Junos Security

This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security technologies such as security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and high availability clusters, as well as how to implement these features by using Junos Space and Security Director.

Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. The course also includes some hands-on labs that use Junos Space and Security Director to configure and manage Junos security devices. This course is based on Junos OS Release 15.1X49-D70 and Junos Space Security Director 16.1R1.

Objetivos

After successfully completing this course, you should be able to perform the following:

Describe traditional routing and security.
Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
Describe, configure, and monitor zones.
Describe, configure, and monitor security policies.
Troubleshoot security zones and policies.
Describe, configure, and monitor NAT, as implemented on Junos security platforms.
Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
Implement and monitor route-based IPsec VPNs.
Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
Troubleshoot IPsec VPNs.
Describe, configure, and monitor chassis clusters.
Troubleshoot chassis clusters.

Ciberseguridad

Disponible en formato e-learning

Disponible en formato presencial

Disponible en formato a distancia

Subvención disponible
A través de Fundae, cumpliendo requisitos.

Duración
25 horas

  • Dificultad 50% 50%
  • Nivel alcanzado 80% 80%

Dirigido a

The course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.

Conocimientos requeridos

Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.

Pre-requisitos:
IJOS – Introduction to the Junos Operating System

Temario

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

Traditional Routing and Security
Architecture Overview of Junos Security Devices
Logical Packet Flow through Junos Security Devices
J-Web Overview
Chapter 3: Zones and Screen Options

Zones Overview
Zone Configuration
Monitoring Security Zones
Configuring Screen Options
Screen Options Case Study
LAB 1: Zones and Screen Options
Chapter 4: Security Policies

Security Policy Overview
Policy Components
Security Policy Configuration in J-Web
Policy Case Study (CLI)
Policy Case Study (J-Web)
LAB 2: Security Policies
Chapter 5: Advanced Security Policy

Session Management
Junos ALGs
Policy Scheduling
Logging
Advanced Security Policy
Lab 3: Advanced Policy Options
Chapter 6. Troubleshooting Zones and Policies

General Troubleshooting for Junos Devices
Troubleshooting Tools
Troubleshooting Zones and Policies
Zone and Policy Case Studies
Lab 4: Troubleshooting Security Zones and Policies
Chapter 7. Network Address Translation

NAT Overview
Source NAT
Destination NAT
Static NAT
Proxy ARP
Lab 5: Network Address Translation
Chapter 8. Advanced NAT

Persistent NAT
DNS Doctoring
IPv6 with NAT
Advanced NAT Scenarios
Troubleshooting NAT
Lab 6: Advanced NAT
Chapter 9. IPsec VPN Concepts

VPN Types
Secure VPN Requirements
IPsec Tunnel Establishmen
IPsec Traffic Processing
Chapter 10. IPsec VPN Implementation

IPsec VPN Configuration
IPsec VPN Case Study
Proxy IDs and Traffic Selectors
Monitoring IPsec VPNs
Lab 7: Implementing IPsec VPNs
Chapter 11. Hub-and-Spoke VPNs

Hub-and-Spoke VPN Overview
Hub-and-Spoke Configuration and Monitoring
Lab 8: Hub-and-Spoke VPNs
Chapter 12. Group VPNs

Group VPN Overview
Group VPN Configuration and Monitoring
Lab 9: Group VPNs
Chapter 13. PKI and ADVPNs

Public Key Infrastructure Overview
PKI Configuration
ADVPN Overview
ADVPN Configuration and Monitoring
Lab 10: PKI and ADVPNs
Chapter 14. Advanced IPsec

NAT with IPsec
Class of Service with IPsec
Best Practices
Routing OSPF over IPsec
IPsec with Overlapping Addresses
IPsec with Dynamic Gateway IP Addresses
Lab 11: Advanced IPsec VPN Solutions
Chapter 15. Troubleshooting IPsec

IPsec Troubleshooting Overview
Troubleshooting IKE Phase 1 and 2
IPsec Logging
IPsec Case Studies
Lab 12: Troubleshooting IPsec
Chapter 16. Chassis Cluster Concepts

Chassis Clustering Overview
Chassis Cluster Components
Chassis Cluster Operation
Chapter 17. Chassis Cluster Implementation

Chassis Cluster Configuration
Advanced Chassis Cluster Options
Lab 14: Implementing Chassis Clusters
Chapter 18. Troubleshooting Chassis Clusters

Troubleshooting Chassis Clusters
Chassis Cluster Case Studies
Lab 14: Troubleshooting Chassis Clusters
Appendix A. SRX Series Hardware

Branch SRX Platform Overview
Mid-Range SRX Platform Overview
High-End SRX Platform Overview
SRX Traffic Flow and Distribution
SRX Interfaces
Appendix B. Virtual SRX

Virtualization Overview
Network Virtualization and SDN
Overview of the Virtual SRX
Deployment Scenarios
Integration with AWS

Solicita información del curso

Esta web utiliza cookies propias y de terceros para su correcto funcionamiento y para fines analíticos. Contiene enlaces a sitios web de terceros con políticas de privacidad ajenas que podrás aceptar o no cuando accedas a ellos. Al hacer clic en el botón Aceptar, acepta el uso de estas tecnologías y el procesamiento de tus datos para estos propósitos. Ver Política de cookies
Privacidad