Course Details
This 5-day course delivers all you need to manage SRX Series Services Gateways, from the basics of configuration and implementation to advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments and Layer 2 security.
Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: Introduction to Junos security platforms
- Traditional Routing
- Traditional Security
- Breaking the Tradition
- The Junos OS Architecture
Chapter 3: Zones
- The Definition of Zones
- Zone Configuration
- Monitoring Security Zones
- Lab 1: Configuring and Monitoring Zones
Chapter 4: Security Policies
- Overview of Security Policy
- Policy Components
- Verifying Policy Operation
- Policy Scheduling and Rematching
- Policy Case Study
- Lab 2: Security Policies
Day 2
Chapter 5: Firewall User Authentication
- Firewall User Authentication Overview
- Pass-Through Authentication
- Web Authentication
- Client Groups
- Using External Authentication Servers
- Verifying Firewall User Authentication
- Lab 3: Configuring Firewall Authentication
Chapter 6: SCREEN Options
- Multilayer Network Protection
- Stages and Types of Attacks
- Using Junos SCREEN Options—Reconnaissance Attack Handling
- Using Junos SCREEN Options—Denial of Service Attack Handling
- Using Junos SCREEN Options—Suspicious Packets Attack Handling
- Applying and Monitoring SCREEN Options
- Lab 4: Implementing SCREEN Options
Chapter 7: Network Address Translation
- NAT Overview
- Source NAT Operation and Configuration
- Destination NAT Operation and Configuration
- Static NAT Operation and Configuration
- Proxy ARP
- Monitoring and Verifying NAT Operation
- Lab 5: Network Address Translation
Day 3
Chapter 8: IPsec VPNs
- VPN Types
- Secure VPN Requirements
- IPsec Details
- Configuration of IPsec VPNs
- IPsec VPN Monitoring
- Lab 6: Implementing IPsec VPNs
Chapter 9: Introduction to Intrusion Detection and Prevention
- Introduction to Junos IDP
- IDP Policy Components and Configuration
- Signature Database
- Case Study: Applying the Recommended IDP Policy
- Monitoring IDP Operation
- Lab 7: Implementing IDP
Chapter 10: High Availability Clustering
- High Availability Overview
- Chassis Cluster Components
- Chassis Cluster Operation
- Chassis Cluster Configuration
- Chassis Cluster Monitoring
- Lab 8: Implementing Chassis Clusters
Day 3
Chapter 11: Junos Security Review
- Junos Security Components Overview and Selective Packet-Based Forwarding
- Junos Layer 2 Packet Handling
- Lab 9: Selective Forwarding
Chapter 12: Security Policy Components
- ALG Overview
- Junos ALGs
- Custom Application Definitions
- Advanced Addressing
- Policy Matching
- Lab 10: Implementing Advanced Security Policy
Chapter 13: Virtualization
- Virtualization Overview
- Routing Instances
- Filter-Based Forwarding
- Lab 11: Implementing Junos Virtual Routing
Day 4
Chapter 14: Advanced NAT Concepts
- Operational Review
- NAT: Beyond Layer 3 and Layer 4 Headers
- Advanced NAT Scenarios
- Lab 12: Advanced NAT Implementations
Chapter 15: High Availability Clustering
- High Availability Overview
- Chassis Clustering Implementations
- Advanced HA Topics
- Lab 13: Implementing Advanced High Availability Techniques
Chapter 16: IPsec Implementations
- Standard VPN Implementations Review
- Public Key Infrastructure
- Hub-and-Spoke VPNs
- Lab 14: Hub-and-Spoke IPsec VPNs
Day 5
Chapter 17: Enterprise IPsec Technologies: Group and Dynamic VPNs
- Group VPN Overview
- GDOI Protocol
- Group VPN Configuration and Monitoring
- Dynamic VPN Overview
- Dynamic VPN Implementation
- Lab 15: Configuring Group VPNs
Chapter 18: IPsec VPN Case Studies and Solutions
- Routing over VPNs
- IPsec with Overlapping Addresses
- Dynamic Gateway IP Addresses
- Enterprise VPN Deployment Tips and Tricks
- Lab 15: OSPF over GRE over IPsec VPNs
Chapter 19: Troubleshooting Junos Security
- Troubleshooting Methodology
- Troubleshooting Tools
- Identifying IPsec Issues
- Lab 16: Performing Security Troubleshooting Techniques