Advanced Juniper Security (AJSEC)

.
Advanced Juniper Security (AJSEC)
Engineering Simplicity

COURSE LEVEL COURSE OVERVIEW

Advanced Juniper Security (AJSEC) is an This four-day course, which is designed to build off the current Juniper Security (JSEC)
advanced-level course. offering, delves deeper into Junos security, next-generation security features, and ATP
supporting software.
Through demonstrations and hands-on labs, you will gain experience in configuring and
AUDIENCE monitoring the advanced Junos OS security features with advanced coverage of
advanced logging and reporting, next generation Layer 2 security, next generation
This course benefits individuals responsible for advanced anti-malware with Juniper ATP On-Prem and SecIntel. This course uses
implementing, monitoring, and troubleshooting Juniper Networks SRX Series Services Gateways for the hands-on component.
Juniper security components.
This course is based on Junos OS Release 20.1R1.11, Junos Space Security Director
19.4, Juniper ATP On-Prem version 5.0.7.

PREREQUISITES
• Strong level of TCP/IP networking and OBJECTIVES
security knowledge • Demonstrate understanding of concepts covered in the prerequisite Juniper

• Complete the Juniper Security (JSEC) course Security courses.

prior to attending this class • Describe the various forms of security supported by the Junos OS.
• Describe the Juniper Connected Security model.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Implement next generation Layer 2 security features.
• Demonstrate understanding of Logical Systems (LSYS).
• Demonstrate understanding of Tenant Systems (TSYS).
ASSOCIATED CERTIFICATION
• Implement virtual routing instances in a security setting.
JNCIP-SEC
• Describe and configure route sharing between routing instances using logical
tunnel interfaces.
RELEVANT JUNIPER PRODUCT • Describe and discuss Juniper ATP and its function in the network.
• Security • Describe and implement Juniper Connected Security with Policy Enforcer in a
• Junos OS
network.
• SRX Series
• vSRX Series • Describe firewall filters use on a security device.
• Sky ATP
• Implement firewall filters to route traffic.
• SDSN
• Explain how to troubleshoot zone problems.
• Describe the tools available to troubleshoot SRX Series devices.
RECOMMENDED NEXT COURSE • Describe and implement IPsec VPN in a hub-and-spoke model.
JNCIE-SEC Bootcamp • Describe the PKI infrastructure.
• Implement certificates to build an ADVPN network.
CONTACT INFORMATION • Describe using NAT, CoS and routing protocols over IPsec VPNs.

Contact Juniper Education Services • Implement NAT and routing protocols over an IPsec VPN.
• Describe the logs and troubleshooting methodologies to fix IPsec VPNs.
• Implement working IPsec VPNs when given configuration that are broken.
• Describe Incident Reporting with Juniper ATP On-Prem device.
• Configure mitigation response to prevent spread of malware.
• Explain SecIntel uses and when to use them.
• Describe the systems that work with SecIntel.
• Describe and implement advanced NAT options on the SRX Series devices.
• Explain DNS doctoring and when to use it.
• Describe NAT troubleshooting logs and techniques.

Course content subject to change. See www.juniper.net/courses for the latest details. 1
© 2020 Juniper Networks, Inc.
Advanced Juniper Security (AJSEC)

COURSE CONTENT

Day 1

1 COURSE INTRODUCTION 4 Troubleshooting Zones and Policies

• General Troubleshooting for Junos Devices
• Troubleshooting Tools
• Troubleshooting Zones and Policies
2 Junos Layer 2 Packet Handling and • Zone and Policy Case Studies
Security Features
LAB 3: Troubleshooting Zones and Policies
• Transparent Mode Security
• Secure Wire
• Layer 2 Next Generation Ethernet Switching
• MACsec

LAB 1: Implementing Layer 2 Security

3 Firewall Filters
• Using Firewall Filters to Troubleshoot
• Routing Instances
• Filter-Based Forwarding

LAB 2: Implementing Firewall Filters

Day 2

5 Hub-and-Spoke VPN 7 Logical and Tenant Systems

• Overview • Overview
• Configuration and Monitoring • Administrative Roles
• Differences Between LSYS and TSYS
LAB 4: Implementing Hub-and-Spoke VPNs • Configuring LSYS
• Configuring TSYS

LAB 6: Implementing TSYS

6 Advanced NAT
• Configuring Persistent NAT
• Demonstrate DNS Doctoring
• Configure IPv6 NAT Operations
• Troubleshooting NAT

LAB: 5: Implementing Advanced NAT

Features

Day 3

8 PKI and ADVPNs 10 Troubleshooting IPsec

• PKI Overview • IPsec Troubleshooting Overview
• PKI Configuration • Troubleshooting IKE Phase 1 and 2
• ADVPN Overview • IPsec Logging
• ADVPN Configuration and Monitoring • IPsec Case Studies

LAB 7: Implementing ADVPNs LAB 9: Troubleshooting IPsec

9 Advanced IPsec
• NAT with IPsec
• Class of Service with IPsec
• Best Practices
• Routing OSPF over VPNs

LAB 8: Implementing Advanced IPsec

Solutions

Course content subject to change. See www.juniper.net/courses for the latest details. 2
© 2020 Juniper Networks, Inc.
Advanced Juniper Security (AJSEC)

Day 4

11 Juniper Connected Security 14 Automated Threat Mitigation

• Security Models • Identify and Mitigate Malware Threats
• Enforcement on Every Network Device • Automate Security Mitigation

LAB 12: Identifying and Mitigating Threats

12 SecIntel
• Security Feed
A Group VPNs
• Encrypted Traffic Analysis
• Use Cases for SecIntel • Overview
• Implementing Group VPNs
LAB 10: Implementing SecIntel

13 Advanced Juniper ATP On-Prem

• Collectors
• Private Mode
• Incident Response
• Deployment Models

LAB 11: Implementing Advanced ATP

On-Prem

AJSEC07102020

Course content subject to change. See www.juniper.net/courses for the latest details. 3
© 2020 Juniper Networks, Inc.