Advanced Junos Security



In this course, you will go deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with Juniper Networks SRX Series Services Gateways. Through demonstrations and hands-on labs, you will gain experience configuring and monitoring advanced security features of the Junos operating system.




Network technicians and engineers responsible for implementing, monitoring, and troubleshooting Junos security components.


  • Introduction to the Junos Operating System (IJOS)
  • Junos Routing Essentials (JRE)
  • Junos Security (JSEC)

Learning Objectives

  • Security supported by the Junos OS
  • Junos security handling at Layer 2 vs. Layer 3
  • Placement and traffic distribution of the various components of SRX devices
  • Configure, utilize, and monitor the various interface types available to the SRX Series product line
  • Junos OS processing of Application Layer Gateways (ALGs)
  • Alter the Junos default behavior of ALG and application processing
  • Implement address books with dynamic addressing
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
  • Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
  • Junos routing instance types used for virtualization
  • Implement virtual routing instances
  • Configure route sharing between routing instances using logical tunnel interfaces
  • Implement selective packet-based forwarding
  • Implement filter-based forwarding
  • Implement static, source, destination, and dual NAT in complex LAN environments
  • Implement variations of cone or persistent NAT
  • Interaction between NAT and security policy
  • Implement optimized chassis clustering
  • IP version 6 (IPv6) support for chassis clusters
  • Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs
  • Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls
  • Monitor the operations of the various IPsec VPN implementations
  • Public key cryptography for certificates
  • Junos tools for troubleshooting Junos security implementations
  • Perform successful troubleshooting of some common Junos security issues

1. Junos Security Review

  • Junos Security Components
  • Selective Packet-Based Forwarding
  • Junos Layer 2 Packet Handling

2. Security Policy Components

  • Application Layer Gateways (ALGs)
  • Junos ALGs
  • Custom Application Definitions
  • Advanced Addressing
  • Policy Matching

3. Virtualization

  • Routing Instances
  • Filter-Based Forwarding

4. Advanced NAT Concepts

  • Beyond Layer 3 and Layer 4 Headers
  • Advanced NAT Scenarios

5. High Availability Clustering

  • High Availability
  • Chassis Clustering Implementations
  • Advanced HA Topics

6. IPsec Implementations

  • Standard VPN Implementations
  • Public Key Infrastructure
  • Hub-and-Spoke VPNs

7. Enterprise IPsec Technologies

  • Group VPN
  • GDOI Protocol
  • Group VPN Configuration and Monitoring
  • Dynamic VPN Implementation

8. IPsec VPN Case Studies and Solutions

  • Routing over VPNs
  • IPsec with Overlapping Addresses
  • Dynamic Gateway IP Addresses
  • Enterprise VPN Deployment Tips and Tricks

9. Troubleshooting Junos Security

  • Troubleshooting Methodology
  • Troubleshooting Tools
  • Identifying IPsec Issues

10. SRX Series Hardware and Interfaces

  • Branch SRX Platform
  • High End SRX Platform
  • SRX Traffic Flow and Distribution
  • SRX Interfaces