Configuring Juniper Networks Firewall/IPSec VPN Products
Course Description and Outline:
This lab-intensive, hands-on, three-day course is a survey of the most-commonly used features of ScreenOS, and is designed to provide a broad overview of the wide range of functions these devices can serve in a network. Upon completing this course, a student should be able to return to work and successfully install, configure, and verify that a ScreenOS-based device is providing basic firewall and VPN functionality.
* Day 1:
Introduction
ScreenOS Concepts, Terminology, and Platforms
• Describe the requirements of a security device
• Describe the ScreenOS Security Architecture
• Describe the flow of a packet through a ScreenOS device
• Select ScreenOS-based devices based on deployment requirements
Initial Connectivity
• Describe the functions performed by different system components
• Select a user interface based on business and task requirements
• Establish connectivity to the ScreenOS device using best-practice recommendations
Device Management
• Connect to external management devices
• Manage license keys
• Manage configuration and software image files
• Perform disaster recovery procedures
* Day 2:
Layer 3 Operations
• Explain the need for routing
• Explain the virtual router architecture
• Configure static routes
• Explain the use of a loopback interface
• Configure a loopback interface
• Explain the difference between NAT and route interface modes
• Configure interfaces for NAT or route mode
• Verify and troubleshoot Layer 3 operations
Basic Policy Configuration
• Review security policy functionality
• Configure a basic security policy using the following elements
o Address book entries and groups o Custom services and service groups
o Multi-cell policies
• List potential problems associated with policy creation and modification
• Configure global policy rules
• Verifying policies
Policy Options
• Configure policy options, including:
o Traffic logging
o Traffic counters
o Scheduling
o User Authentication
• Verify operations of policy options
Address Translation
• Discuss scenarios for policy-based translation
o Unidirectional outbound
o Unidirectional inbound
o Bidirectional
• Configure policy-based translation
o NAT-src
o NAT-dst
o VIP
o MIP
* Day 3:
Transparent Mode
• Describe the advantages of Transparent Mode operation
• Distinguish between transparent mode zones and interfaces and Layer 3 mode zones and interfaces
• Use the VLAN1 interface to manage the ScreenOS device in Transparent Mode
VPN Concepts
• Define virtual private network
• List three security concerns and describe how to address them
• List the components of the IPSec protocol suite
• Explain the IKE protocol process for tunnel establishment
Policy Based VPNs
• Define the term policy-based VPN
• Identify the minimum components needed to configure a Policy-based VPN
• Configure a IKE based VPN binding to Policies with:
o Phase 1 Gateways
o Phase 2 AutoKey IKE
o Address and Service Books
• Verify operations
Route Based VPNs
• Explain the concepts of a route-based VPN
• Configure route-based VPNs with the following options:
o Fixed IP v Unnumbered IP
o Proxy ID Settings
o VPN Monitoring
• Verify operations
* Day 2:
Layer 3 Operations
• Explain the need for routing
• Explain the virtual router architecture
• Configure static routes
• Explain the use of a loopback interface
• Configure a loopback interface
• Explain the difference between NAT and route interface modes
• Configure interfaces for NAT or route mode
• Verify and troubleshoot Layer 3 operations
Basic Policy Configuration
• Review security policy functionality
• Configure a basic security policy using the following elements
o Address book entries and groups o Custom services and service groups
o Multi-cell policies
• List potential problems associated with policy creation and modification
• Configure global policy rules
• Verifying policies
Policy Options
• Configure policy options, including:
o Traffic logging
o Traffic counters
o Scheduling
o User Authentication
• Verify operations of policy options
Address Translation
• Discuss scenarios for policy-based translation
o Unidirectional outbound
o Unidirectional inbound
o Bidirectional
• Configure policy-based translation
o NAT-src
o NAT-dst
o VIP
o MIP
* Day 3:
Transparent Mode
• Describe the advantages of Transparent Mode operation
• Distinguish between transparent mode zones and interfaces and Layer 3 mode zones and interfaces
• Use the VLAN1 interface to manage the ScreenOS device in Transparent Mode
VPN Concepts
• Define virtual private network
• List three security concerns and describe how to address them
• List the components of the IPSec protocol suite
• Explain the IKE protocol process for tunnel establishment
Policy Based VPNs
• Define the term policy-based VPN
• Identify the minimum components needed to configure a Policy-based VPN
• Configure a IKE based VPN binding to Policies with:
o Phase 1 Gateways
o Phase 2 AutoKey IKE
o Address and Service Books
• Verify operations
Route Based VPNs
• Explain the concepts of a route-based VPN
• Configure route-based VPNs with the following options:
o Fixed IP v Unnumbered IP
o Proxy ID Settings
o VPN Monitoring
• Verify operations