Course Description
Course Overview
The JNCIS-FWV BootCamp course is a combination of three advanced technical courses into a highly technical 5-day curriculum, allowing students to attain the Advanced Firewall Certification from Juniper Networks:
- APJF - Attack Prevention with Juniper Networks Firewalls
- AJVI - Advanced Juniper Networks IPSec VPN Implementations
- IFVH - Integrating Juniper Firewall/VPNs into High-Performance Networks
The JNCIS-FWV course and focuses on advanced management and troubleshooting of Juniper Firewall/VPN products in complex, dynamic networks. Key topics include virtual systems, dynamic routing, multicast routing, NSRP, and quality of service features. Students will then survey various IPSec VPN configurations as well as alternatives (i.e. GRE), how to deploy dynamic routing over VPNs, SCREEN scanning, anti-virus protection, deep inspection attack detection, Web URL filtering, anti-spam, anti-phishing and anti-spyware capabilities of ScreenOS.
Course Objectives
- ScreenOS VPN Basics Review
- OSPF Operational Summary
- Configure OSPF in a Multi-Area Network
- Optimizing Routing Tables
- BGP Operations
- EBGP Configuration
- IBGP Full Mesh
- Source-Based Routing (SBR)
- Policy-Based Routing
- Multiple Static Routes
- Multicast
- IGMP Configuration Steps
- NSRP and Virtual Systems
- NetScreen Redundancy Protocol (NSRP)
- Traffic Shaping
- VPN Variations
- Hub-and-Spoke VPNs
- Routing over VPNs
- Using Certificates
- Redundant VPN Gateways
- Generic Routing Encapsulation
- Dialup IPSec VPNs
- Remote Access
- Deep Inspection
- Web Filtering
- AntiSpam
Target Audience
Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and or maintaining the Juniper Networks products covered in this course.
Course Outline
Day 1
Course Introduction
APJF Chapter 2: ScreenOS Basics Review
- Concepts Review
- Configuration Review
APJF Chapter 3: SCREEN Options
- Multilayer Network Protection
- Types of Attacks
- SCREEN Options Configuration
- Verifying Operations
APJF Chapter 4: Deep Inspection
- Deep Inspection Overview
- Attack Database Configuration
- Policy Configuration
- Logging and Monitoring
APJF Chapter 5: Antivirus
- Antivirus Operations
- Antivirus Configuration–Kaspersky
- Antivirus Configuration–ICAP
- Verifying Operations
APJF Chapter 6: Web Filtering
- Web-Filtering Options
- Web-Filtering Configuration
- Verifying Operations
APJF Chapter 7: Antispam
- Antispam Concepts
- Antispam Configuration
- Verifying Operations
Day 2
AJVI Chapter 2: ScreenOS VPN Basics Review
- VPN Review
- Verifying Operations
- VPN Monitor
AJVI Chapter 3: VPN Variations
- Dynamic Peers
- Transparent Mode
- Overlapping Addresses
AJVI Chapter 4: Hub-and-Spoke VPNs
- Concepts
- Policy-Based Hub-and-Spoke
- Route-Based Hub-and-Spoke VPNs with No Policy and NHTB
- Route-Based Hub-and-Spoke VPNs with Policy
- Centralized Control Hub-and-Spoke VPNs
- ACVPNs
AJVI Chapter 5: Routing over VPNs
- Routing Overview
- Configuring RIP
- Configuring OSPF
- Case Studies
Day 3
AJVI Chapter 6: Using Certificates
- Concepts and Terminology
- Configuring Certificates and Certificate Support
- Configuring VPNs with Certificates
IFVH Chapter 3: Interior Gateway Protocols
- RIP Operations
- OSPF Operations
- OSPF Configuration
- Verification and Troubleshooting
- Route Redistribution
- Route Optimization
IFVH Chapter 4: BGP
- BGP Operations
- EBGP Configuration
- Verification and Troubleshooting
- IBGP Configuration
- BGP Connectivity
Day 4
IFVH Chapter 5: Advanced Static Routing
- Source-Based Routing
- Policy-Based Routing
- Destination Routing
IFVH Chapter 6: Multicast
- Multicast Overview
- IGMP Operations
- IGMP Configuration
- PIM-SM Operations
- PIM-SM Configuration
- Multicast Policies
IFVH Chapter 7: Virtual Systems
- Vsys Operations and Concepts
- Configuring Vsys Using Interface Classification
- Vsys Resource Management
- Inter-Vsys Routing
- Address Translation
Day 5
IFVH Chapter 8: Redundancy
- NSRP Terms and Concepts
- Configuring NSRP Active/Passive
- Configuring NSRP Active/Active, VSD-Less Cluster, and NSRP-Lite
- Tuning Failover Performance
- VRRP Support
- Redundant Interfaces
IFVH Chapter 9: Traffic Management
- Need for Traffic Management
- Egress Traffic Shaping
- Ingress Policing
- DSCP Marking
This course is available as open-enrollment Classroom event, instructor-led Live Virtual Class, REAL-ILT™ or as part of a custom Onsite Training for up to 16 students.