JSEC - Junos Security
This five-day course covers the configuration, operation, and implementation of SRX Series
Services Gateways in a typical network environment. Key topics within this course include
security technologies such as security zones, security policies, Network Address Translation
(NAT), IP Security (IPsec), and high availability clusters, as well as details pertaining to basic
implementation, configuration, management, and troubleshooting.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and monitoring device operations. This course uses Juniper Networks
SRX Series Services Gateways and Security Director for the hands-on component. This course is
based on Junos OS Release 15.1X49-D70.3 and Junos Space Security Director 16.1.
Jump to schedule
After successfully completing this course, you should be able to perform the following:
Describe traditional routing and security and the current trends in internetworking.
Provide an overview of SRX Series devices and software architecture.
Describe the logical packet flow and session creation performed by SRX Series
Describe, configure, and monitor zones.
Describe, configure, and monitor security policies.
Describe, configure, and monitor user firewall authentication
Describe various types of network attacks.
Configure and monitor Screen options to prevent network attacks.
Explain, implement, and monitor NAT, as implemented on Junos security platforms.
Explain the purpose and mechanics of IP Security (IPsec) virtual private networks
Implement and monitor policy-based and route-based IPsec VPNs.
Describe, configure, and monitor high availability chassis clusters.
Describe how to deploy and manage vSRX.
Describe and configure Group VPNs.
Describe and configure ADVPNs.
Troubleshoot chassis clusters, IPsec VPNs, zones, and Security Policies
This course benefits operators of SRX Series devices. These operators
include network engineers, administrators, support personnel, and
reseller support personnel.
Students should have basic networking knowledge and an understanding of the Open Systems
Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also
attend the Introduction to the Junos Operating System (IJOS) course, or have equivalent
experience prior to attending this class.
Chapter 1: Course Introduction
Chapter 2: Introduction to Junos Security
The Junos OS Architecture
Chapter 3: Zones
The Definition of Zones
Monitoring Security Zones
Lab 1: Configuring and Monitoring Zones
Chapter 4: Security Policies
Security Policy Overview
Verifying Policy Operation
Policy Case Study
Lab 2: Security Policies
Chapter 5: Advanced Policy Options
Chapter 6: Troubleshooting Security Zones and Policies
Troubleshoot Security Zones
Troubleshoot Security Policies
Lab 3: Troubleshooting Security Zones and Policies
Chapter 7: Network Address Translation
Source NAT Operation and Configuration
Destination NAT Operation and Configuration
Static NAT Operation and Configuration
Monitoring and Verifying NAT Operation
Lab 4: Network Address Translation
Chapter 8: Advanced NAT Concepts
NAT Interaction with Policy and ALGs
Advanced NAT Scenarios
Lab 5: Advanced NAT Implementations
Chapter 9: IPsec VPN Concepts
Secure VPN Requirements
Chapter 10: IPsec VPN Implementation
Configuration of IPsec VPNs
IPsec VPN Case Studies
Monitoring IPsec VPN
Lab 6: Implementing IPsec VPNs
Chapter 11: Group VPNs
Group VPN Overview
Group VPN Configuration and Monitoring
Lab 7: Implementing Group VPNs
Chapter 12: ADVPNs
ADVPN Member Roles
Routing with ADVPNs
Lab 8: Implementing ADVPNs
Chapter 13: IPsec VPN Case Studies and Solutions
Routing over VPNs
NAT with IPsec
Enterprise VPN Deployment Best Practices
Lab 9: Implementing Routing over VPN Tunnels and IPsec Best Practices
Chapter 14: Troubleshooting IPsec
IKE Phase 1 Troubleshooting
IKE Phase 2 Troubleshooting
Lab 10: Troubleshooting IPsec
Chapter 15: Virtualized SRX
Installation of vSRX
Deployment Scenarios and Use Cases
Automated Deployments Options
AWS Deployment Scenarios
Chapter 16: High Availability Clustering Theory
High Availability Overview
Chassis Cluster Components
Advanced Chassis Cluster Topics
Chapter 17: High Availability Clustering Implementation
Chassis Cluster Configuration
Chassis Cluster Monitoring
Advanced Chassis Cluster Topics
Lab 12: Implementing High Availability Techniques
Chapter 18: Troubleshooting Chassis Clusters
Chassis Cluster Troubleshooting
IDP Policy Components and Configuration
Lab 13: Troubleshooting Chassis Clusters
Appendix A: SRX Series Hardware and Interfaces
Branch SRX Platform Overview
High-End SRX Platform Overview
SRX Traffic Flow and Distribution
This course is a part of following certificates:
||April 9, 2018
||April 13, 2018
||Johannesburg South Africa