Code: 
JP-JSEC
Duration: 
3 Day(s)

Overview

This three-day course covers configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security technologies such as security zones, security policies, intrusion detection and prevention (IDP), Network Address Translation (NAT), and high availability clusters, as well as details pertaining to basic implementation, configuration, and management.

Audience

This course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.

Skills Gained

After you complete this course you will be able to:

  • Describe traditional routing and security and the current trends in internetworking.
  • Provide an overview of SRX Series devices and software architecture.
  • Describe the logical packet flow and session creation performed by SRX Series devices.
  • Describe, configure, and monitor zones.
  • Describe, configure, and monitor security policies.
  • Describe, configure, and monitor firewall user authentication.
  • Describe various types of network attacks.
  • Configure and monitor SCREEN options to prevent network attacks.
  • Explain, implement, and monitor NAT on Junos security platforms.
  • Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
  • Implement and monitor policy-based and route-based IPsec VPNs.
  • Utilize and update the IDP signature database.
  • Configure and monitor IDP policy with policy templates.
  • Describe, configure, and monitor high availability chassis clusters.

Prerequisites

Attendees should meet the following prerequisites:

Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also either attend the Introduction to the Junos Operating System (IJOS) and Junos Routing Essentials (JRE) courses prior to attending this class, or have equivalent experience with the Junos OS.

Course Specifics

Course Outline

Introduction to Junos security platforms

  • Traditional Routing
  • Traditional Security
  • Breaking the Tradition
  • The Junos OS Architecture

Zones

  • The Definition of Zones
  • Zone Configuration
  • Monitoring Security Zones
  • Lab 1: Configuring and Monitoring Zones

Security Policies

  • Overview of Security Policy
  • Policy Components
  • Verifying Policy Operation
  • Policy Scheduling and Rematching
  • Policy Case Study
  • Lab 2: Security Policies

Firewall User Authentication

  • Firewall User Authentication Overview
  • Pass-Through Authentication
  • Web Authentication
  • Client Groups
  • Using External Authentication Servers
  • Verifying Firewall User Authentication
  • Lab 3: Configuring Firewall Authentication

SCREEN Options

  • Multilayer Network Protection
  • Stages and Types of Attacks
  • Using Junos SCREEN Options-Reconnaissance Attack Handling
  • Using Junos SCREEN Options-Denial of Service Attack Handling
  • Using Junos SCREEN Options-Suspicious Packets Attack Handling
  • Applying and Monitoring SCREEN Options
  • Lab 4: Implementing SCREEN Options

Network Address Translation

  • NAT Overview
  • Source NAT Operation and Configuration
  • Destination NAT Operation and Configuration
  • Static NAT Operation and Configuration
  • Proxy ARP
  • Monitoring and Verifying NAT Operation
  • Lab 5: Network Address Translation

IPsec VPNs

  • VPN Types
  • Secure VPN Requirements
  • IPsec Details
  • Configuration of IPsec VPNs
  • IPsec VPN Monitoring
  • Lab 6: Implementing IPsec VPNs

Introduction to Intrusion Detection and Prevention

  • Introduction to Junos IDP
  • IDP Policy Components and Configuration
  • Signature Database
  • Case Study: Applying the Recommended IDP Policy
  • Monitoring IDP Operation
  • Lab 7: Implementing IDP

High Availability Clustering

  • High Availability Overview
  • Chassis Cluster Components
  • Chassis Cluster Operation
  • Chassis Cluster Configuration
  • Chassis Cluster Monitoring
  • Lab 8: Implementing Chassis Clusters

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

Course Location Days Cost Date
London
3 1800 £1800 2018-09-12