Call:

Colorado: 719-298-4047

North Carolina: 910-222-7640 

Force7 IT Training

Excellence in IT Instruction

by

Course Description

This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and chassis clustering.

Thank you for reading this post, don't forget to subscribe!

Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component.

This course is based on Junos OS Release 17.4R1.16 and the vSRX virtual appliance.

Audience Profile

  • Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices
  • Anyone seeking JNCIS-SEC certification

Prerequisites

Introduction to the Junos Operating Systems (IJOS)

Learning Objectives

After successfully completing this course, you should be able to perform the following:

  • Describe traditional routing and security and the current trends in internetworking.
  • Provide an overview of SRX Series devices and software architecture.
  • Describe the logical packet flow and session creation performed by SRX Series devices.
  • Describe, configure, and monitor zones.
  • Describe, configure, and monitor security policies.
  • Describe, configure, and monitor user firewall authentication
  • Describe various types of network attacks.
  • Configure and monitor Screen options to prevent network attacks.
  • Explain, implement, and monitor NAT, as implemented on Junos security platforms.
  • Explain the purpose and mechanics of IP Security (IPsec) virtual private networks
    (VPNs).
  • Implement and monitor policy-based and route-based IPsec VPNs.
  • Describe, configure, and monitor high availability chassis clusters.
  • Describe how to deploy and manage vSRX.
  • Describe and configure Group VPNs.
  • Describe and configure ADVPNs.
  • Troubleshoot chassis clusters, IPsec VPNs, zones, and Security Policies

Course Outline

Course Introduction

Introduction to Junos Security

  • Traditional Routing and Security
  • Architecture Overview of Junos Security Devices
  • Logical Packet Flow through Junos Security Devices
  • J-Web Overview

Zones and Screen Options

  • Zones Overview
  • Zone Configuration
  • Monitoring Security Zones
  • Configuring Screen Options
  • Screen Options Case Study

Security Policies

  • Security Policy Overview
  • Policy Components
  • Security Policy Configuration in J-Web
  • Policy Case Study (CLI)
  • Policy Case Study (J-Web)

Advanced Security Policy

  • Session Management
  • Junos ALGs
  • Policy Scheduling
  • Logging
  • Advanced Security Policy

Troubleshooting Zones and Policies

  • General Troubleshooting for Junos Devices
  • Troubleshooting Tools
  • Troubleshooting Zones and Policies
  • Zone and Policy Case Studies

Network Address Translation

  • NAT Overview
  • Source NAT
  • Destination NAT
  • Static NAT
  • Proxy ARP

Advanced NAT

  • Persistent NAT
  • DNS Doctoring
  • IPv6 with NAT
  • Advanced NAT Scenarios
  • Troubleshooting NAT

IPsec VPN Concepts

  • VPN Types
  • Secure VPN Requirements
  • IPsec Tunnel Establishment
  • IPsec Traffic Processing

IPsec VPN Implementation

  • IPsec VPN Configuration
  • IPsec VPN Case Study
  • Proxy IDs and Traffic Selectors
  • Monitoring IPsec VPNs

Hub-and-Spoke VPNs

  • Hub-and-Spoke VPN Overview
  • Hub-and-Spoke Configuration and Monitoring

Group VPNs

  • Group VPN Overview
  • Group VPN Configuration and Monitoring

PKI and ADVPNs

  • Public Key Infrastructure Overview
  • PKI Configuration
  • ADVPN Overview
  • ADVPN Configuration and Monitoring

Advanced IPsec

  • NAT with IPsec
  • Class of Service with IPsec
  • Best Practices
  • Routing OSPF over IPsec
  • IPsec with Overlapping Addresses
  • IPsec with Dynamic Gateway IP Addresses

Troubleshooting IPsec

  • IPsec Troubleshooting Overview
  • Troubleshooting IKE Phase 1 and 2
  • IPsec Logging
  • IPsec Case Studies

Chassis Cluster Concepts

  • Chassis Clustering Overview
  • Chassis Cluster Components
  • Chassis Cluster Operation

Chassis Clutter Implementation

  • Chassis Cluster Configuration
  • Advanced Chassis Cluster Options

Troubleshooting Chassis Clusters

  • Troubleshooting Chassis Clusters
  • Chassis Cluster Case Studies

SRX Series Hardware

  • Branch SRX Platform Overview
  • Mid-Range SRX Platform Overview
  • High-End SRX Platform Overview
  • SRX Traffic Flow and Distribution
  • SRX Interfaces

Virtual SRX

  • Virtualization Overview
  • Network Virtualization and SDN
  • Overview of the Virtual SRX
  • Deployment Scenarios
  • Integration with AWS

LAB 1: Zones and Screen Options

LAB 2: Security Policies

Lab 3: Advanced Policy Options

Lab 4: Troubleshooting Security Zones and Policies

Lab 5: Network Address Translation

Lab 6: Advanced NAT

Lab 7: Implementing IPsec VPNs

Lab 8: Hub-and-Spoke VPNs

Lab 9: Group VPNs

Lab 10: PKI and ADVPNs

Lab 11: Advanced IPsec VPN Solutions

Lab 12: Troubleshooting IPsec

Lab 13: Implementing Chassis Clusters

Lab 14: Troubleshooting Chassis Clusters

 

Category iconUncategorized

.wp-custom-logo .title-area { width: 120px !important; }