Junos Security- JNCIS-SEC Certification Course Course Details:

This five-day course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security zones, security policies, Network Address Translation (NAT), IPsec VPNs, and chassis clustering.

Through demonstrations and hands-on labs, students will gain experience in configuring the Junos OS and monitoring device operations of Junos security devices. This course uses Juniper Networks SRX Series Services Gateways for the primary hands-on component.

This course is based on Junos OS Release 17.4R1.16 and the vSRX virtual appliance.

    No classes are currenty scheduled for this course.

    Call (919) 283-1653 to get a class scheduled online or in your area!

  1. Course Introduction
  2. Introduction to Junos Security

Traditional Routing and Security

Architecture Overview of Junos Security Devices

Logical Packet Flow through Junos Security Devices

J-Web Overview

  1. Zones and Screen Options

Zones Overview

Zone Configuration

Monitoring Security Zones

Configuring Screen Options

Screen Options Case Study

  1. Security Policies

Security Policy Overview

Policy Components

Security Policy Configuration in J-Web

Policy Case Study (CLI)

Policy Case Study (J-Web)

  1. Advanced Security Policy

Session Management

Junos ALGs

Policy Scheduling


Advanced Security Policy

  1. Troubleshooting Zones and Policies

General Troubleshooting for Junos Devices

Troubleshooting Tools

Troubleshooting Zones and Policies

Zone and Policy Case Studies

  1. Network Address Translation

NAT Overview

Source NAT

Destination NAT

Static NAT

Proxy ARP

  1. Advanced NAT

Persistent NAT

DNS Doctoring

IPv6 with NAT

Advanced NAT Scenarios

Troubleshooting NAT

  1. IPsec VPN Concepts

VPN Types

Secure VPN Requirements

IPsec Tunnel Establishment

IPsec Traffic Processing

  1. IPsec VPN Implementation

IPsec VPN Configuration

IPsec VPN Case Study

Proxy IDs and Traffic Selectors

Monitoring IPsec VPNs

  1. Hub-and-Spoke VPNs

Hub-and-Spoke VPN Overview 

Hub-and-Spoke Configuration and Monitoring

  1. Group VPNs

Group VPN Overview

Group VPN Configuration and Monitoring

  1. PKI and ADVPNs

Public Key Infrastructure Overview

PKI Configuration

ADVPN Overview

ADVPN Configuration and Monitoring

  1. Advanced IPsec

NAT with IPsec

Class of Service with IPsec

Best Practices

Routing OSPF over IPsec

IPsec with Overlapping Addresses

IPsec with Dynamic Gateway IP Addresses

  1. Troubleshooting IPsec

IPsec Troubleshooting Overview

Troubleshooting IKE Phase 1 and 2

IPsec Logging

IPsec Case Studies

  1. Chassis Cluster Concepts

Chassis Clustering Overview

Chassis Cluster Components

Chassis Cluster Operation

  1. Chassis Clutter Implementation

Chassis Cluster Configuration

Advanced Chassis Cluster Options

  1. Troubleshooting Chassis Clusters

Troubleshooting Chassis Clusters

Chassis Cluster Case Studies

  1. SRX Series Hardware

Branch SRX Platform Overview

Mid-Range SRX Platform Overview

High-End SRX Platform Overview

SRX Traffic Flow and Distribution

SRX Interfaces

  1. Virtual SRX

Virtualization Overview

Network Virtualization and SDN

Overview of the Virtual SRX

Deployment Scenarios

Integration with AWS

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.

After successfully completing this course, you should be able to perform the following:

  • Describe traditional routing and security and the current trends in internetworking.
  • Provide an overview of SRX Series devices and software architecture.
  • Describe the logical packet flow and session creation performed by SRX Series devices.
  • Describe, configure, and monitor zones.
  • Describe, configure, and monitor security policies.
  • Describe, configure, and monitor user firewall authentication
  • Describe various types of network attacks.
  • Configure and monitor Screen options to prevent network attacks.
  • Explain, implement, and monitor NAT, as implemented on Junos security platforms.
  • Explain the purpose and mechanics of IP Security (IPsec) virtual private networks
  • Implement and monitor policy-based and route-based IPsec VPNs.
  • Describe, configure, and monitor high availability chassis clusters.
  • Describe how to deploy and manage vSRX.
  • Describe and configure Group VPNs.
  • Describe and configure ADVPNs.
  • Troubleshoot chassis clusters, IPsec VPNs, zones, and Security Policies


LAB 1: Zones and Screen Options

LAB 2: Security Policies

Lab 3: Advanced Policy Options

Lab 4: Troubleshooting Security Zones and Policies

Lab 5: Network Address Translation

Lab 6: Advanced NAT

Lab 7: Implementing IPsec VPNs

Lab 8: Hub-and-Spoke VPNs

Lab 9: Group VPNs

Lab 10: PKI and ADVPNs

Lab 11: Advanced IPsec VPN Solutions

Lab 12: Troubleshooting IPsec

Lab 13: Implementing Chassis Clusters

Lab 14: Troubleshooting Chassis Clusters

  • Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices
  • Anyone seeking JNCIS-SEC certification

Ready to Jumpstart Your IT Career?