This two-day course is designed to provide students with the knowledge required to configure and manage edge security services on devices running the Junos operating system. This course focuses on the main configuration components of edge security services, including service set configuration and service processing, stateful firewall services, IPsec services, threat management, CGN technologies, softwire technologies, high availability, and load balancing.
This course uses MX 3D Universal Edge Routers for the hands-on component. This course is based on Junos software Release 12.3R2.5.
Junos Edge Security Services is an intermediate-level course.
After successfully completing this course, you should be able to:
- Provide an overview of security features enabled using MX Series services.
- Describe services, service sets, and service interfaces.
- Enable MX Series services.
- Describe the packet processing through services on MX Series devices employing security services.
- Demonstrate knowledge of stateful firewall traffic flows through an MX Series device.
- Implement stateful firewall rules on MX Series devices.
- Provide an overview of IPsec technology.
- Configure and monitor IPsec operation on an MX Series device.
- Troubleshoot IPsec operations.
- Provide an overview of application awareness services on MX Series devices.
- Implement Application-Aware Access Lists on MX Series devices.
- Describe how to mitigate IPv4 address exhaustion.
- Explain how to implement NAT.
- Describe the different CGN implementations.
- Describe how to implement NAT444.
- Explain how to implement NAT64.
- Describe how to implement 6rd.
- Explain how to implement DS-Lite.
- Describe MS PIC redundancy.
- Explain how to implement CGN logging.
- Describe various NAT pool and port options.
- Describe ECMP load-balancing as it pertains to CGN.
- Explain VRF-based CGN deployments.
- Explain HA availability as it pertains to CGN.
Chapter 1: Course Introduction
Chapter 2: MX Series Services
- Product Overview
- Service Interfaces
- Service Sets
- Service Packet Processing
Chapter 3: Stateful Firewall Services
- Stateful Versus Stateless Firewalls
- Traffic Flows
- Firewall Rules
- Configuration and Monitoring
- Implementing Stateful Firewall Services Lab
Chapter 4: IPsec Services
- IPsec Overview
- IPsec Configuration on MX Series Devices
- IPsec Monitoring
- IPsec Implementations
- Implementing IPsec Services Lab
Chapter 5: Threat Management
- MP-SDK Packages
- Application Identification
- Local Policy Decision Function (L-PDF) Overview
- Application-Aware Access Lists (AACL)
Chapter 6: IPv4 and IPv6 Integration
- IPv4 Address Exhaustion
- IPv4 to IPv6 Migration Risks
- IPv4 to IPv6 Migration Techniques
Chapter 7: CGN Implementation
- Implementing NAT444
- Implementing NAT64
- Implementing CGN Lab
Chapter 8: Softwire Technologies
- Softwires Overview
- Implementing and Monitoring 6rd
- Deploying and Monitoring DS-Lite
- Deploying Softwire Technologies Lab
Chapter 9: High Availability and Load Balancing
- Service PIC Redundancy
- CGN Redundancy
- 6rd and DS-Lite Redundancy
- CGN ECMP Load Balancing
- High Availability and Load Balancing Lab
- This course benefits individuals responsible for configuring and monitoring devices running the Junos OS and specifically, the Junos Services Framework.
- Students should have experience working with the Junos OS.
- Students should have experience with security concepts such as stateful firewall, IPsec, and NAT.
- Students should have familiarity with dynamic routing protocols, MPLS VPNs, and Junos policy.
Students should also attend the Junos Intermediate Routing (JIR) course prior to attending this class.