Course Description
Course Overview
This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security with advanced coverage of IPsec deployments, Classroomization, AppSecure, advanced Network Address Translation (NAT) deployments, and Layer 2 security. The student materials use Junos OS Release 12.1R1.9.
Course Objectives
After successfully completing this course, students should be able to:
- Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
- Describe the various forms of security supported by the Junos OS.
- Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.
- Configure custom application signatures.
- Describe Junos security handling at Layer 2 versus Layer 3.
- Implement Layer 2 transparent mode security features.
- Demonstrate understanding of Logical Systems (LSYS).
- Implement address books with dynamic addressing.
- Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
- Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
- Describe Junos routing instance types used for Classroomization.
- Implement Classroom routing instances.
- Describe and configure route sharing between routing instances using logical tunnel interfaces.
- Describe and implement static, source, destination, and dual NAT in complex LAN environments.
- Describe and implement variations of persistent NAT.
- Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.
- Describe the interaction between NAT and security policy.
- Demonstrate understanding of DNS doctoring.
- Differentiate and configure standard point-to-point IP Security (IPsec) Classroom private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
- Implement IPsec tunnels using Classroom routers.
- Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
- Monitor the operations of the various IPsec VPN implementations.
- Describe public key cryptography for certificates.
- Utilize Junos tools for troubleshooting Junos security implementations.
- Perform successful troubleshooting of some common Junos security issues.
Target Audience
Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and/or maintaining the advanced Juniper Networks products covered in this course.
This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.
Course Outline
Day 1
Chapter 1: Course Introduction
Chapter 2: AppSecure
- AppSecure Overview
- AppID
- AppTrack
- AppFW
- AppDoS
- AppQoS
Chapter 3: Junos Layer 2 Packet Handling and Security Features
- Transparent Mode Security
- Layer 2 Ethernet Switching
Chapter 4: Classroomization
- Classroomization Overview
- Routing Instances
- Logical Systems
- Lab 3: Implementing Junos Classroom Routing
Day 2
Chapter 5: Advanced NAT Concepts
- Operational Review
- NAT: Beyond Layer 3 and Layer 4 Headers
- DNS Doctoring
- IPv6 NAT
- Advanced NAT Scenarios
Chapter 6: IPsec Implementations
- Standard VPN Implementations Review
- Public Key Infrastructure
- Hub-and-Spoke VPNs
Day 3
Chapter 7: Enterprise IPsec Technologies: Group and Dynamic VPNs
- Group VPN Overview
- GDOI Protocol
- Group VPN Configuration and Monitoring
- Dynamic VPN Overview
- Dynamic VPN Implementation
Chapter 8: IPsec VPN Case Studies and Solutions
- Routing over VPNs
- IPsec with Overlapping Addresses
- Dynamic Gateway IP Addresses
- Enterprise VPN Deployment Tips and Tricks
Chapter 9: Troubleshooting Junos Security
- Troubleshooting Methodology
- Troubleshooting Tools
- Identifying IPsec Issues
Appendix A: SRX Series Hardware and Interfaces