DAY 1
1. Course Introduction
2. Security Challenges for Service Providers
- Describe limitations of security devices
- Describe BGP security threats
- Describe DDoS attack threats
- Explain IP address depletion challenges
- Describe 5G security challenges
3. Juniper Networks Solutions for Service Providers
- Describe Juniper Networks’ security solutions for the service provider challenges
4. Stateful Firewalls
- Describe stateless firewall filters
- Describe stateful firewall policies
- Describe screens and ALGs
- Explain asymmetrical routing
Lab 1: Configure stateful firewalls
5. 5G Architecture
- Describe security insertion points
- Describe 5G network evolution
6. DDoS Protection
- Explain DDoS history and common protections
- Describe SRX DDoS protection
- Describe BGP flowspec
- Describe Corero with MX DDoS protection
Lab 2: DDoS Protection
DAY 2
7. Carrier-Grade NAT
- Explain IPv4 address exhaustion
- Describe source NAT
- Describe CGNAT
- Describe NAT64
Lab 3: CGNAT
8. Juniper Connected Security for Service Providers
- Describe SecIntel security
- Describe a use case for IoT protection
- Explain Encrypted Traffic Insights
Lab 4: Implementing Juniper Connected Security
9. IPsec Overview
- Describe the IPsec and IKE protocols
- Configure site-to-site IPsec VPNs
- Describe and configure Proxy IDs and Traffic selectors
- Monitor site-to-site IPsec VPNs
- Describe IPsec use with gNodeB devices
Lab 5: Implementing IPsec VPN
10. Scaling IPsec
- Describe and implement PKI certificates in Junos OS
- Describe AutoVPN
- Describe SecGW firewall use case for scaling IPsec
Lab 6: Configuring AutoVPN
DAY 3
11. GPRS and GTP
- Describe how to secure GTP tunnels
- Describe the GPRS protocol
- Describe the GTP
- Explain how Roaming Firewall secures GTP
12. SCTP
- Describe the SCTP Protocol
13. Securing the Control Plane
- Explain how to secure the control plane on Junos devices
- Describe how the loopback filter works to secure the control plane
- Explain how to protect the control plane from DDoS attacks
- Describe how to secure the IGP against attacks
Lab 7: Configure Control Plane Protections
14. Securing the BGP Protocol
- Describe how to secure the BGP
- Describe BGP security features
- Describe BGP dampening
Lab 8: Configure BGP protections
SELF-STUDY MODULES
15. SPC3 for MX Series Platforms
- Identify the main components of SPC3
- Describe the unified services framework
16. IPsec VPN with SPC3 on MX Series Platforms
- Describe USF for IPsec
- Provide configuration and verification examples for the IPsec P2P mode
- Provide configuration and verification examples for the IPsec Traffic Selector mode
- Describe the software architecture of MX-SPC3
- Describe PowerMode IPsec
- Describe Fat Core
- Describe the unified services framework
17. CGNAT with SPC3 on MX Series Platforms
- Describe carrier-grade NAT coverage on Juniper MX Series
- Configure and verify NAT for Next-Gen Services
18. Troubleshooting MX-SPC3
- Describe some common problems and solutions related to MX-SPC3