• Describe Layer 2 security features.
• Discuss ways to use packet-based security.
• Describe how to troubleshoot zones and policies.
• Describe how to implement a hub-and-spoke VPN.
• Discuss advanced NAT capabilities.
• List the ways that the SRX Series firewall may be virtualized.
• Describe how to implement an Auto Discovery VPN (ADVPN) setup.
• List options using IPsec to accomplish advanced configurations.
• Discuss how to troubleshoot IPsec VPNs.
• Describe how to route traffic based on the application.
• Describe how to secure VXLAN traffic within the network.
• Implement multinode high availability.
• Discuss how to mitigate network threats automatically.

Day 1

1. Junos Layer 2 Packet Handling and Security Features

• Explain transparent mode security operations
• Define secure wire implementation
• Describe MACsec uses

Lab 1: Implementing Layer 2 Security

2. Packet-Based Security

• Explain routing instances
• Describe filter-based forwarding

Lab 2: Implementing Packet-Based Security

3. Troubleshooting Zones and Policies

• Describe troubleshooting tools available in Junos OS
• Discuss troubleshooting of security zones and security policies
• Examine troubleshooting case studies

Lab 3: Troubleshooting Zones and Policies

Day 2

4. Hub-and-Spoke VPN

• Describe the hub-and-spoke VPN topology
• Configure hub-and-spoke VPNs

Lab 4: Implementing Hub-and-Spoke VPNs

5. Advanced NAT

• Explain the difference between address persistence and persistent NAT
• Describe DNS doctoring
• Describe advanced NAT scenarios
• Discuss NAT troubleshooting

Lab 5: Implementing Advanced NAT

6. Logical and Tenant Systems

• Describe logical systems
• Describe tenant systems

Lab 6: Implementing Tenant Systems

Day 3

7. PKI and ADVPNs

• Describe PKI
• Configure PKI for Junos security devices
• Describe how ADVPNs function
• Configure and monitor ADVPNs

Lab 7: Implementing ADVPNs

8. Advanced IPsec

• Explain NAT interoperability with IPsec
• Describe the CoS feature with IPsec VPNs
• Explain IPsec best practices
• Configure OSPF over IPsec
• Configure IPsec with overlapping addresses
• Configure IPsec with dynamic gateway IP addresses

Lab 8: Implementing Advanced IPsec Solutions

9. Troubleshooting IPsec

• Describe general troubleshooting for IPsec VPNs
• Discuss how to troubleshoot IKE Phase 1 and Phase 2
• Configure and analyze logging for IPsec VPNs
• Examine IPsec troubleshooting case studies

Lab 9: Troubleshooting IPsec VPNs

Day 4

10. Advanced Policy-Based Routing

• Define advanced policy-based routing
• Configure advanced policy-based routing
• Explain application quality of experience

Lab 10: Implementing APBR

11. EVPN-VXLAN Security

• Describe the EVPN-VXLAN protocols
• Explain VXLAN tunnel security
• Configure security on VXLAN tunnels

Lab 11: Securing Traffic Between Data Centers

12. Multinode High Availability

• Identify the benefits of high availability and security
• Explain the use of multinode high availability
• Identify multinode high availability modes
• Discuss services redundancy groups

Lab 12: Implementing Multinode HA

13. Automated Threat Mitigation

• Explain Automated Threat Mitigation
• Discuss Juniper Connected Security third-party integrations
• Discuss Juniper Connected Security multicloud integrations
• Discuss the Secure Enterprise use case

Individuals responsible for implementing, monitoring, and troubleshooting Juniper security components. This course also helps you prepare for the JNCIP-SEC certification

• Strong skill level in TCP/IP, Layer 2 Ethernet, security policies, and security concepts
• General understanding of stateful firewalls, NAT, and IPsec
• Recommended, but not required:
  • Completion of the Introduction to Juniper Security and Juniper Security courses
  • Experience with packet captures