Advanced Juniper Security

Duration : 4 Days (32 Hours)

Advanced Juniper Security Course Overview:

This four-day course extends beyond the existing Juniper Security (JSEC) program, providing a deeper dive into Junos security, next-generation security features, and ATP support software. Through practical demonstrations and hands-on labs, participants will gain expertise in configuring and monitoring advanced Junos OS security features, including comprehensive coverage of advanced logging and reporting, next-generation Layer 2 security, and advanced anti-malware using Juniper ATP On-Prem and SecIntel. The course utilizes Juniper Networks SRX Series Services Gateways for the hands-on training component. It is based on Junos OS Release 20.1R1.11, Junos Space Security Director 19.4, and Juniper ATP On-Prem version 5.0.7.

Intended Audience:

  • Individuals responsible for configuring and monitoring devices running the Junos OS

Learning Objectives of Advanced Juniper Security:

  • Demonstrate understanding of concepts covered in the prerequisite Juniper
    Security courses.
  • Describe the various forms of security supported by the Junos OS.
  • Describe the Juniper Connected Security model.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Implement next generation Layer 2 security features.
  • Demonstrate understanding of Logical Systems (LSYS).
  • Demonstrate understanding of Tenant Systems (TSYS).
  • Implement virtual routing instances in a security setting.
  • Describe and configure route sharing between routing instances using logical
    tunnel interfaces.
  • Describe and discuss Juniper ATP and its function in the network.
  • Describe and implement Juniper Connected Security with Policy Enforcer in a
  • Describe firewall filters use on a security device.
  • Implement firewall filters to route traffic.
  • Explain how to troubleshoot zone problems.
  • Describe the tools available to troubleshoot SRX Series devices.
  • Describe and implement IPsec VPN in a hub-and-spoke model.
  • Describe the PKI infrastructure.
  • Implement certificates to build an ADVPN network.
  • Describe using NAT, CoS and routing protocols over IPsec VPNs.
  • Implement NAT and routing protocols over an IPsec VPN.
  • Describe the logs and troubleshooting methodologies to fix IPsec VPNs.
  • Implement working IPsec VPNs when given configuration that are broken.
  • Describe Incident Reporting with Juniper ATP On-Prem device.
  • Configure mitigation response to prevent spread of malware.
  • Explain SecIntel uses and when to use them.
  • Describe the systems that work with SecIntel.
  • Describe and implement advanced NAT options on the SRX Series devices.
  • Explain DNS doctoring and when to use it.
  • Describe NAT troubleshooting logs and techniques.

Module 1: Course Introduction

  • Overview of the course.

Module 2: Junos Layer 2 Packet Handling and Security Features

  • Transparent Mode Security
  • Secure Wire
  • Layer 2 Next Generation Ethernet Switching
  • MACsec
  • Lab 1: Implementing Layer 2 Security

Module 3: Firewall Filters

  • Using Firewall Filters to Troubleshoot
  • Routing Instances
  • Filter-Based Forwarding
  • Lab 2: Implementing Firewall Filters

Module 4: Troubleshooting Zones and Policies

  • General Troubleshooting for Junos Devices
  • Troubleshooting Tools
  • Troubleshooting Zones and Policies
  • Zone and Policy Case Studies
  • Lab 3: Troubleshooting Zones and Policies

Module 5: Hub-and-Spoke VPN

  • Overview
  • Configuration and Monitoring
  • Lab 4: Implementing Hub-and-Spoke VPNs

Module 6: Advanced NAT

  • Configuring Persistent NAT
  • DNS Doctoring Demonstration
  • Configure IPv6 NAT Operations
  • Troubleshooting NAT
  • Lab 5: Implementing Advanced NAT Features

Module 7: Logical and Tenant Systems

  • Overview
  • Administrative Roles
  • Differences Between LSYS and TSYS
  • Configuring LSYS
  • Configuring TSYS
  • Lab 6: Implementing TSYS

Module 8: PKI and ADVPNs

  • PKI Overview
  • PKI Configuration
  • ADVPN Overview
  • ADVPN Configuration and Monitoring
  • Lab 7: Implementing ADVPNs

Module 9: Advanced IPsec

  • NAT with IPsec
  • Class of Service with IPsec
  • Best Practices
  • Routing OSPF over VPNs
  • Lab 8: Implementing Advanced IPsec Solutions

Module 10: Troubleshooting IPsec

  • IPsec Troubleshooting Overview
  • Troubleshooting IKE Phase 1 and 2
  • IPsec Logging
  • IPsec Case Studies
  • Lab 9: Troubleshooting IPsec

Module 11: Juniper Connected Security

  • Security Models
  • Enforcement on Every Network Device

Module 12: SecIntel

  • Security Feed
  • Encrypted Traffic Analysis
  • Use Cases for SecIntel
  • Lab 10: Implementing SecIntel

Module 13: Advanced Juniper ATP On-Prem

  • Collectors
  • Private Mode
  • Incident Response
  • Deployment Models
  • Lab 11: Implementing Advanced ATP On-Prem

Module 14: Automated Threat Mitigation

  • Identify and Mitigate Malware Threats
  • Automate Security Mitigation
  • Lab 12: Identifying and Mitigating Threats

Module A: Group VPNs

  • Overview
  • Implementing Group VPNs

Advanced Juniper Security Course Prerequisites:

  • Strong level of TCP/IP networking and security knowledge
  • Complete the Juniper Security (JSEC) course prior to attending this class

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.