Policy
• Monitoring IDP Operation
• Lab: Implementing IDP

High Availability Clustering

• High Availability Overview
• Chassis Cluster Components
• Chassis Cluster Operation
• Chassis Cluster Configuration
• Chassis Cluster Monitoring
• Lab: Implementing Chassis Clusters

Junos Security Review

• Junos Security Components Overview and Selective Packet-Based Forwarding
• Junos Layer 2 Packet Handling
• Lab: Selective Forwarding

Security Policy Components

• ALG Overview
• Junos ALGs
• Custom Application Definitions
• Advanced Addressing
• Policy Matching
• Lab: Implementing Advanced Security Policy

Virtualization

• Virtualization Overview
• Routing Instances
• Filter-Based Forwarding
• Lab: Implementing Junos Virtual Routing

Advanced NAT Concepts

• Operational Review
• NAT: Beyond Layer 3 and Layer 4 Headers
• Advanced NAT Scenarios
• Lab: Advanced NAT Implementations

High Availability Clustering

• High Availability Overview
• Chassis Clustering Implementations
• Advanced HA Topics
• Lab: Implementing Advanced High Availability Techniques

IPsec Implementations

• Standard VPN Implementations Review
• Public Key Infrastructure
• Hub-and-Spoke VPNs
• Lab: Hub-and-Spoke IPsec VPNs

Enterprise IPsec Technologies: Group and Dynamic VPNs

• Group VPN Overview
• GDOI Protocol
• Group VPN Configuration and Monitoring
• Dynamic VPN Overview
• Dynamic VPN Implementation
• Lab: Configuring Group VPNs

IPsec VPN Case Studies and Solutions

• Routing over VPNs
• IPsec with Overlapping Addresses
• Dynamic Gateway IP Addresses
• Enterprise VPN Deployment Tips and Tricks
• Lab: OSPF over GRE over IPsec VPNs

Troubleshooting Junos Security

• Troubleshooting Methodology
• Troubleshooting Tools
• Identifying IPsec Issues
• Lab: Performing Security Troubleshooting Techniques

SRX Series Hardware and Interfaces

• Branch SRX Platform Overview
• High End SRX Platform Overview
• SRX Traffic Flow and Distribution
• SRX Interfaces