Advanced Juniper Security (AJSEC)

Course Level

Advanced Juniper Security (AJSEC) is an advanced-level course.

Intended Audience

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Juniper security components.

Prerequisites

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Juniper Security (JSEC) course prior to attending this class.

Objectives

After successfully completing this course, you should be able to:

• Demonstrate understanding of concepts covered in the prerequisite Juniper Security courses.
• Describe the various forms of security supported by the Junos OS.
• Describe the Juniper Connected Security model.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Implement next generation Layer 2 security features.
• Demonstrate understanding of Logical Systems (LSYS).
• Demonstrate understanding of Tenant Systems (TSYS).
• Implement virtual routing instances in a security setting.
• Describe and configure route sharing between routing instances using logical tunnel interfaces.
• Describe and discuss Juniper ATP and its function in the network.
• Describe and implement Juniper Connected Security with Policy Enforcer in a network.
• Describe firewall filters use on a security device.
• Implement firewall filters to route traffic.
• Explain how to troubleshoot zone problems.
• Describe the tools available to troubleshoot SRX Series devices.
• Describe and implement IPsec VPN in a hub-and-spoke model.
• Describe the PKI infrastructure.
• Implement certificates to build an ADVPN network.
• Describe using NAT, CoS and routing protocols over IPsec VPNs.
• Implement NAT and routing protocols over an IPsec VPN.
• Describe the logs and troubleshooting methodologies to fix IPsec VPNs.
• Implement working IPsec VPNs when given configuration that are broken.
• Describe Incident Reporting with Juniper ATP On-Prem device.
• Configure mitigation response to prevent spread of malware.
• Explain SecIntel uses and when to use them.
• Describe the systems that work with SecIntel.
• Describe and implement advanced NAT options on the SRX Series devices.
• Explain DNS doctoring and when to use it.
• Describe NAT troubleshooting logs and techniques.

Course Contents

Day 1

Chapter 1: Course Introduction

Chapter 2: Junos Layer 2 Packet Handling and Security Features

• Transparent Mode Security
• Secure Wire
• Layer 2 Next Generation Ethernet Switching
• MACsec
• Lab 1: Implementing Layer 2 Security

Chapter 3: Firewall Filters

• Using Firewall Filters to Troubleshoot
• Routing Instances
• Filter-Based Forwarding
• Lab 2: Implementing Firewall Filters

Chapter 4: Troubleshooting Zones and Policies

• General Troubleshooting for Junos Devices
• Troubleshooting Tools
• Troubleshooting Zones and Policies
• Zone and Policy Case Studies
• Lab 3: Troubleshooting Zones and Policies

Day 2

Chapter 5: Hub-and-Spoke VPN

• Overview
• Configuration and Monitoring
• Lab 4: Implementing Hub-and-Spoke VPNs

Chapter 6: Advanced NAT

• Configuring Persistent NAT
• Demonstrate DNS doctoring
• Configure IPv6 NAT operations
• Troubleshooting NAT
• Lab 5: Implementing Advanced NAT Features

Chapter 7: Logical and Tenant Systems

• Overview
• Administrative Roles
• Differences Between LSYS and TSYS
• Configuring LSYS
• Configuring TSYS
• Lab 6: Implementing TSYS

Day 3

Chapter 8: PKI and ADVPNs

• PKI Overview
• PKI Configuration
• ADVPN Overview
• ADVPN Configuration and Monitoring
• Lab 7: Implementing ADVPNs

Chapter 9: Advanced IPsec

• NAT with IPsec
• Class of Service with IPsec
• Best Practices
• Routing OSPF over VPNs
• Lab 8: Implementing Advanced IPsec Solutions

Chapter 10: Troubleshooting IPsec

• IPsec Troubleshooting Overview
• Troubleshooting IKE Phase 1 and 2
• IPsec Logging
• IPsec Case Studies
• Lab 9: Troubleshooting IPsec

Day 4

Chapter 11: Juniper Connected Security

• Security Models
• Enforcement on Every Network Device

Chapter 12: SecIntel

• Security Feed
• Encrypted Traffic Analysis
• Use Cases for SecIntel
• Lab 10: Implementing SecIntel

Chapter 13:Advanced Juniper ATP On-Prem

• Collectors
• Private Mode
• Incident Response
• Deployment Models
• Lab 11: Implementing Advanced ATP On-Prem