Junos Security



Through demonstrations and hands-on labs, you will gain experience configuring and monitoring the Junos OS for Juniper Networks SRX Series devices. This course will cover configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics include security zones, security policies, intrusion detection and prevention (IDP), Network Address Translation (NAT), and high availability clusters, as well as basic implementation, configuration, and management.




Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices


  • Introduction to the Junos Operating System (IJOS)
  • Junos Routing Essentials (JRE)

Learning Objectives

  • Traditional routing and security and the current trends in internetworking
  • SRX Series devices and software architecture
  • Logical packet flow and session creation performed by SRX Series devices
  • Configure and monitor zones, security policies, and firewall user authentication
  • Various types of network attacks
  • Configure and monitor SCREEN options to prevent network attacks
  • Implement and monitor NAT on Junos security platforms
  • Purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs)
  • Implement and monitor policy-based and route-based IPsec VPNs
  • Use and update the IDP signature database
  • Configure and monitor IDP policy with policy templates
  • Configure and monitor high availability chassis clusters

1. Junos Security Platforms

  • Traditional Routing
  • Traditional Security
  • Breaking the Tradition
  • The Junos OS Architecture

2. Zones

  • The Definition of Zones
  • Zone Configuration
  • Monitoring Security Zones

3. Security Policies

  • Policy Components
  • Verifying Policy Operation
  • Policy Scheduling and Rematching
  • Policy Case Study

4. Firewall User Authentication

  • Firewall User Authentication Overview
  • Pass-Through Authentication
  • Web Authentication
  • Client Groups
  • Using External Authentication Servers
  • Verifying Firewall User Authentication

5. SCREEN Options

  • Multilayer Network Protection
  • Stages and Types of Attacks
  • Using Junos SCREEN Options
    •  Reconnaissance Attack Handling
    • Denial of Service Attack Handling
    • Suspicious Packets Attack Handling
  • Applying and Monitoring SCREEN Options

6. Network Address Translation (NAT)

  • Source NAT Operation and Configuration
  • Destination NAT Operation and Configuration
  • Static NAT Operation and Configuration
  • Proxy ARP
  • Monitoring and Verifying NAT Operation

7. IPsec VPNs

  • VPN Types
  • Secure VPN Requirements
  • IPsec Details
  • Configuration of IPsec VPNs
  • IPsec VPN Monitoring

8. Intrusion Detection and Prevention (IDP)

  • Junos IDP
  • Policy Components
  • Configuration
  • Signature Database
  • Case Study: Applying the Recommended IDP Policy
  • Monitoring IDP Operation

9. High Availability Clustering

  • Chassis Cluster Components
  • Chassis Cluster Operation
  • Chassis Cluster Configuration
  • Chassis Cluster Monitoring