Overview:

The three-day CJFW is the first course in the ScreenOS curriculum and covers the majority of features available on Juniper Firewall/VPN products. Students will have the opportunity to configure Juniper Security devices in a variety of lab scenarios. This course now incorporates Security Manager as a configuration interface, and includes coverage of the new SSG and ISG hardware platforms.

Target Audience
Network engineers, support personnel, reseller support, and others responsible for implementing Juniper Security/FWV products utilizing the basic Firewall/VPN features covered in this class.

Objectives
By the end of this course, students will be able to install, configure and maintain Juniper Firewall devices in common environments, and describe the Firewall/VPN packet handling process. Students will also be able to configure a wide range of features. Specific topics include:

• ScreenOS Concepts, Terminology, and Platforms
• ScreenOS Security Architecture
• Describe the flow of a packet through a ScreenOS device
• Establish connectivity to the ScreenOS device
• Device Management
• Manage configuration and software image files
• Perform disaster recovery procedures
• Layer 3 Operations
• Configure static routes
• Configure a loopback interface
• Configure interfaces for NAT or route mode
• Verify and troubleshoot Layer 3 operations
• Policy Configuration including:
  ♦ Traffic logging, counters, scheduling, User Authentication
• Address Translation
• Configure policy-based translation:
  ♦ NAT-src, NAT-dst, VIP, MIP
• Transparant Mode
• VPN Concepts
• Policy Based VPNs
• Configure a IKE based VPN binding to Policies with:
  ♦ Phase 1 Gateways, Phase 2 AutoKey IKE, Address and Service Books
• Route Based VPNs

Prerequisites:

This course assumes that students have basic networking knowledge and experience in the following areas:

• Ethernet
• Transparent Bridging
• TCP/IP Operations
• IP Addressing
• Routing

This course also prepares students for the Juniper Networks JNCIA-FWV Certification exam, whose topics are based on the content of this course.

Duration:  3 Days 

Overview:

This two-day course discusses the basic operations of Juniper Security Manager.
Key topics include server and domain administration, device configuration, template creation and management, policy creation and management, logging, and report generation.
Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of Security Manager.

Target Audience

Network engineers, support personnel, reseller support, and others responsible for monitoring and managing Juniper Firewall products utilizing the Security Manager features covered in this class.

Objectives By the end of this course, students will be able to use Juniper Security Manager to manage Firewall/VPN products. Specific topics include:

• Security Manager Terms and Concepts
• Security Manager architecture components
• Server Administration
• Describe Security Manager directory structure and file
• Describe HA functionality and options
• Configure subdomains and custom administrator roles
• Configure administration authentication options
• Add devices to domai
• Configure commonly-used objects
• Create and apply templates
• Create policies for firewall and IDP devices
• Discuss best practices for policy import/merge/management
• Manage configurations between Security Manager and managed devices
• Perform routine device management tasks
• Create custom log views
• Export log data for use in external reporting systems
• Use the Log Investigator to summarize attack information
• Run and customize the built in reports
• Use Action Manager
• Describe the SRS architecture
• Configure admin console to communicate with the GUI Server and Device Server
• Set up users and user groups
• Set up devices and device groups
• Use the Web UI to generate reports
• Manage the database

Prerequisites:

This course assumes that students have general networking knowledge, including Ethernet, TCP/IP, and routing concepts. and experience in configuring network devices.

Duration:  2 Days    

Overview:

This three-day intermediate-level course focuses on integrating Juniper Networks Firewall/VPN devices into complex, dynamic networks. Key topics include virtual systems, dynamic routing, multicast routing, NSRP, and quality of service features.
Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting these features. Students will have the opportunity to apply their knowledge in hands-on labs.

Target Audience
Network engineers, support personnel, reseller support, and technicians responsible for implementing Juniper Firewall products utilizing the High Availability products and features covered in this class.

Objectives
By the end of this course, students will be able to configure Juniper Firewall/VPN appliances and systems that support the virtualization feature set, including subinterfaces and virtual systems. Students will also be able to configure NSRP in both active/passive and active/active deployments.

Specific topics include:

• ScreenOS Review
• OSPF o Configure single-area and multi-area OSPF
  o Verify and troubleshoot OSPF operations
  o Configure route redistribution within OSPF
  o Optimize the routing table
• BGP o Configure EBGP and IBGP
  o Verify and troubleshoot BGP operations
  o Provide connectivity for BGP peers
  o IBGP Full Mesh
• Advanced Static Routing
  o Configure Source-based routing
  o Configure Policy-based routing
  0 Configure advanced applications of destination routing
• Multicast o Configure IGMP
  o Configure PIM-SM
  o Configure multicast policies
• NSRP o Configure Active/Passive operations
  o Configure Active/Active operations
  o Imlement NSRP and dynamic routing
• Virtual Systems o Configure NSRP
  o Active/passive
  o VSD-less cluster
  o Verify NSRP operations
  o Ttune NSRP failover behavior
  o Configure redundant interfaces
• Quality of Service / Traffic Shaping o Egress traffic shaping
  o Ingress policing
  o DSCP marking

Prerequisites:

This course assumes that students have successfully attended the CJFV course or have the equivalent experiences with ScreenOS. Specifically, students need to be familiar with configuration of:

• Zones and Interfaces
• Virtual router and inter-VR routing
• Address Translation
• VPN's

This course is part of the curriculum necessary to attain the Juniper Networks JNCIS-FWV Certification. Exam topics are based on user experience and the content of this course, among others.

Duration:  3 Days  

Overview:

This two-day course discusses the configuration of the Unified Access Control solution offered by Juniper Networks. Students will work with the solution elements: the Infranet Controller, the Infranet Enforcer, and the Infranet Agent, to configure secured access to network resources.

Key topics include Unified Access Control deployment, basic implementation, and element configuration.

Students will have the opportunity to apply their knowledge in several hands-on labs.

Target Audience
Network engineers, support personnel, reseller support, and others responsible for implementing Juniper Infranet Access Controller products utilizing the objectives covered in this class.

Objectives
By the end of this course, students will be able to install, configure and maintain Juniper Infranet Controller devices in common environments.
Specific topics include:

• Describe the components of the UAC solution
• Discuss sample UAC deployments
• Configure basic interconnectivity among UAC components
• Describe the access management framework
• Configure Infranet Controller access management elements
• Configure the Infranet Enforcer
• Describe and configure the Infranet Controller to use RADIUS for 802.1X enforcement
• Describe switch configuration requirements
• Describe using an Infranet Enforcer as an 802.1X RADIUS client
• Use the integrated logging functions to verify user connectivity and policy assignment
• Use policy tracing to troubleshoot user policy assignment
• Manage configuration files
• Enable available user authentication options
• Configure authentication options using:
  o AD/NT
  o RADIUS
  o LDAP
  o Single sign-on
• Configure guest access and anonymous authentication
• Discuss endpoint defense options
• Configure Host Checker
• Configure remediation options
• Configure Odyssey Access Client options
• Configure agentless connectivity

Prerequisites:

Completion of CJFV or equivalent experience with NetScreen firewalls is required. The course also assumes that students have moderate background in internetworking basics, security concepts, network administration, and application support.

Duration:  2 Days

Overview:

This two-day course is a survey of various IPSec VPN configurations as well as alternatives (i.e. GRE), and includes instruction on deploying dynamic routing over VPNs. Upon completing this course, a student should be able to return to work and successfully install, configure, and verify that a ScreenOS-based device is functioning in a VPN configuration. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting the VPN designs discussed in class.

Target Audience
Network engineers, support personnel, reseller support, and technicians responsible for implementing Juniper Firewall/VPN products and deisging and configuring the advanced VPN components covered in this class.

Objectives
Students attending the course will learn various deployments through detailed lectures and hands-on lab exercises. Topics include:

• ScreenOS Basic VPN Setup
• Certificates
• VPN variations
  o Dynamic peer
  o Overlapping addresses
  o Transparent mode
• Hub and Spoke VPNs
• Routing over VPNs
  o RIP
  o OSPF
  o Static Routing
• GRE tunnels
• VPN redundancy
• Dial-Up VPNs
  o Basic
  o Group IKE ID
  o XAUTH/Shared IKE ID
• NetScreen Remote

Prerequisites:

This course assumes that students have successfully attended the CJFV course or have equivalent experience with the FWV ScreenOS. Specifically, students need to be familiar with configuration of:

• Zones, Interfaces and Virtual Routers
• Policy Based VPNs
• Route Based VPNs

This course is part of the curriculum necessary to attain the Juniper Networks JNCIS-FWV Certification. Exam topics are based on user experience and the content of this course, among others.

Duration:  2 Days    

Overview:

This one-day course focuses on the attack prevention features of ScreenOS products. Key topics include SCREEN scanning, anti-virus protection, deep inspection attack detection, Web URL filtering, anti-spam, anti-phishing and anti-spyware capabilities of ScreenOS.
Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting these advanced security features.

Target Audience
Network engineers, support personnel, reseller support, and technicians responsible for implementing Juniper Firewall/VPN products utilizing the features covered in this class.

Objectives
By the end of this course, students will be able to configure these advanced security features:

• SCREEN
• Anti-virus
• Deep Inspection
• Web filtering
• Anti-spam, anti-phishing
• Anti-spyware

Prerequisites:

This course assumes that students have successfully attended the CJFV and completion of SMF course or equivalent product experience using Security Manager. Students also need to be familiar with configuration of:

• Zones and Interfaces
• Virtual router and inter-VR routing
• Address Translation
• VPN's

This course is part of the curriculum necessary to attain the Juniper Networks JNCIS-FWV Certification. Exam topics are based on user experience and the content of this course, among others.

Duration:  1 Days 

Overview:

This two-day course discusses the configuration of Secure Access (SA) products in a typical network environment. Key topics include SSL access technologies, basic implementation, and configuration and management options. Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting basic facets of the SA products.

Target Audience
Network engineers, support personnel, reseller support, and technicians responsible for implementing and monitoring Netscreen Secure Access products.

Objectives:
After successfully completing this course, you should be able to deploy the SA products to support common environments. Specific topics include the following:

• Introduction to Secure Sockets Layer (SSL) protocol and public key infrastructure (PKI)
• Typical deployment scenarios
• Roles
• Realms
• Resource policies
• Sign-in policies
• Authentication servers
• Lightweight Directory Access Protocol (LDAP)
• RADIUS (including two-factor)
• NT
• Network Information Service (NIS)
• Authentication policies
• Host Checker
• Cache Cleaner
• Client/server support
• J-SAM
• W-SAM
• Network Connect
• Troubleshooting

Prerequisites:

This course assumes that students have moderate background in internetworking basics, security concepts, network administration, and application support.

Duration:  2 Days 

Overview:

This two-day course discusses the advanced configuration of Secure Access (SA) products. Key topics include PKI support, additional authentication and authorization servers, complex policies, customization, virtual systems, high availability, and Secure Meeting. Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting advanced features of the SA products.

Audience
The target audience includes network engineers, support personnel, reseller support, and anyone responsible for implementing SA products.

Objectives:

• Advanced access management
  � Public key infrastructure (PKI) support
  � Certificate revocation lists (CRL)
  � Virtual hosting
  � Single sign-on (SSO)
• Advanced authentication
  � Certificate
  � Anonymous
  � Netegrity
  � SAML
• Advanced policies
  � Rewriting policies
  � Authentication policies
  � Role mapping
  � Resource policies
• Password management
• Administrative delegation
• Custom user interface (UI)
• Clustering
• Instant Virtual System (IVS)
• Secure meeting

Prerequisites:

This course assumes that students have successfully attended the Configuring Juniper Networks Secure Access (CJSA) course or have equivalent experience with the Juniper Networks Secure Access products. Specifically, students need to be familiar with the configuration of:

• Roles
• Realms
• Resource Policies
• Authentication Servers

Duration:  2 Days

Overview:

The 3-day IIDP course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include: sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.0.

Through demonstrations and hands on labs, students will gain experience in configuring, testing, and troubleshooting the IDP sensor.

Target Audience
Network engineers, support personnel, reseller support, and technicians responsible for implementing and monitoring Netscreen Intrusion Detection products.

Objectives
By the end of this course, attendees will be able to identify the appropriate implementation and usage of 4.0 release of the IDP product at a foundational level.
Specific topics include:

• IDP three-tier architecture
• IDP sensor transparent mode
• Configuration of IDP Sensor
• IDP sensor deployment process
• Attach IDP sensor to network
• Creating initial IDP policy
• IDP rule components
• Packet flow through IDP sensor
• Fine-tuning Security Policies
  o Step 1: Identify Machines to Monitor
  o Step 2: Eliminate False Positives
  o Step 3: Configure Response to Real Attacks
  o Step 4: Configure Other Rulebases to Detect Attacks
• Configuring Other Rulebases o Exempt Rulebase
  o Traffic Anomolies Rulebase
  o Backdoor Detection Rulebase
  o SYN Protector Rulebase
  o Network Honeypot Rulebase
• Using Profiler for Network Discovery
• Using Profiler to Detect New Devices and Ports
• Managing policies and decoder engine with scio
• Managing sensor configuration with scio
• Monitoring with sctop
• Managing Attack Objects
• Updating attack objects
• Searching attack DB
• Creating Custom Signatures
• IDP packet inspection
• Configuring simple and compound signatures
• Maintenance & Troubleshooting
• Backup of sensor
• High-Availability

Prerequisites:

This course assumes that students have basic networking knowledge and experience in the following areas:

• Internetworking basics
• TCP/IP Operations
• Network security concepts
• Network administration
• Application support

This course also prepares students for the Juniper Networks JNCIA-IDP Certification exam, whose topics are based on the content of this course.

Duration:  3 Days