• Define the general security architecture for 4G and 5G networks.
• Configure data plane security protections.
• Explain DoS and DDoS attacks.
• Describe BGP flowspec in protecting against DDoS attacks.
• Explain the Corero solution for DDoS attacks.
• Describe the use of stateful firewalls.
• Explain the use of ALGs in stateful security firewalls.
• Explain how to secure BGP on Junos devices.
• Describe how to use IPsec to secure traffic.
• Explain the new Internet of Things (IoT) threat to networks.
• Describe AutoVPN IPsec architectures.
• Explain the use and configuration of carrier-grade NAT on SRX devices.

Additional objectives for self-study:

• Describe SPC3 for MX Series platforms.
• Configure and verify IPsec VPN with unified services framework using MX-SPC3.
• Configure and verify carrier-grade NAT with MX-SPC3.
• Troubleshoot some common issues with MX-SPC3.

DAY 1

1. Course Introduction

2. Security Challenges for Service Providers

• Describe limitations of security devices
• Describe BGP security threats
• Describe DDoS attack threats
• Explain IP address depletion challenges
• Describe 5G security challenges

3. Juniper Networks Solutions for Service Providers

• Describe Juniper Networks’ security solutions for the service provider challenges

4. Stateful Firewalls

• Describe stateless firewall filters
• Describe stateful firewall policies
• Describe screens and ALGs
• Explain asymmetrical routing

Lab 1: Configure stateful firewalls

5. 5G Architecture

• Describe security insertion points
• Describe 5G network evolution

6. DDoS Protection

• Explain DDoS history and common protections
• Describe SRX DDoS protection
• Describe BGP flowspec
• Describe Corero with MX DDoS protection

Lab 2: DDoS Protection

DAY 2

7. Carrier-Grade NAT

• Explain IPv4 address exhaustion
• Describe source NAT
• Describe CGNAT
• Describe NAT64

Lab 3: CGNAT

8. Juniper Connected Security for Service Providers

• Describe SecIntel security
• Describe a use case for IoT protection
• Explain Encrypted Traffic Insights

Lab 4: Implementing Juniper Connected Security

9. IPsec Overview

• Describe the IPsec and IKE protocols
• Configure site-to-site IPsec VPNs
• Describe and configure Proxy IDs and Traffic selectors
• Monitor site-to-site IPsec VPNs
• Describe IPsec use with gNodeB devices

Lab 5: Implementing IPsec VPN

10. Scaling IPsec

• Describe and implement PKI certificates in Junos OS
• Describe AutoVPN
• Describe SecGW firewall use case for scaling IPsec

Lab 6: Configuring AutoVPN

DAY 3

11. GPRS and GTP

• Describe how to secure GTP tunnels
• Describe the GPRS protocol
• Describe the GTP
• Explain how Roaming Firewall secures GTP

12. SCTP

• Describe the SCTP Protocol

13. Securing the Control Plane

• Explain how to secure the control plane on Junos devices
• Describe how the loopback filter works to secure the control plane
• Explain how to protect the control plane from DDoS attacks
• Describe how to secure the IGP against attacks

Lab 7: Configure Control Plane Protections

14. Securing the BGP Protocol

• Describe how to secure the BGP
• Describe BGP security features
• Describe BGP dampening

Lab 8: Configure BGP protections

SELF-STUDY MODULES

15. SPC3 for MX Series Platforms

• Identify the main components of SPC3
• Describe the unified services framework

16. IPsec VPN with SPC3 on MX Series Platforms

• Describe USF for IPsec
• Provide configuration and verification examples for the IPsec P2P mode
• Provide configuration and verification examples for the IPsec Traffic Selector mode
• Describe the software architecture of MX-SPC3
• Describe PowerMode IPsec
• Describe Fat Core
• Describe the unified services framework

17. CGNAT with SPC3 on MX Series Platforms

• Describe carrier-grade NAT coverage on Juniper MX Series
• Configure and verify NAT for Next-Gen Services

18. Troubleshooting MX-SPC3

• Describe some common problems and solutions related to MX-SPC3

Individuals responsible for implementing, monitoring, and troubleshooting Juniper security components

• TCP/IP networking and security knowledge
• Introduction to Juniper Security course, or equivalent knowledge