Advanced Juniper Security (AJSEC)
- Course Code JUN_AJSEC
- Duration 4 days
Course Delivery
Jump to:
Course Delivery
This course is available in the following formats:
-
Public Classroom
Traditional Classroom Learning
-
Virtual Learning
Learning that is virtual
Request this course in a different delivery format.
Course Overview
TopThis four-day course, which is designed to build off the current Juniper Security (JSEC) offering, delves deeper into Junos security, next-generation security features, and ATP supporting software.
Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of advanced logging and reporting, next generation Layer 2 security, next generation advanced anti-malware with Juniper ATP On-Prem and SecIntel.
This course uses Juniper Networks SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release 20.1R1.11, Junos Space Security Director 19.4, Juniper ATP On-Prem version 5.0.7.
Course Level
Advanced Juniper Security (AJSEC) is an advanced-level course.
Relevant Juniper Product
• Security • Junos OS • SRX Series • vSRX Series • Sky ATP • SDSN
Course Schedule
Top-
- Delivery Format: Virtual Learning
- Date: 16-19 December, 2024
- Location: Virtual
-
- Delivery Format: Virtual Learning
- Date: 23-26 June, 2025
- Location: Virtual
-
- Delivery Format: Virtual Learning
- Date: 01-04 December, 2025
- Location: Virtual
Target Audience
TopThis course benefits individuals responsible for implementing, monitoring, and troubleshooting Juniper security components.
Course Objectives
Top• Demonstrate understanding of concepts covered in the prerequisite Juniper Security courses.
• Describe the various forms of security supported by the Junos OS.
• Describe the Juniper Connected Security model.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Implement next generation Layer 2 security features.
• Demonstrate understanding of Logical Systems (LSYS).
• Demonstrate understanding of Tenant Systems (TSYS).
• Implement virtual routing instances in a security setting.
• Describe and configure route sharing between routing instances using logical tunnel interfaces.
• Describe and discuss Juniper ATP and its function in the network.
• Describe and implement Juniper Connected Security with Policy Enforcer in a network.
• Describe firewall filters use on a security device.
• Implement firewall filters to route traffic.
• Explain how to troubleshoot zone problems.
• Describe the tools available to troubleshoot SRX Series devices.
• Describe and implement IPsec VPN in a hub-and-spoke model.
• Describe the PKI infrastructure.
• Implement certificates to build an ADVPN network.
• Describe using NAT, CoS and routing protocols over IPsec VPNs.
• Implement NAT and routing protocols over an IPsec VPN.
• Describe the logs and troubleshooting methodologies to fix IPsec VPNs.
• Implement working IPsec VPNs when given configuration that are broken.
• Describe Incident Reporting with Juniper ATP On-Prem device.
• Configure mitigation response to prevent spread of malware.
• Explain SecIntel uses and when to use them.
• Describe the systems that work with SecIntel.
• Describe and implement advanced NAT options on the SRX Series devices.
• Explain DNS doctoring and when to use it.
• Describe NAT troubleshooting logs and techniques.
Course Content
TopDay 1
Course Introduction
Junos Layer 2 Packet Handling and Security Features
• Transparent Mode Security
• Secure Wire
• Layer 2 Next Generation Ethernet Switching
• MACsec
LAB 1: Implementing Layer 2 Security
Firewall Filters
• Using Firewall Filters to Troubleshoot
• Routing Instances
• Filter-Based Forwarding
LAB 2: Implementing Firewall Filters
Troubleshooting Zones and Policies
• General Troubleshooting for Junos Devices
• Troubleshooting Tools
• Troubleshooting Zones and Policies
• Zone and Policy Case Studies
LAB 3: Troubleshooting Zones and Policies
Day 2
Hub-and-Spoke VPN
• Overview
• Configuration and Monitoring
LAB 4: Implementing Hub-and-Spoke VPNs
Advanced NAT
• Configuring Persistent NAT
• Demonstrate DNS Doctoring
• Configure IPv6 NAT Operations
• Troubleshooting NAT
LAB: 5: Implementing Advanced NAT Features
Logical and Tenant Systems
• Overview
• Administrative Roles
• Differences Between LSYS and TSYS
• Configuring LSYS
• Configuring TSYS
LAB 6: Implementing TSYS
Day 3
PKI and ADVPNs
• PKI Overview
• PKI Configuration
• ADVPN Overview
• ADVPN Configuration and Monitoring
LAB 7: Implementing ADVPNs
Advanced IPsec
• NAT with IPsec
• Class of Service with IPsec
• Best Practices
• Routing OSPF over VPNs
LAB 8: Implementing Advanced IPsec Solutions
Troubleshooting IPsec
• IPsec Troubleshooting Overview
• Troubleshooting IKE Phase 1 and 2
• IPsec Logging
• IPsec Case Studies
LAB 9: Troubleshooting IPsec
Day 4
Juniper Connected Security
• Security Models
• Enforcement on Every Network Device
SecIntel
• Security Feed
• Encrypted Traffic Analysis
• Use Cases for SecIntel
LAB 10: Implementing SecIntel
Advanced Juniper ATP On-Prem
• Collectors
• Private Mode
• Incident Response
• Deployment Models
LAB 11: Implementing Advanced ATP On-Prem
Automated Threat Mitigation
• Identify and Mitigate Malware Threats
• Automate Security Mitigation
LAB 12: Identifying and Mitigating Threats
Group VPNs
• Overview
• Implementing Group VPNs
Course Prerequisites
Top• Strong level of TCP/IP networking and security knowledge
• Complete the Juniper Security (JSEC) course prior to attending this class
Test Certification
TopJNCIP-SEC exam topics are based on the content of the recommended instructor-led training courses, as well as the additional resources.
• Exam code: JN0-635
• Written exam
• Administered by Pearson VUE
• Exam length: 120 minutes
• Exam type: 65 multiple choice questions
• Pass/fail status is available immediately
The JNCIP-SEC certification is valid for three years.
Exams can be purchased and scheduled at https://home.pearsonvue.com/junipernetworks/
Follow on Courses
TopJNCIE-SEC Bootcamp
Further Information
TopDelegates will receive an official set of e-kit courseware approximately 1 week prior to the start of the course.
- ARR_JUN_AJSEC
- Advanced Juniper Security (AJSEC)
- Security
- ARR_JUN_AJSEC | Advanced Juniper Security (AJSEC) | Training Course | Juniper.
- Juniper