Juniper firewall

JUNIPER

Juniper Networks Certified courses (JNCIA & JNCIS) are designed for networking professionals with beginner to intermediate knowledge of Juniper Firewall/VPN products and ScreenOS software. Juniper firewall / VPN certification track is a two-tiered program that allows participants to demonstrate competence with Juniper Networks Firewall with VPN products and the ScreenOS software.

Juniper Networks Technical Certification Program (JNTCP)
Firewall / VPN Track

Juniper training

This course is designed for students who are new to Juniper SRX platform and looking to expand their skill sets in network and secuirty domain. Candidates should have basic understaing on ip addressing, routing and switching technoilogies.

Upon completion of this course, students will be able to:

• Explain the features and advantages of the juniper SRX firewall platform.
• Perform the basic & advance configuration of the firewall including:
• Configuring interfaces, security policies
• Setting up detailed operation of NAT
• Enable policy and route based IPSEC VPN
• Chassis cluster operation and configuration
• Juniper IDP & Screen options
• UTM overview
• Troubleshooting using packet capture tools

Course content

Module 0 – Security basics & firewall technologies overview

• Network security concepts explained
• Enterprise security architecture – defense in depth / layered security architecture
• Understanding various firewall technologies likes of :
• Packet filter firewall
• Application gateway firewall
• Stateful Inspection
• Next generation firewall
• Basic understanding on Various application protocols including HTTP, FTP, DNS & DHCP
• Overview of PKI infrastructure

Module 1 – Juniper platform Architecture

• Understanding on Juniper SRX platform
• Difference between netscreen and SRX devices
• Junos hardware architecture
• Session setup process in hardware
• SRX software architecture including interface , security zones and virtual routers
• Design consideration with Juniper SRX devices
• Detailed hardware and software packet flow
• Overview of PKI infrastructure

Module2 – Administration & Security Policies

• Detailed overview of functional zones
• Understanding on using firewall filters to control management access
• Understating Juniper security rule base
• Interzone policies
• Intrazone policies
• Global policies
• Security policy designing best practices
• Understanding session table entries
• Overview of Junos ALG

Module3 – Network Address Translation

• Overview on NAT requirements
• Network address translation
• Source NAT
• Destination NAT
• Static NAT
• Dual NAT
• Persistence NAT
• Full con & Half con NAT
• Design consideration while using different types of NAT
• NAT Specific traffic flow
• Overlapping network communication using NAT
• Applications affected by NAT
• Understating and implementation of NAT policies

Module 4 – VPN

• Overview of VPN technologies
• SSL
• IPsec VPN
• Understating on policy based vpn and its limitations
• Route based VPN
• Implementing VPN with dynamic routing on Juniper SRX firewall
• Understanding on NAT-T in IPSEC VPN
• Designing of complex VPN infrastructure with VPN failover

Module 5 – High Availability

• Understanding of Juniper chassis cluster
• Overview on active-active and active-standby cluster
• High Availability
• load sharing
• Concept of reth,fab and fxp interfaces
• understating and managing split brain condition
• Failover Conditions
• Understanding of complexities involved in cluster with asymmetric routing

Module 6– Troubleshooting

• Overview of troubleshooting methodology on Juniper firewall
• Troubleshooting of address spoofing issues
• Troubleshooting security policies and NAT
• Juniper tools to troubleshoot
• IPSEC VPN
• Chassis cluster
• Packet level troubleshooting with packet capture tools
• Troubleshooting using pcap files – overview of wireshark tool

Module 7 – Firewall user authentication

• Overview of user authentication to configure network access rules
• Integration with Active Directory/ LDAP
• Understanding on different authentication scenarios
• Web authentication
• Pass through authentication

Module 8 – UTM Overview

• Overview of different UTM features in SRX platform
• Understanding on Antivirus , Content and URL filtering
• AV operation and monitoring
• Configuration of content and web filtering
• Understanding on antispam process
• Configuration of antispam policy
• Monitoring antispam

Module 9 – Attack Mitigation

• Understanding on different types of attacks
• Mitigation of attacks using :
• Screen options
• Firewall filters
• IDP technology overview , Need for IDP , IDP components
• Configuration and tuning of IDP
• Troubleshooting IDP issues