Junos Security (JSEC, AJSEC)

Junos Security (JSEC, AJSEC) Course Description

Duration: 5.00 days (40 hours)

Build your intermediate and advanced Juniper security skills in this convenient skills-building course. We've combined two authorized Juniper courses, Junos Security (JSEC) and Advanced Junos Security (AJSEC) to create an intensive, extended-hours Skills Camp in which you will build your intermediate and advanced Juniper security skills. You will gain hands-on experience implementing, configuring, and monitoring the Junos OS for SRX Series devices

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Junos Security (JSEC, AJSEC) Course Objectives

  • » Describe traditional routing and security and the current trends in internetworking.
  • » Provide an overview of SRX Series devices and software architecture.
  • » Describe the logical packet flow and session creation performed by SRX Series devices.
  • » Describe, configure, and monitor zones.
  • » Describe, configure, and monitor security policies.
  • » Describe, configure, and monitor firewall user authentication.
  • » Describe various types of network attacks.
  • » Configure and monitor SCREEN options to prevent network attacks.
  • » Explain, implement, and monitor NAT on Junos security platforms.
  • » Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
  • » Implement and monitor policy-based and route-based IPsec VPNs.
  • » Utilize and update the IDP signature database.
  • » Configure and monitor IDP policy with policy templates.
  • » Describe, configure, and monitor high availability chassis clusters.
  • » Describe the various forms of security supported by the Junos OS.
  • » Describe Junos security handling at Layer 2 versus Layer 3.
  • » Describe the placement and traffic distribution of the various components of SRX devices.
  • » Configure, utilize, and monitor the various interface types available to the SRXSeries product line.
  • » Describe Junos OS processing of Application Layer Gateways (ALGs).
  • » Alter the Junos default behavior of ALG and application processing.
  • » Implement address books with dynamic addressing.
  • » Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • » Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • » Describe Junos routing instance types used for virtualization.
  • » Implement virtual routing instances.
  • » Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • » Implement selective packet-based forwarding.
  • » Implement filter-based forwarding.
  • » Describe and implement static, source, destination, and dual NAT in complex LAN environments.
  • » Describe and implement variations of cone, or persistent NAT.
  • » Describe the interaction between NAT and security policy.
  • » Implement optimized chassis clustering.
  • » Describe IP version 6 (IPv6) support for chassis clusters.
  • » Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
  • » Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
  • » Monitor the operations of the various IPsec VPN implementations.
  • » Describe public key cryptography for certificates.
  • » Utilize Junos tools for troubleshooting Junos security implementations.
  • » Perform successful troubleshooting of some common Junos security issues.

Back to Top

Junos Security (JSEC, AJSEC) Course Outline

      1. Introduction to Junos security platforms
        1. Traditional Routing
        2. Traditional Security
        3. Breaking the Tradition
        4. The Junos OS Architecture
      2. Zones
        1. The Definition of Zones
        2. Zone Configuration
        3. Monitoring Security Zones
      3. Security Policies
        1. Overview of Security Policy
        2. Policy Components
        3. Verifying Policy Operation
        4. Policy Scheduling and Rematching
        5. Policy Case Study
      4. Firewall User Authentication
        1. Firewall User Authentication Overview
        2. Pass-Through Authentication
        3. Web Authentication
        4. Client Groups
        5. Using External Authentication Servers
        6. Verifying Firewall User Authentication
      5. SCREEN Options
        1. Multilayer Network Protection
        2. Stages and Types of Attacks
        3. Using Junos SCREEN Options--Reconnaissance Attack Handling
        4. Using Junos SCREEN Options--Denial of Service Attack Handling
        5. Using Junos SCREEN Options--Suspicious Packets Attack Handling
        6. Applying and Monitoring SCREEN Options
      6. Network Address Translation
        1. NAT Overview
        2. Source NAT Operation and Configuration
        3. Destination NAT Operation and Configuration
        4. Static NAT Operation and Configuration
        5. Proxy ARP
        6. Monitoring and Verifying NAT Operation
      7. IPsec VPNs
        1. VPN Types
        2. Secure VPN Requirements
        3. IPsec Details
        4. Configuration of IPsec VPNs
        5. IPsec VPN Monitoring
      8. Introduction to Intrusion Detection and Prevention
        1. Introduction to Junos IDP
        2. IDP Policy Components and Configuration
        3. Signature Database
        4. Case Study: Applying the Recommended IDP Policy
        5. Monitoring IDP Operation
      9. High Availability Clustering
        1. High Availability Overview
        2. Chassis Cluster Components
        3. Chassis Cluster Operation
        4. Chassis Cluster Configuration
        5. Chassis Cluster Monitoring
      10. Junos Security Review
        1. Junos Security Components Overview and Selective Packet-Based Forwarding
        2. Junos Layer 2 Packet Handling
      11. Security Policy Components
        1. ALG Overview
        2. Junos ALGs
        3. Custom Application Definitions
        4. Advanced Addressing
        5. Policy Matching
      12. Virtualization
        1. Virtualization Overview
        2. Routing Instances
        3. Filter-Based Forwarding
      13. Advanced NAT Concepts
        1. Operational Review
        2. NAT: Beyond Layer 3 and Layer 4 Headers
        3. Advanced NAT Scenarios
      14. High Availability Clustering
      15. High Availability Overview
      16. Chassis Clustering Implementations
      17. Advanced HA Topics
      18. IPsec Implementations
        1. Standard VPN Implementations Review
        2. Public Key Infrastructure
        3. Hub-and-Spoke VPNs
      19. Enterprise IPsec Technologies: Group and Dynamic VPNs
        1. Group VPN Overview
        2. GDOI Protocol
        3. Group VPN Configuration and Monitoring
        4. Dynamic VPN Overview
        5. Dynamic VPN Implementation
      20. IPsec VPN Case Studies and Solutions
        1. Routing over VPNs
        2. IPsec with Overlapping Addresses
        3. Dynamic Gateway IP Addresses
        4. Enterprise VPN Deployment Tips and Tricks
      21. Troubleshooting Junos Security
        1. Troubleshooting Methodology
        2. Troubleshooting Tools
        3. Identifying IPsec Issues
      22. SRX Series Hardware and Interfaces
        1. Branch SRX Platform Overview
        2. High End SRX Platform Overview
        3. SRX Traffic Flow and Distribution
        4. SRX Interfaces

Back to Top

Do you have the right background for Junos Security (JSEC, AJSEC)?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Our instructors are passionate at teaching and are experts in their respective fields. Our average NetCom instructor has many, many years of real-world experience and impart their priceless, valuable knowledge to our students every single day. See our world-class instructors.   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

The instructor was clear in his lessons and very knowledgeable. Overall I liked the course and Dominic, the instructor, was very thorough/knowledgeable on the topics we covered.
- Matthew H.
Course(s) Taken

» Juniper Networks

Excellent instructor, good course layout. Great learning structure, the courses I have taken have been taught by great teachers.
- Chris C.
Course(s) Taken

» Juniper Networks

  More testimonials »  

Back to Top