AJSEC - Advanced Junos Security
This five-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper
into Junos security.
Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the
advanced Junos OS security features with advanced coverage of virtualization, AppSecure, advanced Network
Address Translation (NAT) deployments, Layer 2 security, and Sky ATP. This course uses Juniper Networks
SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release
15.1X49-D70.3 and Junos Space Security Director 16.1.
Jump to schedule
After successfully completing this course, you should be able to:
Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
Describe the various forms of security supported by the Junos OS.
Implement features of the AppSecure suite, including AppID, AppFW, AppTrack, AppQoS, and SSL
Configure custom application signatures.
Describe Junos security handling at Layer 2 versus Layer 3.
Implement next generation Layer 2 security features.
Demonstrate understanding of Logical Systems (LSYS).
Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
Describe Junos routing instance types used for virtualization.
Implement virtual routing instances in a security setting.
Describe and configure route sharing between routing instances using logical tunnel interfaces.
Utilize Junos tools for troubleshooting Junos security implementations.
Perform successful troubleshooting of some common Junos security issues.
Describe and discuss Sky ATP and its function in the network.
Describe and configure UTM functions.
Discuss IPS and its function in the network.
Implement IPS policy.
Describe and implement SDSN in a network.
Describe and implement user role firewall in a network.
Demonstrate the understanding of integrated user firewall.
This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.
Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend
the Introduction to the Junos Operating System (IJOS) and Junos Security (JSEC) courses prior to attending this
Chapter 1: Course Introduction
Chapter 2: Junos Layer 2 Packet Handling and Security Features
Transparent Mode Security
Layer 2 Next Generation Ethernet Switching
Lab 2: Implementing Layer 2 Security
Chapter 3: Virtualization
Lab 3: Implementing Junos Virtual Routing
Chapter 4: AppSecure Theory
Application System Cache
Custom Application Signatures
Chapter 5: AppSecure Implementation
Lab 4: Implementing AppSecure
Chapter 6: Working with Log Director
Log Director Overview
Log Director Components
Installing and setting up Log Director
Clustering with the Log Concentrator VM
Administrating Log Director
Lab 5: Deploying Log Director
Chapter 7: Sky ATP Theory
Sky ATP Overview
Monitoring Sky ATP
Analysis and Detection of Malware
Chapter 8: Sky ATP Implementation
Configuring Sky ATP
Installing Sky ATP
Analysis and detection of Malware
Infected Host Case Study
Lab 6: Instructor Led Sky ATP Demo
Chapter 9: Implementing UTM
Content and Web Filtering
Lab 7: Implementing UTM
Chapter 10: Introduction to IPS
Network Asset Protection
Intrusion Attack Methods
Intrusion Prevention Systems
IPS Inspection Walkthrough
Chapter 11: IPS Policy and Configuration
SRX IPS Requirements
IPS Operation Modes
Basic IPS Policy Review
IPS Rulebase Operations
Lab 8: Implementing Basic IPS Policy
Chapter 12: SDSN
Policy Enforcer Troubleshooting
SDSN Use Cases
Lab 9: Implementing SDSN
Chapter 13: Enforcement, Monitoring, and Reporting
User Role Firewall and Integrated User Firewall Overview
User Role Firewall Implementation
Monitoring User Role Firewall
Integrated User Firewall Implementation
Monitoring Integrated User Firewall
Lab 10: Configure User Role Firewall and Integrated User Firewall
Chapter 14: Troubleshooting Junos Security
Identifying IPsec Issues
Lab 11: Performing Security Troubleshooting Techniques
Appendix A: SRX Series Hardware and Interfaces
Branch SRX Platform Overview
High End SRX Platform Overview
SRX Traffic Flow and Distribution
This course is a part of following certificates:
||December 3, 2018
||December 7, 2018
||Johannesburg South Africa