JESS : JUNOS Edge Security Services

  • Duration: 2 days
  • Test Level: 0
  • Certifications: No Certification
  • Price: $1400
  • Exams: No Exam
This two-day course is designed to provide students with the knowledge required to configure and manage edge security services on devices running the Junos operating system. This course focuses on the main configuration components of edge security services, including service set configuration and service processing, stateful firewall services, IPsec services, threat management, CGN technologies, softwire technologies, high availability, and load balancing. This course uses MX 3D Universal Edge Routers for the hands-on component. This course is based on Junos software Release 12.3R2.5.

After successfully completing this course, you should be able to:

Provide an overview of security features enabled using MX Series services.
Describe services, service sets, and service interfaces.
Enable MX Series services.
Describe the packet processing through services on MX Series devices                   employing security services.
Demonstrate knowledge of stateful firewall traffic flows through an MX               Series device.
Implement stateful firewall rules on MX Series devices.
Provide an overview of IPsec technology.
Configure and monitor IPsec operation on an MX Series device.
Troubleshoot IPsec operations.
Provide an overview of application awareness services on MX Series                     devices.
Implement Application-Aware Access Lists on MX Series devices.
Describe how to mitigate IPv4 address exhaustion.
Explain how to implement NAT.
Describe the different CGN implementations.
Describe how to implement NAT444.
Explain how to implement NAT64.
Describe how to implement 6rd.
Explain how to implement DS-Lite.
Describe MS PIC redundancy.
Explain how to implement CGN logging.
Describe various NAT pool and port options.
Describe ECMP load-balancing as it pertains to CGN.
Explain VRF-based CGN deployments.
Explain HA availability as it pertains to CGN.

Day 1

Chapter 1: Course Introduction


Chapter 2: MX Series Services

Product Overview
Service Interfaces
Service Sets
Rules
Service Packet Processing


Chapter 3: Stateful Firewall Services

Stateful Versus Stateless Firewalls
Traffic Flows
Firewall Rules
Configuration and Monitoring
Implementing Stateful Firewall Services Lab


Chapter 4: IPsec Services

IPsec Overview
IPsec Configuration on MX Series Devices
IPsec Monitoring
IPsec Implementations
Implementing IPsec Services Lab


Chapter 5: Threat Management

MP-SDK Packages
Application Identification
Local Policy Decision Function (L-PDF) Overview
Application-Aware Access Lists (AACL)


Day 2

Chapter 6: IPv4 and IPv6 Integration

IPv4 Address Exhaustion
IPv4 to IPv6 Migration Risks
IPv4 to IPv6 Migration Techniques


Chapter 7: CGN Implementation

Implementing NAT444
Implementing NAT64
Implementing CGN Lab


Chapter 8: Softwire Technologies

Softwires Overview
Implementing and Monitoring 6rd
Deploying and Monitoring DS-Lite
Deploying Softwire Technologies Lab


Chapter 9: High Availability and Load Balancing

Service PIC Redundancy
CGN Redundancy
6rd and DS-Lite Redundancy
CGN ECMP Load Balancing
High Availability and Load Balancing Lab

Students should have experience working with the Junos OS.
Students should have experience with security concepts such as stateful                     firewall, IPsec, and NAT.
Students should have familiarity with dynamic routing protocols, MPLS VPNs,         and Junos policy.

Students should also attend the Junos Intermediate Routing (JIR) course prior to attending this class.