Junos Security
This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security technologies such as security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and high availability clusters, as well as how to implement these features by using Junos Space and Security Director.
Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component. The course also includes some hands-on labs that use Junos Space and Security Director to configure and manage Junos security devices. This course is based on Junos OS Release 15.1X49-D70 and Junos Space Security Director 16.1R1.
Objetivos
Describe traditional routing and security.
Provide an overview of SRX Series Services Gateway devices and the Junos OS software architecture.
Describe the logical packet flow and session creation performed by SRX Series Services Gateway devices.
Describe, configure, and monitor zones.
Describe, configure, and monitor security policies.
Troubleshoot security zones and policies.
Describe, configure, and monitor NAT, as implemented on Junos security platforms.
Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
Implement and monitor route-based IPsec VPNs.
Implement and monitor Hub-and-Spoke VPNs, Group VPNs, and ADVPNs.
Troubleshoot IPsec VPNs.
Describe, configure, and monitor chassis clusters.
Troubleshoot chassis clusters.
Ciberseguridad
Disponible en formato e-learning
Disponible en formato presencial
Disponible en formato a distancia
Subvención disponible
A través de Fundae, cumpliendo requisitos.
Duración
25 horas
- Dificultad 50%
- Nivel alcanzado 80%
Dirigido a
The course benefits operators of SRX Series devices. These operators include network engineers, administrators, support personnel, and reseller support personnel.
Conocimientos requeridos
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent experience prior to attending this class.
Pre-requisitos:
IJOS – Introduction to the Junos Operating System
Temario
Chapter 1: Course Introduction
Chapter 2: Introduction to Junos Security
Traditional Routing and Security
Architecture Overview of Junos Security Devices
Logical Packet Flow through Junos Security Devices
J-Web Overview
Chapter 3: Zones and Screen Options
Zones Overview
Zone Configuration
Monitoring Security Zones
Configuring Screen Options
Screen Options Case Study
LAB 1: Zones and Screen Options
Chapter 4: Security Policies
Security Policy Overview
Policy Components
Security Policy Configuration in J-Web
Policy Case Study (CLI)
Policy Case Study (J-Web)
LAB 2: Security Policies
Chapter 5: Advanced Security Policy
Session Management
Junos ALGs
Policy Scheduling
Logging
Advanced Security Policy
Lab 3: Advanced Policy Options
Chapter 6. Troubleshooting Zones and Policies
General Troubleshooting for Junos Devices
Troubleshooting Tools
Troubleshooting Zones and Policies
Zone and Policy Case Studies
Lab 4: Troubleshooting Security Zones and Policies
Chapter 7. Network Address Translation
NAT Overview
Source NAT
Destination NAT
Static NAT
Proxy ARP
Lab 5: Network Address Translation
Chapter 8. Advanced NAT
Persistent NAT
DNS Doctoring
IPv6 with NAT
Advanced NAT Scenarios
Troubleshooting NAT
Lab 6: Advanced NAT
Chapter 9. IPsec VPN Concepts
VPN Types
Secure VPN Requirements
IPsec Tunnel Establishmen
IPsec Traffic Processing
Chapter 10. IPsec VPN Implementation
IPsec VPN Configuration
IPsec VPN Case Study
Proxy IDs and Traffic Selectors
Monitoring IPsec VPNs
Lab 7: Implementing IPsec VPNs
Chapter 11. Hub-and-Spoke VPNs
Hub-and-Spoke VPN Overview
Hub-and-Spoke Configuration and Monitoring
Lab 8: Hub-and-Spoke VPNs
Chapter 12. Group VPNs
Group VPN Overview
Group VPN Configuration and Monitoring
Lab 9: Group VPNs
Chapter 13. PKI and ADVPNs
Public Key Infrastructure Overview
PKI Configuration
ADVPN Overview
ADVPN Configuration and Monitoring
Lab 10: PKI and ADVPNs
Chapter 14. Advanced IPsec
NAT with IPsec
Class of Service with IPsec
Best Practices
Routing OSPF over IPsec
IPsec with Overlapping Addresses
IPsec with Dynamic Gateway IP Addresses
Lab 11: Advanced IPsec VPN Solutions
Chapter 15. Troubleshooting IPsec
IPsec Troubleshooting Overview
Troubleshooting IKE Phase 1 and 2
IPsec Logging
IPsec Case Studies
Lab 12: Troubleshooting IPsec
Chapter 16. Chassis Cluster Concepts
Chassis Clustering Overview
Chassis Cluster Components
Chassis Cluster Operation
Chapter 17. Chassis Cluster Implementation
Chassis Cluster Configuration
Advanced Chassis Cluster Options
Lab 14: Implementing Chassis Clusters
Chapter 18. Troubleshooting Chassis Clusters
Troubleshooting Chassis Clusters
Chassis Cluster Case Studies
Lab 14: Troubleshooting Chassis Clusters
Appendix A. SRX Series Hardware
Branch SRX Platform Overview
Mid-Range SRX Platform Overview
High-End SRX Platform Overview
SRX Traffic Flow and Distribution
SRX Interfaces
Appendix B. Virtual SRX
Virtualization Overview
Network Virtualization and SDN
Overview of the Virtual SRX
Deployment Scenarios
Integration with AWS
Comentarios recientes