In this course, you will learn to configure the Juniper Networks ScreenOS firewall/virtual private network (VPN) products in a wide range of installations. Through lecture and labs, with significant time allocated for hands-on experience, you will cover basic administrative access, routing, firewall policies and policy options, attack prevention features, address translation, and VPN implementations.

Note: You are required to bring your own laptop to class.

What You'll Learn

• Juniper Networks ScreenOS security architecture
• Configure administrative access and options
• Back up and restore configuration and ScreenOS files
• Configure a ScreenOS device in transparent, route, and Network Address Translation (NAT) modes
• Applications of multiple virtual routers
• Configure the ScreenOS firewall to permit and deny traffic based on user-defined policies
• Configure advanced policy options
• Configure network designs for various types of network address translation
• Configure policy-based and route-based VPN tunnels

Who Needs to Attend

Network engineers, support personnel, reseller support, and others responsible for implementing Juniper Networks firewall products

Prerequisites

Basic networking knowledge and experience, including TCP/IP, bridging, switching, and routing

Follow-On Courses

• Integrating Juniper Networks Firewall/IPSec VPN Products into High-Performance Networks (IFVH)
• Advanced Juniper Networks IPSec VPN Implementations (AJVI)
• tack Prevention with Juniper Networks Firewalls (APJF)

Certification Programs and Certificate Tracks

This course is part of the following programs or tracks:

• Juniper Networks Certified Internet Associate - Firewall/VPN (JNCIA-FWV)

Course Outline

1. ScreenOS Concepts, Terminology, and Platforms

• Security Device Requirements
• ScreenOS Security Architecture
• Juniper Networks Platforms

2. Initial Connectivity

• System Components
• Establishing Connectivity
• Verifying Connectivity

3. Device Management

• Management
• Recovery

4. Layer 3 Operations

• Need for Routing
• Configuring Layer 3
• Verifying Layer 3
• Loopback Interface
• Interface-Based NAT

5. Basic Policy Configuration

• Functionality
• Policy Configuration
• Common Problems
• Global Policy
• Verifying Policies

6. Policy Options

• Logging
• Counting
• Scheduling
• User Authentication

7. Address Translation

• Scenarios
• NAT-src
• NAT-dst
• VIP Addresses
• MIP Addresses

8. Transparent Mode (Optional)

• Description
• Configuration
• Verifying Operations

9. VPN Concepts

• Concepts and Terminology
• IP Security

10. Policy-Based VPNs

• Configuration
• Verifying Operations

11. Route-Based VPNs

• Concepts and Terminology
• Configuring VPNs
• Verifying Operations

12. IPv6

• IPv6 Concepts
• Configuration
• Verifying IPv6 Operations

13. Additional Features (Optional)

• Hardware

Labs

Lab 1: Initial Configuration

Lab 2: Device Administration

Lab 3: Layer 3 Operations

Lab 4: Basic Policy Configuration

Lab 5: Policy Options

Lab 6: Address Translation

Lab 7: Transparent Mode (Optional)

Lab 8: Policy-Based VPNs

Lab 9: Route-Based VPNs

Lab 10: IPv6