課程資訊

安全平台的進階Junos(Advanced Junos Security)

代碼 AJSEC_201707
中文名稱 安全平台的進階Junos
英文名稱 Advanced Junos Security
課程長度 5 天
上課時間 09:00-17:00
費用 110,000
點數 NA
教材 原廠教材
考試代碼

課程時間

無資料

課程目標

  • Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
  • Describe the various forms of security supported by the Junos OS.
  • Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.
  • Configure custom application signatures.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Implement next generation Layer 2 security features.
  • Demonstrate understanding of Logical Systems (LSYS).
  • Implement address books with dynamic addressing.
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing instances.
  • Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • Describe and implement static, source, destination, and dual NAT in complex LAN environments.
  • Describe and implement variations of persistent NAT.
  • Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.
  • Describe the interaction between NAT and security policy.
  • Demonstrate understanding of DNS doctoring.
  • Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, AD VPNs, and group VPNs.
  • Implement IPsec tunnels using virtual routers.
  • Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
  • Monitor the operations of the various IPsec VPN implementations.
  • Describe public key cryptography for certificates.
  • Utilize Junos tools for troubleshooting Junos security implementations.
  • Perform successful troubleshooting of some common Junos security issues.

適合對象

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

課程內容

Day 1
Chapter 1: Course Introduction
Chapter 2: Implementing Sky ATP
  • Sky ATP Overview
  • Configuring Sky ATP
  • Monitoring Infected Hosts
  • Infected Host Case Study
  • Lab 1: Instructor Led Sky ATP Demo
Chapter 3: Junos Layer 2 Packet Handling and Security Features
  • Transparent Mode Security
  • Secure Wire
  • Layer 2 Next Generation Ethernet Switching
  • Lab 2: Implementing Layer 2 Security
Chapter 4: Virtualization
  • Virtualization Overview
  • Routing Instances
  • Logical Systems
  • Lab 3: Implementing Junos Virtual Routing
Day 2
Chapter 5: Advanced NAT Concepts
  • Operational Review
  • NAT: Beyond Layer 3 and Layer 4 Headers
  • DNS Doctoring
  • IPv6 NAT
  • Advanced NAT Scenarios
  • Lab 4: Advanced NAT Implementations
Chapter 6: IPsec Implementations
  • Standard VPN Implementations Review
  • Public Key Infrastructure
  • Hub-and-Spoke VPNs
  • Lab 5: Hub-and-Spoke IPsec VPNs
Day 3
Chapter 7: Enterprise IPsec Technologies: Group and AD VPNs
  • Group VPN Overview
  • GDOI Protocol
  • Group VPN Configuration and Monitoring
  • ADVPN Overview
  • ADVPN Implementation
Chapter 8: IPsec VPN Case Studies and Solutions
  • Routing over VPNs
  • IPsec with Overlapping Addresses
  • Dynamic Gateway IP Addresses
  • Enterprise VPN Deployment Tips and Tricks
  • Lab 6: Implementing Advanced IPsec VPN Solutions
Chapter 9: Troubleshooting Junos Security
  • Troubleshooting Methodology
  • Troubleshooting Tools
  • Identifying IPsec Issues
  • Lab 7: Performing Security Troubleshooting Techniques

學前基礎

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.