Advanced Juniper Security (AJSEC)

After successfully completing this course, you should be able to:

• Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
• Describe the various forms of security supported by the Junos OS.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Describe the placement and traffic distribution of the various components of SRX devices.
• Configure, utilize, and monitor the various interface types available to the SRX Series product line.
• Describe Junos OS processing of Application Layer Gateways (ALGs).
• Alter the Junos default behavior of ALG and application processing.
• Implement address books with dynamic addressing.
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
• Describe Junos routing instance types used for virtualization.
• Implement virtual routing-instances.
• Describe and configure route sharing between routing instances using logical tunnel interfaces.
• Implement selective packet-based forwarding.
• Implement filter-based forwarding.
• Describe and implement static, source, destination, and dual NAT in complex LAN environments.
• Describe and implement variations of cone, or persistent NAT.
• Describe the interaction between NAT and security policy.
• Implement optimized chassis clustering.
• Describe IP version 6 (IPv6) support for chassis clusters.
• Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
• Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
• Monitor the operations of the various IPsec VPN implementations.
• Describe public key cryptography for certificates.
• Utilize Junos tools for troubleshooting Junos security implementations.
• Perform successful troubleshooting of some common Junos security issues.
• Recall and solidify concepts covered in the prerequisite JSEC course.
• Understand the various forms of security supported by the Junos OS.
• Have a clear understanding of the fundamentals of session-based Junos OS.
• Understand Junos security handling at Layer 2 versus Layer 3.
• Give an overview of the SRX Series Services Gateways product lines.
• Understand the placement and traffic distribution of the various components of SRX Series devices.
• Configure, utilize, and monitor the various interface types available to the SRX Series product line.
• Understand Junos OS processing of Application Layer Gateways (ALG).
• Alter the Junos default behavior of ALG and application processing.
• Implement address books with dynamic addressing.
• Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
• Describe Junos routing instance types used for virtualization.
• Implement virtual routing-instances.
• Selectively forward traffic between virtual routing-instances.
• Implement policy-based routing.
• Describe and implement static, source, destination, and dual Network Address Translation (NAT).
• Describe and implement variations of cone NAT.
• Describe the interaction between NAT and security policy.
• Implement NAT traversal.
• Implement and monitor optimized chassis clustering.
• Understand IPv6 support for chassis clusters.
• Implement graceful restart and nonstop routing with SRX Series devices.
• Describe the Junos server load-balancing feature.
• Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs.
• Monitor the operations of the various IP Security (IPsec) VPN implementations.
• Describe public key cryptography for certificates.
• Describe, implement, and monitor Group VPNs in an enterprise environment.
• Describe, implement, and monitor Dynamic VPNs in an enterprise environment.
• Utilize IPsec VPN tunnels with OSPF.
• Implement dynamic VPNs.
• Describe some IPsec VPN best practices for the Enterprise.
• Understand and utilize Junos tools for troubleshooting Junos security implementations.
• Utilize a sound methodology for troubleshooting Junos security issues.
• Be familiar with the successful troubleshooting of some common Junos security issues.