Hi All,
How I prepared myself for the JNCIE-SEC Beta lab Exams.
Intro/background:
I have been working with ScreenOs from 1999, so I know the security features and flow very well. Which is a plus, because they re use a lot of these in Junos for security.
2 a 3 years ago I started to play with Junos because they released a special version Junos-es (enhanced services) for the J-series routers that had some of the security features there.
Then they came with the EX devices and SRX devices and worked more with Junos then ScreenOs.
From then on I wanted to know as much as I can about this OS and all there features (EX/SRX/MX/etc).
In the beginning of my career I did Cisco and worked up to CCNP and almost started to do the CCIE, but never went there because a move from switching/routing to Security.
That day I stated “whenever there is a netscreen CCIE like certificate I want to get it”
And this certificate is there now (not on ScreenOs, but on Junos) JNCIE-SEC.
What I want to tell with above information is that you first need extensive practical experience to start with the JNCIE-SEC journey.
Preparation:
To prepare myself for the lab I first did all the other written exams (JNCIS-SEC/JNCIP-SEC). The first was no problem, but the JNCIP-Sec wasn’t that easy, my first attempt I didn’t pass (I didn’t study for it because I was pretty sure I would pass based on my hands-on experience. (Which wasn’t the fact)
There was a topic that I never heard of …. Group vpn!
The second time I order the 2 juniper courses to prepare myself. After reading them I did it again and passed. (courses: Advanced Junos Security (AJSEC) ,Junos Intrusion Prevention System Functionality (JIPS) )
So this exam was good to see which topics I never did in real life and needed to do in lab environment.
Lab setup:
Then I build a lab setup, where I could test most of the topic that were listed in the lab topic:
• Complex policy implementations, including anti-virus scanning, and URL filtering
• IPS, IPSec VPNs, including PKI, hub-and-spoke, transparent mode, dynamic, and overlapping address designs;
• HA
• Troubleshooting of policy, routing, and IPSec VPNs
• Traffic management
• Advanced management configurations
• VLANs
• Aggregated Ethernet.
This is the lab schema:
2 x SRX100: (HA, IPS, UTM, VPN, OSPF)
1 x SRX100: Remote Sites (VPN, OSPF)
With this setup I tested the following things:
• Complex policy implementations, including anti-virus scanning, and URL filtering
• IPS, IPSec VPNs, hub-and-spoke, dynamic, and overlapping address designs.
• HA
• Troubleshooting of policy, routing, and IPSec VPNs
• Traffic management
I didn’t test following things:
• PKI, transparent mode
• Advanced management configurations
• VLANs
• Aggregated Ethernet
I didn’t test these because i know how these work (hands-on experience)
Be aware: this doesn’t mean it is not in the lab exams!
To give some more details on the things I tested:
With the srx100 we made a cluster. This device did all the IPS and UTM stuff.
We connected 2 srx100 with vpn(one fixed ip and one with a dynamic ip (so we both had dynamic and static vpn peer). We enabled OSPF between the 2 devices.
We also tested the “Group VPN”, because we never did this before and wanted to see what I could do and how you needed to build it.
One of the last tests was to ask a college of mine to change some stuff and try to find what the problem was. (Test some advanced troubleshooting )
The day before I did my exams I also configure some Dynamic VPN (remote ipsec client feature) on the srx. (This was in the bar of my hotel, with I nice beer)
Tips:
- Read all your questions in the beginning and make a L3 drawing of the setup
- Know your configuration commands (you don’t have much time)
- The whole exam is in CLI (no web or nsm)
- Be sure you can configure all the topics that are in the exam description!
That’s all good luck all.
Subscribe to:
Post Comments (Atom)
5 comments:
Thanks Man. I was really looking forward for this guide.
Kashif Zareef
Hi Frac, which type of juniper srx for your lab test?
Thx
I used srx100 (stated in the post).
if its not violating the NDA, can i know what is the junos version used in the exam and how many devices are to be configured in the lab ?
Great, it is helpful for my studying.
Post a Comment