Visão Geral

Esse curso cobre configuração, operação e implementação do equipamento SRX Series Service Gateway em um ambiente de rede típico. Os principais tópicos que compõem esse curso incluem tecnologias de segurança como zonas de segurança, políticas de segurança, detecção e prevenção de intruso (IDP), tradução de endereço (NAT), alta disponibilidade (cluster), assim como detalhes pertencentes à configuração, implementação e gerenciamento básicos. E como implementar estas características com o Junos Space e o Security Director.
Através da realização de laboratórios “hands-on” os alunos ganharão experiência em configuração e monitoração do JUNOS para os equipamentos SRX. O curso também inclui labs de Junos Space e Security Director.

PROGRAMAÇÃO

Day 1

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

Traditional Routing and Security
Architecture Overview of Junos Security Devices
Logical Packet Flow through Junos Security Devices
Junos Space and Security Director Overview

Chapter 3: Zones and Screen Options
The Definition of Zones
Zone Configuration
Monitoring Security Zones
Configuring Screen Options
Screen Options Case Study
Lab 1: Zones and Screen Options

Chapter 4: Security Policies
Security Policy Overview
Policy Components
Policy Case Study
Lab 2: Security Policies

Chapter 5: Security Director Firewall Policies
Firewall Policy Configuration
Firewall Policy Processing Order
Deploying Firewall Policies
Monitoring Firewall Policies
Lab 3: Security Director Firewall Policies

Day 2

Chapter 6: Advanced Security Policy
Session Management
Junos ALGs
Policy Scheduling
Logging
Advanced Security Policy with Security Director
Lab 4: Advanced Policy Options

Chapter 7: Troubleshooting Zones and Policies
General Troubleshooting for Junos Devices
Troubleshooting Tools
Troubleshooting Zones and Policies
Zone and Policy Case Studies
Lab 5: Troubleshooting Security Zones and Policies

Chapter 8: Network Address Translation
NAT Overview
Source NAT
Destination NAT
Static NAT
Proxy ARP
Configuring NAT in Security Director
Lab 6: Network Address Translation

Chapter 9: Advanced NAT
Persistent NAT
DNS Doctoring
IPv6 with NAT
Advanced NAT Scenarios
Troubleshooting NAT
Lab 7: Advanced NAT

Day 3

Chapter 10: IPsec VPN Concepts
VPN Types
Secure VPN Requirements
IPsec Tunnel Establishment
IPsec Traffic Processing

Chapter 11: IPsec VPN Implementation
IPsec VPN Configuration
IPsec VPN Configuration Case Study
Proxy IDs and Traffic Selectors
Monitoring IPsec VPNs
Lab 8: Implementing IPsec VPNs

Chapter 12: Hub-and-Spoke VPNs
Hub-and-Spoke VPN Overview
Hub-and-Spoke Configuration and Monitoring
Hub-and-Spoke Configuration with Security Director
Lab 9: Implementing Hub-and-Spoke VPNs

Chapter 13: Group VPNs
Group VPN Overview
Group VPN Configuration and Monitoring
Lab 10: Implementing Group VPNs

Day 4

Chapter 14: PKI and ADVPNs
Public Key Infrastructure
ADVPN Overview
ADVPN Configuration and Monitoring
Lab 11: Implementing PKI and ADVPNs

Chapter 15: Advanced IPsec
NAT with IPsec
Class of Service with IPsec
Enterprise Best Practices
Routing OSPF over IPsec
IPsec with Overlapping Addresses
IPsec with Dynamic Gateway IP Addresses
Lab 12: Advanced IPsec VPN Scenarios

Chapter 16: Troubleshooting IPsec
IPsec Troubleshooting Overview
Troubleshooting IKE Phase 1 and 2
IPsec Logging
IPsec Case Studies
Lab 13: Troubleshooting IPsec

Chapter 17: Chassis Cluster Concepts
Chassis Clustering Overview
Chassis Cluster Components
Chassis Cluster Operation

Day 5

Chapter 18: Chassis Cluster Implementation
Chassis Cluster Configuration
Advanced Chassis Cluster Options
Lab 14: Implementing High Availability Techniques

Chapter 19: Troubleshooting Chassis Clusters
Troubleshooting Chassis Clusters
Chassis Cluster Case Studies
Lab 15: Troubleshooting Chassis Clusters

Appendix A: SRX Series Hardware and Interfaces
Branch SRX Platform Overview
High-End SRX Platform Overview
SRX Traffic Flow and Distribution
SRX Interfaces

Appendix B: Virtual SRX
Virtualization Overview
Network Virtualization and SDN
Overview of the Virtual SRX
Deployment Scenarios
Integration with AWS

Pré-Requisito

Os alunos devem ter conhecimento básico de rede, conhecimento do modelo de referência OSI (Open Systems Interconnection) e conhecimento de TCP/IP. Também devem participar dos cursos IJOS (Introduction to JUNOS software) e JRE (JUNOS Routing Essentials) antes de realizar esse curso – ou ter experiência equivalente com o JUNOS.

Quem Somos?

Criada em 2008 para atender à crescente demanda por treinamentos, a inLearn deixou de ser uma empresa focada apenas no atendimento de necessidades pontuais, passando a ser um braço de outsourcing de educação, estratégico para distribuidores e integradores de TI, além de buscar oferecer soluções educacionais de diversas áreas de interesse corporativo.

Ao longo de nossa história já capacitamos mais de 10.000 alunos, não apenas em nossas salas de aula, mas também nas instalações dos nossos clientes ou parceiros, com abrangência na América Latina.

Saiba mais

Entre em Contato