Advanced Juniper Security (AJSEC) [JNP_JUN_AJSEC]

OVERVIEW

This four-day course, which is designed to build off the current Juniper Security (JSEC) offering, delves deeper into Junos security, next-generation security features, and ATP supporting software. 

Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of advanced logging and reporting, next generation Layer 2 security, next generation advanced anti-malware with Juniper ATP On-Prem and SecIntel. 

This course uses Juniper Networks SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release 20.1R1.11, Junos Space Security Director 19.4, Juniper ATP On-Prem version 5.0.7. 

Advanced Juniper Security (AJSEC) is an advanced-level course.

Relevant Juniper Product

• Security • Junos OS • SRX Series • vSRX Series • Sky ATP • SDSN

OBJECTIVES

• Demonstrate understanding of concepts covered in the prerequisite Juniper Security courses. 

• Describe the various forms of security supported by the Junos OS. 

• Describe the Juniper Connected Security model. 

• Describe Junos security handling at Layer 2 versus Layer 3. 

• Implement next generation Layer 2 security features. 

• Demonstrate understanding of Logical Systems (LSYS). 

• Demonstrate understanding of Tenant Systems (TSYS). 

• Implement virtual routing instances in a security setting. 

• Describe and configure route sharing between routing instances using logical tunnel interfaces. 

• Describe and discuss Juniper ATP and its function in the network. 

• Describe and implement Juniper Connected Security with Policy Enforcer in a network. 

• Describe firewall filters use on a security device. 

• Implement firewall filters to route traffic. 

• Explain how to troubleshoot zone problems. 

• Describe the tools available to troubleshoot SRX Series devices. 

• Describe and implement IPsec VPN in a hub-and-spoke model. 

• Describe the PKI infrastructure. 

• Implement certificates to build an ADVPN network. 

• Describe using NAT, CoS and routing protocols over IPsec VPNs. 

• Implement NAT and routing protocols over an IPsec VPN. 

• Describe the logs and troubleshooting methodologies to fix IPsec VPNs. 

• Implement working IPsec VPNs when given configuration that are broken. 

• Describe Incident Reporting with Juniper ATP On-Prem device. 

• Configure mitigation response to prevent spread of malware. 

• Explain SecIntel uses and when to use them. 

• Describe the systems that work with SecIntel. 

• Describe and implement advanced NAT options on the SRX Series devices. 

• Explain DNS doctoring and when to use it. 

• Describe NAT troubleshooting logs and techniques.

AUDIENCE

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Juniper security components. 

CERTIFICATION

JNCIP-SEC exam topics are based on the content of the recommended instructor-led training courses, as well as the additional resources.

• Exam code: JN0-635

• Written exam

• Administered by Pearson VUE

• Exam length: 120 minutes

• Exam type: 65 multiple choice questions

• Pass/fail status is available immediately

The JNCIP-SEC certification is valid for three years. 

Exams can be purchased at an additional cost – please ask for details - and scheduled at www.vue.com/junipernetworks

NEXT STEP

JNCIE-SEC Bootcamp

CONTENT

Day 1

Course Introduction

Junos Layer 2 Packet Handling and Security Features 

• Transparent Mode Security 

• Secure Wire 

• Layer 2 Next Generation Ethernet Switching 

• MACsec 

LAB 1: Implementing Layer 2 Security

Firewall Filters 

• Using Firewall Filters to Troubleshoot 

• Routing Instances 

• Filter-Based Forwarding 

LAB 2: Implementing Firewall Filters

Troubleshooting Zones and Policies 

• General Troubleshooting for Junos Devices 

• Troubleshooting Tools 

• Troubleshooting Zones and Policies 

• Zone and Policy Case Studies 

LAB 3: Troubleshooting Zones and Policies

Day 2

Hub-and-Spoke VPN 

• Overview 

• Configuration and Monitoring 

LAB 4: Implementing Hub-and-Spoke VPNs

Advanced NAT 

• Configuring Persistent NAT 

• Demonstrate DNS Doctoring 

• Configure IPv6 NAT Operations 

• Troubleshooting NAT 

LAB: 5: Implementing Advanced NAT Features

Logical and Tenant Systems 

• Overview 

• Administrative Roles 

• Differences Between LSYS and TSYS 

• Configuring LSYS 

• Configuring TSYS 

LAB 6: Implementing TSYS

Day 3

PKI and ADVPNs 

• PKI Overview 

• PKI Configuration 

• ADVPN Overview 

• ADVPN Configuration and Monitoring 

LAB 7: Implementing ADVPNs

Advanced IPsec 

• NAT with IPsec 

• Class of Service with IPsec 

• Best Practices 

• Routing OSPF over VPNs 

LAB 8: Implementing Advanced IPsec Solutions

Troubleshooting IPsec 

• IPsec Troubleshooting Overview 

• Troubleshooting IKE Phase 1 and 2 

• IPsec Logging 

• IPsec Case Studies 

LAB 9: Troubleshooting IPsec

Day 4

Juniper Connected Security 

• Security Models 

• Enforcement on Every Network Device

SecIntel 

• Security Feed 

• Encrypted Traffic Analysis 

• Use Cases for SecIntel 

LAB 10: Implementing SecIntel

Advanced Juniper ATP On-Prem 

• Collectors 

• Private Mode 

• Incident Response 

• Deployment Models 

LAB 11: Implementing Advanced ATP On-Prem

Automated Threat Mitigation 

• Identify and Mitigate Malware Threats 

• Automate Security Mitigation 

LAB 12: Identifying and Mitigating Threats

Group VPNs 

• Overview 

• Implementing Group VPNs