Download Course Outline PDF

Advanced Junos Security (AJSEC)

Length: Three days

Course Overview

This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with SRX Services Gateway devices. Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring advanced security features of the Junos operating system.

Objectives

After successfully completing this course, you should be able to:

• Recall and solidify concepts covered in the prerequisite JSEC course.
• Understand the various forms of security supported by the Junos OS.
• Have a clear understanding of the fundamentals of session-based Junos OS.
• Understand Junos security handling at Layer 2 versus Layer 3.
• Give an overview of the SRX Series Services Gateways product lines.
• Understand the placement and traffic distribution of the various components of SRX Series devices.
• Configure, utilize, and monitor the various interface types available to the SRX Series product line.
• Understand Junos OS processing of Application Layer Gateways (ALG).
• Alter the Junos default behavior of ALG and application processing.
• Implement address books with dynamic addressing.
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
• Describe Junos routing instance types used for virtualization.
• Implement virtual routing-instances.
• Selectively forward traffic between virtual routing-instances.
• Implement policy-based routing.
• Describe and implement static, source, destination, and dual Network Address Translation (NAT).
• Describe and implement variations of cone NAT.
• Describe the interaction between NAT and security policy.
• Implement NAT traversal.
• Implement and monitor optimized chassis clustering.
• Understand IPv6 support for chassis clusters.
• Implement graceful restart and nonstop routing with SRX Series devices.
• Describe the Junos server load-balancing feature.
• Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs.
• Monitor the operations of the various IP Security (IPsec) VPN implementations.
• Describe public key cryptography for certificates.
• Describe, implement, and monitor Group VPNs in an enterprise environment.
• Describe, implement, and monitor Dynamic VPNs in an enterprise environment.
• Utilize IPsec VPN tunnels with OSPF.
• Implement dynamic VPNs.
• Describe some IPsec VPN best practices for the Enterprise.
• Understand and utilize Junos tools for troubleshooting Junos security implementations.
• Utilize a sound methodology for troubleshooting Junos security issues.
• Be familiar with the successful troubleshooting of some common Junos security issues.

Target Audience

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Course Level

Advanced

Prerequisites

Students should:

• have a strong level of TCP/IP networking and security knowledge.

Students should attend the following courses:

• IJOS
• JRE
• JSEC

Course Contents

Chapter 1: Course Introduction

Chapter 2: Junos Security Review

• Junos Security Components Overview and Selective Packet-Based Forwarding
• Junos Layer 2 Packet Handling
• Lab 1: Selective Forwarding

Chapter 3: Security Policy Components

• ALG Overview
• Junos ALGs
• Custom Application Definitions
• Advanced Addressing
• Policy Matching
• Lab 2: Implementing Advanced Security Policy

Chapter 4: Virtualization

• Virtualization Overview
• Routing Instances
• Filter-Based Forwarding
• Lab 3: Implementing Junos Virtual Routing

Chapter 5: Advanced NAT Concepts

• Operational Review
• NAT: Beyond Layer 3 and Layer 4 Headers
• Advanced NAT Scenarios
• Lab 4: Advanced NAT Implementations

Chapter 6: High Availability Clustering

• High Availability Overview
• Chassis Clustering Implementations
• Advanced HA Topics
• Lab 5: Implementing Advanced High Availability Techniques

Chapter 7: IPsec Implementations

• Standard VPN Implementations Review
• Public Key Infrastructure
• Hub-and-Spoke VPNs
• Lab 6: Hub-and-Spoke IPsec VPNs

Chapter 8: Enterprise IPsec Technologies: Group and Dynamic VPNs

• Group VPN Overview
• GDOI Protocol
• Group VPN Configuration and Monitoring
• Dynamic VPN Overview
• Dynamic VPN Implementation
• Lab 7: Configuring Group VPNs

Chapter 9: IPsec VPN Case Studies and Solutions

• Routing over VPNs
• IPsec with Overlapping Addresses
• Dynamic Gateway IP Addresses
• Enterprise VPN Deployment Tips and Tricks
• Lab 8: OSPF over GRE over IPsec VPNs

Chapter 10: Troubleshooting Junos Security

• Troubleshooting Methodology
• Troubleshooting Tools
• Identifying IPsec Issues
• Lab 9: Performing Security Troubleshooting Techniques

Appendix A: SRX Series Hardware and Interfaces

• Branch SRX Platform Overview
• High End SRX Platform Overview
• SRX Traffic Flow and Distribution
• SRX Interfaces

Certification Acronynm: PENDING_CERT

Certification Name: PENDING CERTIFICATION

Exam Code: PENDING_CERT

Course Acronym: AJSEC (Security)

Certification Text

This is course is part of a certification track that is yet to be finalised. Please contact us now for more information.

Download Course Outline PDF

Dates	Location	Status	Registration
11th Jun 2012	Auckland, New Zealand		Add to cart
13th Aug 2012	Sydney, Australia		Add to cart
20th Aug 2012	Melbourne, Australia		Add to cart

---

Email me all these dates   

Course Status Legend:
Need more registrations.
A few more registrations and we'll run it.
Definately running as scheduled.