See how Insoft Services is responding to COVID-19

JESS – Junos Edge Security Services


Contact Us

We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.


I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

Upcoming Dates

Oct 19 - Oct 20, 2021
09:00 - 17:00

Nov 15 - Nov 16, 2021
09:00 - 17:00

Dec 15 - Dec 16, 2021
09:00 - 17:00

Jan 19 - Jan 20, 2022
09:00 - 17:00

  Feb 15 - Feb 16, 2022
09:00 - 17:00

JESS – Junos Edge Security Services
2 days  (Instructor Led Online)  |  Service Provider

Course Details

The Juniper JESS – Junos Edge Security Services is a two-day course that provides students with the knowledge required to configure and manage edge security services on devices running the Junos Operating System. This course focuses on the main configuration components of edge security services, including service set configuration and service processing, stateful firewall services, IPsec services, threat management, CGN technologies, softwire technologies, high availability, and load balancing. This course uses MX 3D Universal Edge Routers for the hands-on component. This course is based on Junos software Release 12.3R2.5.


Course Level: Junos Edge Security Services is an intermediate-level course.


See other Juniper courses


After successfully completing this course, you should be able to:

  • Provide an overview of security features enabled using MX Series services
  • Describe services, service sets, and service interfaces
  • Enable MX Series services
  • Describe the packet processing through services on MX Series devices employing security services
  • Demonstrate knowledge of stateful firewall traffic flows through an MX Series device
  • Implement stateful firewall rules on MX Series devices
  • Provide an overview of IPsec technology
  • Configure and monitor IPsec operation on an MX Series device
  • Troubleshoot IPsec operations
  • Provide an overview of application awareness services on MX Series devices
  • Implement Application-Aware Access Lists on MX Series devices
  • Describe how to mitigate IPv4 address exhaustion
  • Explain how to implement NAT
  • Describe the different CGN implementations
  • Describe how to implement NAT444
  • Explain how to implement NAT64
  • Explain how to implement DS-Lite
  • Describe MS PIC redundancy
  • Explain how to implement CGN logging
  • Describe various NAT pool and port options
  • Describe ECMP load-balancing as it pertains to CGN
  • Explain VRF-based CGN deployments
  • Explain HA availability as it pertains to CGN


Day 1

Chapter 1: Course Introduction

Chapter 2: MX Series Services

  • Product Overview
  • Service Interfaces
  • Service Sets
  • Rules
  • Service Packet Processing

Chapter 3: Stateful Firewall Services

  • Stateful Versus Stateless Firewalls
  • Traffic Flows
  • Firewall Rules
  • Configuration and Monitoring
  • Implementing Stateful Firewall Services Lab

Chapter 4: IPsec Services

  • IPsec Overview
  • IPsec Configuration on MX Series Devices
  • IPsec Monitoring
  • IPsec Implementations
  • Implementing IPsec Services Lab

Chapter 5: Threat Management

  • MP-SDK Packages
  • Application Identification
  • Local Policy Decision Function (L-PDF) Overview
  • Application-Aware Access Lists (AACL)


Day 2

Chapter 6: IPv4 and IPv6 Integration

  • IPv4 Address Exhaustion
  • IPv4 to IPv6 Migration Risks
  • IPv4 to IPv6 Migration Techniques

Chapter 7: CGN Implementation

  • Implementing NAT444
  • Implementing NAT64
  • Implementing CGN Lab

Chapter 8: Soft wire Technologies

  • Soft wires Overview
  • Implementing and Monitoring 6rd
  • Deploying and Monitoring DS-Lite
  • Deploying Soft wire Technologies Lab

Chapter 9: High Availability and Load Balancing

  • Service PIC Redundancy
  • CGN Redundancy
  • 6rd and DS-Lite Redundancy
  • CGN ECMP Load Balancing
  • High Availability and Load Balancing Lab

Target Audience

This course benefits individuals responsible for configuring and monitoring devices running the Junos OS and specifically, the Junos Services Framework.


  • Students should have experience working with the Junos OS.
  • Students should have experience with security concepts such as stateful firewall, IPsec, and NAT.
  • Students should have familiarity with dynamic routing protocols, MPLS VPNs, and Junos policy.
  • Students should also attend the Junos Intermediate Routing (JIR) course prior to attending this class.