This four-day course provides students with the knowledge to configure and monitor advanced Junos OS security features for enterprise, campus, and service provider applications. Key topics include advanced Junos OS security features with coverage of advanced reporting, next-generation
Layer 2 security, next-generation advanced features, Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) security, advanced policy-based routing, virtualization features, advanced IPsec VPNs, advanced Network Address Translation (NAT) features, and multinode high availability.
Through demonstrations and hands-on labs, students will gain experience with the features of SRX Series devices and vSRX Series devices.
This course is based on Junos OS Release 23.2R1.13.

• Describe Layer 2 security features.
• Discuss ways to use packet-based security.
• Describe how to troubleshoot zones and policies.
• Describe how to implement a hub-and-spoke VPN.
• Discuss advanced NAT capabilities.
• List the ways that the SRX Series firewall may be virtualized.
• Describe how to implement an Auto Discovery VPN (ADVPN) setup.
• List options using IPsec to accomplish advanced configurations.
• Discuss how to troubleshoot IPsec VPNs.
• Describe how to route traffic based on the application.
• Describe how to secure VXLAN traffic within the network.
• Implement multinode high availability.
• Discuss how to mitigate network threats automatically.

Individuals responsible for implementing, monitoring, and troubleshooting Juniper security components. This course also helps you prepare for the JNCIP-SEC certification.

• Strong skill level in TCP/IP, Layer 2 Ethernet, security policies, and security concepts
• General understanding of stateful firewalls, NAT, and IPsec
• Recommended, but not required:
• Completion of the Introduction to Juniper Security and Juniper Security courses
• Experience with packet captures

DAY 1
1 Junos Layer 2 Packet Handling and Security Features
• Explain transparent mode security operations
• Define secure wire implementation
• Describe MACsec uses
Lab 1: Implementing Layer 2 Security
2 Packet-Based Security
• Explain routing instances
• Describe filter-based forwarding
Lab 2: Implementing Packet-Based Security
3 Troubleshooting Zones and Policies
• Describe troubleshooting tools available in Junos OS
• Discuss troubleshooting of security zones and security
policies
• Examine troubleshooting case studies
Lab 3: Troubleshooting Zones and Policies

DAY 2
4 Hub-and-Spoke VPN
• Describe the hub-and-spoke VPN topology
• Configure hub-and-spoke VPNs
Lab 4: Implementing Hub-and-Spoke VPNs
5 Advanced NAT
• Explain the difference between address persistence and
persistent NAT
• Describe DNS doctoring
• Describe advanced NAT scenarios
• Discuss NAT troubleshooting
Lab 5: Implementing Advanced NAT
6 Logical and Tenant Systems
• Describe logical systems
• Describe tenant systems
Lab 6: Implementing Tenant Systems

DAY 3
7 PKI and ADVPNs
• Describe PKI
• Configure PKI for Junos security devices
• Describe how ADVPNs function
• Configure and monitor ADVPNs
Lab 7: Implementing ADVPNs
8 Advanced IPsec
• Explain NAT interoperability with IPsec
• Describe the CoS feature with IPsec VPNs
• Explain IPsec best practices
• Configure OSPF over IPsec
• Configure IPsec with overlapping addresses
• Configure IPsec with dynamic gateway IP addresses
Lab 8: Implementing Advanced IPsec Solutions
9 Troubleshooting IPsec
• Describe general troubleshooting for IPsec VPNs
• Discuss how to troubleshoot IKE Phase 1 and Phase 2
• Configure and analyze logging for IPsec VPNs
• Examine IPsec troubleshooting case studies
Lab 9: Troubleshooting IPsec VPNs

DAY 4
10 Advanced Policy-Based Routing
• Define advanced policy-based routing
• Configure advanced policy-based routing
• Explain application quality of experience
Lab 10: Implementing APBR
11 EVPN-VXLAN Security
• Describe the EVPN-VXLAN protocols
• Explain VXLAN tunnel security
• Configure security on VXLAN tunnels
Lab 11: Securing Traffic Between Data Centers
12 Multinode High Availability
• Identify the benefits of high availability and security
• Explain the use of multinode high availability
• Identify multinode high availability modes
• Discuss services redundancy groups
Lab 12: Implementing Multinode HA
13 Automated Threat Mitigation
• Explain Automated Threat Mitigation
• Discuss Juniper Connected Security third-party
integrations
• Discuss Juniper Connected Security multicloud
integrations
• Discuss the Secure Enterprise use case

RELATED CERTIFICATION
JNCIP-SEC