CJFV - Configuring Juniper Networks Firewall/IPSec VPN Products
Overview
This course is the first in the ScreenOS curriculum. It is a three-day,
instructor-led course that focuses on configuration of the ScreenOS
firewall/virtual private network (VPN) products in a variety of
situations, including basic administrative access, routing, firewall
policies and policy options, attack prevention features, address
translation, and VPN implementations.
This course is based on ScreenOS
version 6.3r14.
Objectives
After successfully completing this course, you should be able to:
- Explain the ScreenOS security architecture.
- Configure administrative access and options.
- Back up and restore configuration and ScreenOS files.
- Configure a ScreenOS device in transparent, route, Network Address Translation (NAT), and IP version 6 (IPv6) modes.
- Discuss the applications of multiple virtual routers.
- Configure the ScreenOS firewall to permit and deny traffic based on user-defined policies.
- Configure advanced policy options.
- Identify and configure network designs for various types of network address translation.
- Configure policy-based and route-based VPN tunnels.
Intended audience
This course is intended for network engineers, support personnel,
reseller support, and others responsible for implementing Juniper
Networks firewall products.
Prerequisites
This course assumes that students have basic networking knowledge and experience in the following areas:
- The Internet;
- Networking concepts; and
- Terms including TCP/IP, bridging, switching, and routing.
Content
Day 1
Chapter 1: Course Introduction
Chapter 2: ScreenOS Concepts, Terminology, and Platforms
- Security Device Requirements
- ScreenOS Security Architecture
- Juniper Networks Platforms
- System Components
- Establishing Connectivity
- Verifying Connectivity
- Lab: Initial Configuration
- Management
- Recovery
- Lab: Device Administration
Chapter 5: Layer 3 Operations
- Need for Routing
- Configuring Layer 3
- Verifying Layer 3
- Loopback Interface
- Interface-Based NAT
- Lab: Layer 3 Operations
- Functionality
- Policy Configuration
- Common Problems
- Global Policy
- Verifying Policies
- Lab: Basic Policy Configuration
- Overview
- Logging
- Counting
- Scheduling
- User Authentication
- Lab: Policy Options
- Scenarios
- NAT-src
- NAT-dst
- VIP Addresses
- MIP Addresses
- Lab: Address Translation
Chapter 9: VPN Concepts
- Concepts and Terminology
- IP Security
- Configuration
- Verifying Operations
- Lab: Policy-Based VPNs
- Concepts and Terminology
- Configuring VPNs
- Verifying Operations
- Lab: Route-Based VPNs
- IPv6 Concepts
- Configuring IPv6
- Verifying IPv6
- Lab: IPv6
- Hardware
- Description
- Configuration
- Verifying Operations
- Lab: Transparent Mode (Optional)