Titolo del corso:

Junos Security


After successfully completing this course, you should be able to:

  • Describe traditional routing and security.
  • Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
  • Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
  • Describe, configure, and monitor zones.
  • Describe, configure, and monitor security policies.
  • Troubleshoot security zones and policies.
  • Describe, configure, and monitor NAT, as implemented on Junos security platforms.
  • Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
  • Implement and monitor route-based IPsec VPNs.
  • Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
  • Troubleshoot IPsec VPNs.
  • Describe, configure, and monitor chassis clusters.
  • Troubleshoot chassis clusters.


Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.

Chi è atteso:

This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.


Il corso è propedeutico per il conseguimento della certificazione Juniper Networks Certified Specialist Security (JNCIS-SEC).


Introduction to Junos Security

    • Traditional Routing and Security
    • Architecture Overview of Junos Security Devices
    • Logical Packet Flow through Junos Security Devices
    • Junos Space and Security Director Overview

Zones and Screen Options

    • The Definition of Zones
    • Zone Configuration
    • Monitoring Security Zones
    • Configuring Screen Options
    • Screen Options Case Study
    • Lab 1: Zones and Screen Options

Security Policies

    • Security Policy Overview
    • Policy Components
    • Policy Case Study
    • Lab 2: Security Policies

Security Director Firewall Policies

    • Firewall Policy Configuration
    • Firewall Policy Processing Order
    • Deploying Firewall Policies
    • Monitoring Firewall Policies
    • Lab 3: Security Director Firewall Policies

Advanced Security Policy

    • Session Management
    • Junos ALGs
    • Policy Scheduling
    • Logging
    • Advanced Security Policy with Security Director
    • Lab 4: Advanced Policy Options

Troubleshooting Zones and Policies

    • General Troubleshooting for Junos Devices
    • Troubleshooting Tools
    • Troubleshooting Zones and Policies
    • Zone and Policy Case Studies
    • Lab 5: Troubleshooting Security Zones and Policies

Network Address Translation

    • NAT Overview
    • Source NAT
    • Destination NAT
    • Static NAT
    • Proxy ARP
    • Configuring NAT in Security Director
    • Lab 6: Network Address Translation

Advanced NAT

    • Persistent NAT
    • DNS Doctoring
    • IPv6 with NAT
    • Advanced NAT Scenarios
    • Troubleshooting NAT
    • Lab 7: Advanced NAT

IPsec VPN Concepts

    • VPN Types
    • Secure VPN Requirements
    • IPsec Tunnel Establishment
    • IPsec Traffic Processing

IPsec VPN Implementation

    • IPsec VPN Configuration
    • IPsec VPN Configuration Case Study
    • Proxy IDs and Traffic Selectors
    • Monitoring IPsec VPNs
    • Lab 8: Implementing IPsec VPNs

Hub-and-Spoke VPNs

    • Hub-and-Spoke VPN Overview
    • Hub-and-Spoke Configuration and Monitoring
    • Hub-and-Spoke Configuration with Security Director
    • Lab 9: Implementing Hub-and-Spoke VPNs

Group VPNs

    • Group VPN Overview
    • Group VPN Configuration and Monitoring
    • Lab 10: Implementing Group VPNs


    • Public Key Infrastructure
    • ADVPN Overview
    • ADVPN Configuration and Monitoring
    • Lab 11: Implementing PKI and ADVPNs

Advanced IPsec

    • NAT with IPsec
    • Class of Service with IPsec
    • Enterprise Best Practices
    • Routing OSPF over IPsec
    • IPsec with Overlapping Addresses
    • IPsec with Dynamic Gateway IP Addresses
    • Lab 12: Advanced IPsec VPN Scenarios

Troubleshooting IPsec

    • IPsec Troubleshooting Overview
    • Troubleshooting IKE Phase 1 and 2
    • IPsec Logging
    • IPsec Case Studies
    • Lab 13: Troubleshooting IPsec

Chassis Cluster Concepts

    • Chassis Clustering Overview
    • Chassis Cluster Components
    • Chassis Cluster Operation

Chassis Cluster Implementation

    • Chassis Cluster Configuration
    • Advanced Chassis Cluster Options
    • Lab 14: Implementing High Availability Techniques

Troubleshooting Chassis Clusters

    • Troubleshooting Chassis Clusters
    • Chassis Cluster Case Studies
    • Lab 15: Troubleshooting Chassis Clusters

SRX Series Hardware and Interfaces

    • Branch SRX Platform Overview
    • High-End SRX Platform Overview
    • SRX Traffic Flow and Distribution
    • SRX Interfaces

Virtual SRX

    • Virtualization Overview
    • Network Virtualization and SDN
    • Overview of the Virtual SRX
    • Deployment Scenarios
    • Integration with AWS


Black check box free icon Black check box free icon Square free icon SPECIALIST

Durata: 5 giorni


Prossime date:

Modalità di Erogazione:

Instructor Led (ILT)
Live Virtual Training (LVT)
Blended (BLD)


Lingua Italiana English Language Langue Française Idioma Español


Prossimi corsi in Agenda