OnlineCourse Details
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include: security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and chassis clustering. Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. This course is based on Junos OS Release 17.4R1.16 and the vSRX virtual appliance
Objectives
- Describe traditional routing and security
- Â Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture
- Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices
- Describe, configure, and monitor zones
- Describe, configure, and monitor security policies
- Troubleshoot security zones and policies
- Describe, configure, and monitor NAT, as implemented on Junos security platforms
- Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs)
- Implement and monitor route-based IPsec VPNs
- Â Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs
- Troubleshoot IPsec VPNs
- Describe, configure, and monitor chassis clusters
- Troubleshoot chassis clusters
Outline
Day 1 :
1. COURSE INTRODUCTION:
2 .Introduction to Junos Security:
- Traditional Routing and Security
- Architecture Overview of Junos Security Devices
- Â Logical Packet Flow through Junos Security Devices
- J-Web Overview
3. Zones and Screen Options:
- Zones Overview
- Zone Configuration
- Monitoring Security Zones
- Configuring Screen Options
- Screen Options Case Study
- LAB 1: Zones and Screen Options
4 .Security Policies :
- Security Policy Overview
- Policy Components
- Security Policy Configuration in J-Web
- Policy Case Study (CLI)
- Policy Case Study (J-Web)
- Â LAB 2: Security Policies
5 .Advanced Security Policy:
- Session Management
- Junos ALGs
- Policy Scheduling
- Logging
- Advanced Security Policy
- Â Lab 3: Advanced Policy Options
Day 2 :
6 .Troubleshooting Zones and Policies:
- Â General Troubleshooting for Junos Devices
- Troubleshooting Tools
- Troubleshooting Zones and Policies
- Zone and Policy Case Studies
- Â Lab 4: Troubleshooting Security Zones and Policies
7 .Network Address Translation :
- NAT Overview
- Source NAT
- Destination NAT
- Static NAT
- Proxy ARP
- Lab 5: Network Address Translation
8 .Advanced NAT:
- Â Persistent NAT
- DNS Doctoring
- IPv6 with NAT
- Advanced NAT Scenarios
- Troubleshooting NAT
- Lab 6: Advanced NAT
Day 3 :
9 .IPsec VPN Concepts :
- Â VPN Types
- Secure VPN Requirements
- IPsec Tunnel Establishment
- Â IPsec Traffic Processing
 10 .IPsec VPN Implementation :
- Â IPsec VPN Configuration
- Â IPsec VPN Case Study
- Â Proxy IDs and Traffic Selectors
- Monitoring IPsec VPNs
- Lab 7: Implementing IPsec VPNs
11 .Hub-and-Spoke VPNs:
- Â Hub-and-Spoke VPN Overview
- Â Hub-and-Spoke Configuration and Monitoring
- Â Lab 8: Hub-and-Spoke VPNs
12. Group VPNs:
- Â Group VPN Overview
- Â Group VPN Configuration and Monitoring
- Lab 9: Group VPNs
Day 4 :
13 .PKI and ADVPNs:
- Public Key Infrastructure Overview
- PKI Configuration
- ADVPN Overview
- ADVPN Configuration and Monitoring
- Lab 10: PKI and ADVPNs
15 .Troubleshooting IPsec :
- Â IPsec Troubleshooting Overview
- Troubleshooting IKE Phase 1 and 2
- IPsec Logging
- Â IPsec Case Studies
- Â Lab 12: Troubleshooting IPsec
14 .Advanced IPsec
- NAT with IPsec
- Â Class of Service with IPsec
- Â Best Practices
- Â Routing OSPF over IPsec
- IPsec with Overlapping Addresses
- IPsec with Dynamic Gateway IP Addresses
- Â Lab 11: Advanced IPsec VPN Solutions
16 ,Chassis Cluster Concepts :
- Â Chassis Clustering Overview
- Â Chassis Cluster Components
- Chassis Cluster Operation
Day 5 :
17 .Chassis Cluster Implementation :
- Â Chassis Cluster Configuration
- Advanced Chassis Cluster Options
- Lab 14: Implementing Chassis Clusters
A SRX Series Hardware :
- Branch SRX Platform Overview
- Â Mid-Range SRX Platform Overview
- High-End SRX Platform Overview
- SRX Traffic Flow and Distribution
18 .Troubleshooting Chassis Clusters :
- Troubleshooting Chassis Clusters
- Chassis Cluster Case Studies
- Â Lab 14: Troubleshooting Chassis Clusters
 B Virtual SRX :
- Virtualization Overview
- Network Virtualization and SDN
- Overview of the Virtual SRX
- Deployment Scenarios
- Â Integration with AWS
Target Audience
This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
Prerequisites
- Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite.
- Students should also attend the Introduction to the Junos Operating System (IJOS) course and the Junos Routing Essentials (JRE) course or have equivalent experience prior to attending this class.