Titolo del corso:
After successfully completing this course, you should be able to:
- Describe traditional routing and security.
- Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
- Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
- Describe, configure, and monitor zones.
- Describe, configure, and monitor security policies.
- Troubleshoot security zones and policies.
- Describe, configure, and monitor NAT, as implemented on Junos security platforms.
- Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
- Implement and monitor route-based IPsec VPNs.
- Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
- Troubleshoot IPsec VPNs.
- Describe, configure, and monitor chassis clusters.
- Troubleshoot chassis clusters.
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.
Chi è atteso:
This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
Il corso è propedeutico per il conseguimento della certificazione Juniper Networks Certified Specialist Security (JNCIS-SEC).
Introduction to Junos Security
- Traditional Routing and Security
- Architecture Overview of Junos Security Devices
- Logical Packet Flow through Junos Security Devices
- Junos Space and Security Director Overview
Zones and Screen Options
- The Definition of Zones
- Zone Configuration
- Monitoring Security Zones
- Configuring Screen Options
- Screen Options Case Study
- Lab 1: Zones and Screen Options
- Security Policy Overview
- Policy Components
- Policy Case Study
- Lab 2: Security Policies
Security Director Firewall Policies
- Firewall Policy Configuration
- Firewall Policy Processing Order
- Deploying Firewall Policies
- Monitoring Firewall Policies
- Lab 3: Security Director Firewall Policies
Advanced Security Policy
- Session Management
- Junos ALGs
- Policy Scheduling
- Advanced Security Policy with Security Director
- Lab 4: Advanced Policy Options
Troubleshooting Zones and Policies
- General Troubleshooting for Junos Devices
- Troubleshooting Tools
- Troubleshooting Zones and Policies
- Zone and Policy Case Studies
- Lab 5: Troubleshooting Security Zones and Policies
Network Address Translation
- NAT Overview
- Source NAT
- Destination NAT
- Static NAT
- Proxy ARP
- Configuring NAT in Security Director
- Lab 6: Network Address Translation
- Persistent NAT
- DNS Doctoring
- IPv6 with NAT
- Advanced NAT Scenarios
- Troubleshooting NAT
- Lab 7: Advanced NAT
IPsec VPN Concepts
- VPN Types
- Secure VPN Requirements
- IPsec Tunnel Establishment
- IPsec Traffic Processing
IPsec VPN Implementation
- IPsec VPN Configuration
- IPsec VPN Configuration Case Study
- Proxy IDs and Traffic Selectors
- Monitoring IPsec VPNs
- Lab 8: Implementing IPsec VPNs
- Hub-and-Spoke VPN Overview
- Hub-and-Spoke Configuration and Monitoring
- Hub-and-Spoke Configuration with Security Director
- Lab 9: Implementing Hub-and-Spoke VPNs
- Group VPN Overview
- Group VPN Configuration and Monitoring
- Lab 10: Implementing Group VPNs
PKI and ADVPNs
- Public Key Infrastructure
- ADVPN Overview
- ADVPN Configuration and Monitoring
- Lab 11: Implementing PKI and ADVPNs
- NAT with IPsec
- Class of Service with IPsec
- Enterprise Best Practices
- Routing OSPF over IPsec
- IPsec with Overlapping Addresses
- IPsec with Dynamic Gateway IP Addresses
- Lab 12: Advanced IPsec VPN Scenarios
- IPsec Troubleshooting Overview
- Troubleshooting IKE Phase 1 and 2
- IPsec Logging
- IPsec Case Studies
- Lab 13: Troubleshooting IPsec
Chassis Cluster Concepts
- Chassis Clustering Overview
- Chassis Cluster Components
- Chassis Cluster Operation
Chassis Cluster Implementation
- Chassis Cluster Configuration
- Advanced Chassis Cluster Options
- Lab 14: Implementing High Availability Techniques
Troubleshooting Chassis Clusters
- Troubleshooting Chassis Clusters
- Chassis Cluster Case Studies
- Lab 15: Troubleshooting Chassis Clusters
SRX Series Hardware and Interfaces
- Branch SRX Platform Overview
- High-End SRX Platform Overview
- SRX Traffic Flow and Distribution
- SRX Interfaces
- Virtualization Overview
- Network Virtualization and SDN
- Overview of the Virtual SRX
- Deployment Scenarios
- Integration with AWS
Durata: 5 giorni
Modalità di Erogazione:
Instructor Led (ILT)
Live Virtual Training (LVT)