Course Overview

Managing Industrial Networks for Manufacturing with Cisco Technologies (IMINS2024) is a lab-intensive course, which helps you with the skills required to successfully implement and troubleshoot the most common industry standard protocols while leveraging best practices needed in security and Wireless technologies for today’s industrial networks. The IMINS2024 course helps plant administrators, control system engineers and traditional network engineers in the manufacturing, process control, and oil and gas industries, who will be involved with the convergence of IT and Industrial networks.

This course is job-role specific and enables you to achieve competency and skills to configure, maintain, and troubleshoot industry-standard network protocols as well as wireless and security technologies to ensure that current infrastructures are maximized while developing a converged platform for flexibility to support future business outcomes. Students will be exposed to multiple industrial network technologies as well as products from Cisco and other industrial suppliers.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Upon completing this course, you will be able to meet these objectives:
  • Understand the functions of the OSI Layers and TCP/IP Model
  • Recognize the differences between Enterprise and Industrial Networks
  • Troubleshoot common issues found in Layers 1, 2, 3 of the OSI Model
  • Describe the functions and components of Ethernet/IP Protocols
  • Configure and troubleshoot CIP on Cisco
  • Describe the functions and components of the PROFINET protocol
  • Configure PROFINET Protocols on Cisco Industrial Ethernet Devices
  • Troubleshoot common PROFINET Issues
  • Identify common network threats and resolutions and configure basic security components (Access Lists and AAA Features)
  • Configure a wireless network within an industrial environment

Course Content

Module 1: Industrial Networking Concepts and Components

  • Contrasting Enterprise and Industrial Environments
  • Configuration Tools for Industrial Ethernet Switches
  • Exploring Layer 2 Considerations
  • Layer 2 Resiliency Using Spanning-tree Protocol
  • Layer 2 Resiliency Considerations
  • Layer 2 Multicast Control and QoS
  • Exploring Layer 3 Considerations

Module 2: General Troubleshooting Issues

  • Troubleshooting Methodologies
  • Troubleshooting Layer 1
  • Troubleshooting Layer 2 Issues
  • Troubleshooting Layer 3 Issues

Module 3: Ethernet/IP

  • Exploring Ethernet/IP Communications
  • Exploring Hardware Capabilities
  • Exploring CIP Sync, CIP Motion, and CIP Safety
  • Exploring Embedded Switch Technology

Module 4: Troubleshooting EtherNet/IP

  • Identifying Common EtherNet/IP Issues
  • EtherNet/IP Troubleshooting Methods and Tools

Module 5: PROFINET

  • Describe PROFINET Functionality and Connection Method
  • Describing Basic PROFINET Devices

Module 6: Configuring PROFINET

  • Enabling and Prioritizing PROFINET at L2
  • Integrating Cisco Industrial Ethernet Switches

Module 7: Troubleshooting PROFINET

  • Identifying PROFINET Troubleshooting Methods
  • Exploring PROFINET Troubleshooting Tools

Module 8: Exploring Security Concerns

  • Overview Of Defense-in-Depth Strategy
  • Controlling Access and Network Traffic

Module 9: 802.11 Industrial Ethernet Wireless Networking

  • Understanding 802.11 Networks
  • Industrial WLAN Design Considerations

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities:

  • Connecting to the remote Lab environment
  • Configuring 802.1q Trunks
  • Configuring and Applying Custom Smartports Macros
  • Configuring and Applying EtherChannel
  • Configuring Resilient Ethernet Protocol
  • Configuring Resilient Ethernet Protocol Features
  • Configuring & Verifying Storm Control
  • Verify IP IGMP Snooping
  • Configure QoS settings
  • Using IOS Troubleshooting Tools
  • Troubleshooting Layer 2 Endpoint Device Connectivity
  • Troubleshooting Layer 2 Inter-Switch Connectivity
  • Troubleshooting Broken REP Segment
  • Troubleshooting Layer 3
  • Perform a Packet Capture
  • Troubleshoot Network Issues
  • Configure CIP on Industrial Switches
  • Troubleshooting EtherNet/IP Communication Issues
  • Configuring PROFINET Support
  • Troubleshoot PROFINET Communication Issues
  • Configure Port Security Mechanisms
  • Configure AAA Authentication using Cisco ISE and 802.1x

Course Overview

Gain practical skills in MLOps and AI Security, including pipeline setup, workflow automation, and threat identification

Dive into the rapidly evolving world of Machine Learning Operations (MLOps) and AI Security with our intensive 3-day boot camp. MLOps bridges the gap between data science and operation teams, delivering continuous collaboration and integration to drive the efficient production of AI models. Similarly, AI Security focuses on protecting AI systems from potential vulnerabilities, a critical skillset given the increasing reliance on AI in modern infrastructures. By mastering these skills, you’ll be able to streamline machine learning projects and bolster security within your organization.

Working in a hands-on workshop style environment guided by our AI security expert, you’ll explore a wide range of topics and hands-on labs designed to provide a robust understanding of both MLOps and AI Security. Starting from an introduction to MLOps, you’ll uncover the importance of this discipline, its distinction from DevOps and DataOps, and its lifecycle. You’ll explore MLOps tools and techniques, including MLflow and Kubeflow, along with pipeline components and best practices. You will be able to set up an MLOps environment, automate ML workflows, monitor and manage models, and implement vital security measures in real-world situations. Lastly, you’ll dive into the world of AI Security, exploring the AI threat landscape and best practices while applying basic security measures in a lab environment. The boot camp wraps up with advanced topics in AI Security, covering AI privacy, ethical considerations, adversarial attacks, and defenses.

Upon completion, you will have gained practical, hands-on skills in operationalizing and securing machine learning workflows, implementing best practices in model management, and understanding ethical considerations in AI Security. Our boot camp ensures that you will have the necessary knowledge to navigate MLOps and AI Security effectively, making your machine learning projects more efficient and secure.

Course Objectives

Throughout the course you’ll learn how to:

  • Gain a solid understanding of the Machine Learning Operations (MLOps) lifecycle, including its purpose, key elements, and how it differs from related fields like DevOps and DataOps.
  • Develop practical skills in using key MLOps tools and techniques, such as setting up an MLOps environment using MLflow and Kubeflow, and working through a basic machine learning pipeline.
  • Master the art of automating machine learning workflows to streamline and improve the efficiency of your machine learning projects.
  • Familiarize yourself with the AI Security landscape, including threat identification and application of best practices for securing machine learning environments.
  • Dive deep into advanced AI Security concepts, including understanding and implementing differential privacy in machine learning models and defending against adversarial attacks.
  • Learn to balance technical implementation with ethical considerations, developing a well-rounded approach to AI Security that respects privacy concerns and adheres to ethical guidelines.

Course Content

Day 1: Introduction to Machine Learning Operations (MLOps)

1. Introduction to MLOps

  • Understanding the need for MLOps
  • Differences between MLOps, DevOps, and DataOps
  • MLOps lifecycle overview

2. MLOps Tools and Techniques

  • Overview of MLOps tools (MLflow, Kubeflow, etc.)
  • MLOps pipeline components
  • MLOps best practices
  • Hands-on Lab: Setting Up an MLOps Environment using MLflow
  • Walking through a simple machine learning pipeline

3. Automating Machine Learning Workflows

  • The role of automation in MLOps
  • Continuous Integration and Continuous Deployment (CI/CD) in machine learning
  • Hands-on Lab: Automating ML workflows

Day 2: Advanced MLOps and Beginning AI Security

4. Model Monitoring and Management

  • Understanding model decay
  • Monitoring model performance in production
  • Model versioning and rollback
  • Hands-on Lab: Model Management
  • Implementing model monitoring with MLflow
  • Experimenting with model versioning and rollback

5. Introduction to AI Security

  • Understanding the need for AI Security
  • Overview of AI threat landscape
  • AI Security best practices
  • Hands-on Lab: Implementing basic security measures in a machine learning environment

Day 3: Advanced AI Security

6. AI Privacy and Ethical Considerations (2 hours)

  • Privacy risks in AI/ML applications
  • Understanding differential privacy
  • Ethical considerations in AI Security
  • Hands-on Lab: Implementing differential privacy in a machine learning model

7. AI Adversarial Attacks and Defenses

  • Understanding adversarial attacks
  • Techniques to defend against adversarial attacks
  • Hands-on Lab: Defending Against Adversarial Attacks
  • Implementing defense measures against sample adversarial attacks

Course Overview

The Lead Cloud Security Manager training course enables participants to develop the competence needed to implement and manage a cloud security program by following widely recognized best practices.

The growing number of organizations that support remote work has increased the use of cloud computing services, which has, in turn, increased the demand for a secure cloud infrastructure proportionally.

This training course is designed to help participants acquire the knowledge and skills needed to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program based on ISO/IEC 27017 and ISO/IEC 27018. It provides a comprehensive elaboration of cloud computing concepts and principles, cloud computing security risk management, cloud-specific controls, cloud security incident management, and cloud security testing.

The training course is followed by the certification exam. If you successfully pass it, you can apply for a “PECB Certified Lead Cloud Security Manager” credential. A PECB Lead Cloud Security Manager Certificate demonstrates your ability and competencies to manage a cloud security program based on best practices.

Course Objectives

  • Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of a cloud security program
  • Acknowledge the correlation between ISO/IEC 27017, ISO/IEC 27018, and other standards and regulatory frameworks
  • Gain the ability to interpret the guidelines of ISO/IEC 27017 and ISO/IEC 27018 in the specific context of an organization
  • Develop the necessary knowledge and competence to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program
  • Acquire the practical knowledge to advise an organization in managing a cloud security program by following best practices

Course Content

Day 1: Introduction to ISO/IEC 27017 and ISO/IEC 27018 and the initiation of a cloud security program

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental cloud computing concepts and principles
  • Understanding the organization’s cloud computing architecture
  • Information security roles and responsibilities related to cloud computing
  • Information security policy for cloud computing

Day 2: Cloud computing security risk management and cloud-specific controls

  • Cloud computing security risk management
  • Selection and design of cloud-specific controls
  • Implementation of cloud-specific controls (part 1)

Day 3: Documented information management and cloud security awareness and training

  • Implementation of cloud-specific controls (part 2)
  • Documented information management in the cloud
  • Cloud security awareness and training

Day 4: Cloud security incident management, testing, monitoring, and continual improvement

  • Cloud security incident management
  • Cloud security testing
  • Monitoring, measurement, analysis, and evaluation
  • Continual improvement
  • Closing of the training course

Course Overview

This two-day course provides foundational troubleshooting skills. In this course, students will learn to use common Junos troubleshooting commands and tools. 

This course will help students to acquire the skills needed to perform basic troubleshooting on Juniper devices. 

Students will learn to troubleshoot the control plane, the forwarding plane, and the secure the connection between the two planes from DDoS attacks. 

Students will also learn to troubleshoot common network services such as DHCP, DNS, and authentication services. 

Students will get hands-on practice using vMX Series, vSRX Series, and vQFX Series devices in the lab. 

The course is based on Junos OS Release 22.3R1. 

Note: For those who have previously taken the Juniper Troubleshooting in the NOC (JTNOC) course, we recommend moving to the next course in the learning path, Advanced Junos Troubleshooting.

This is an Intermediate level course.

Related Juniper Product

Junos OS • vSRX Series • vMX Series • vQFX Series

Course Objectives

• Describe Junos products and related information and recovery options. 

• Explain various tools that can be used to troubleshoot Junos devices. 

• Explain Junos CLI commands used in troubleshooting. 

• Identify and isolate hardware issues. 

• Troubleshoot problems with the control plane. 

• Describe control plane protection features. 

• Troubleshoot problems with interfaces and other data plane components. 

• Describe the staging and acceptance methodology. 

• Troubleshoot networking services. 

• Troubleshoot high availability features. 

• Describe how to monitor your network with SNMP, RMON, Junos Telemetry Interface, Junos Traffic Vision (formerly known as JFlow), and port mirroring.

Course Content

Day 1

Course Introduction 

Junos Product Families 

• Describe the architectural philosophy of devices that run the Junos OS and understand how this relates to troubleshooting 

• Describe traffic processing for transit and exception traffic 

• Describe the function and components of the RE and PFE within a device running the Junos OS 

• Describe FRUs 

• Describe current Junos product families and understand where to go for detailed information about your hardware 

Lab 1: Identifying Hardware Compon 

Troubleshooting Toolkit 

• Describe various tools that can be used to troubleshoot devices that run the Junos operating system 

• Explain JTAC recommendations for current best-practices that facilitate troubleshooting 

Lab 2: Using Monitoring Tools and Establishing a Baseline 

Hardware and Environmental Conditions 

• Describe the key commands and features used to monitor storage and memory issues 

• Describe the key commands and features that you can use to monitor software installations 

• Determine how to find potential hardware problems using system logs 

• Describe the key commands that you can use to monitor hardware and environmental issues 

Lab 3: Monitoring Hardware and Environmental Conditions 

Control Plane 

• Monitor and troubleshoot system processes that reside in the control plane 

• Utilize a logical approach to troubleshooting routing issues that reside in the control plane 

• Monitor and troubleshoot basic bridging and ARP functionalities 

Lab 4: Control Plane Monitoring and Troubleshooting 

Control Plane Protection 

• Describe DDoS attacks 

• Explain and configure the DDoS protection feature 

• Outline using firewall filters to protect the control plane 

Lab 5: Protecting the Control Plane 

Day 2

Data Plane: Interfaces 

• Describe physical and logical interface properties 

• Deactivate and disable interfaces 

• Perform loopback testing 

• Use operational mode commands to monitor and troubleshoot Ethernet interfaces 

Lab 6: Monitoring and Troubleshooting Ethernet Interfaces 

Data Plane: Other Components 

• Recognize data plane problems and components 

• Monitor and troubleshoot data plane forwarding 

• Monitor load balancing 

• Troubleshoot firewall filter and policer issues 

Lab 7: Isolating and Troubleshooting PFE Issues 

Staging and Acceptance Testing 

• Perform a Junos device initial inspection and power-on 

• Perform general system checks recommended for a newly deployed Junos device 

• Determine the status of new interface connections by performing loopback testing and monitoring 

Troubleshooting Network Services 

• Discuss DNS, DHCP, NTP, SSH, SNMP, and telemetry 

• Explain authentication issues 

• Discuss MACsec issues 

• Discuss LLDP issues 

Lab 8: Troubleshooting Network Services 

Troubleshooting High Availability Features 

• Discuss LACP, BFD, NSR, and NSB issues 

• Explain graceful routing engine switchover 

• Explain graceful restart 

• Discuss Aggregated Ethernet issues 

• Discuss MC-LAG issues 

• Discuss VRRP issues 

Network Monitoring 

• Explain how to configure and monitor SNMP 

• Discuss how to configure and monitor RMON 

• Describe how to use the Junos telemetry interface 

• Describe how to use flow monitoring 

Lab 9: Monitoring the Network 

Appendix A: Junos RPM 

• Explain the purpose of the Junos RPM 

• Describe the components of the Junos RPM 

• Implement Junos RPM Probes 

• Monitor the deployed Probes

Course Overview

This two-day course is designed to provide students with the knowledge required to manage the Junos Space Security Director application and manage devices with that application. 

Students will gain in-depth knowledge of how to work with Security Director. 

Through demonstrations and hands-on labs, students will gain experience with the features of Security Director. 

This course is based on Junos Space Release 20.1R1 and Security Director 20.1R1.2. 

Junos Space-Security Director (JS-SD) is an intermediate-level course.

Relevant Juniper Product

• Automation • Network Management • Security • vSRX • Junos Space Security Director

Course Objectives

• Explain the purpose of the Security Director application. 

• Describe the Security Director workspaces. 

• Discuss how to manage SRX chassis clusters through the Security Director application. 

• Explain basic security device discover, configuration, and management through the Security Director application. 

• Explain the purpose of firewall policies. 

• Configure Standard and Unified firewall policies. 

• Use policy management features. 

• Describe how to create and manage IPsec VPNs using Security Director. 

• Describe how to import IPsec VPNs using Security Director. 

• Describe NAT. 

• Describe how to configure NAT policies in Security Director. 

• Explain how to manage IPS policies. 

• Discuss how to manage UTM policies. 

• Describe how to manage SSL-Proxy policies. 

• Describe how to manage configuration changes. 

• Give an overview of the Log Director application and architecture. 

• Understand the Log Director installation process. 

• Use the Security Director event viewer. 

• Explain the Security Director event viewer. 

• Discuss how to generate alerts and notifications. 

• Explain how to generate reports.

Course Content

Day 1

Course Introduction 

Introduction to Security Director 

• Security Director Overview 

• Navigating the Security Director Application 

• Device Support 

• Basic Device Configuration and Setup 

• Chassis Clustering 

• Manage Device Licenses 

LAB 1: Introduction to Security Director 

Security Director—Firewall Policies 

• Firewall Policies Overview 

• Defining Security Objects 

• Configuring a Standard Firewall Policy 

• Configuring a Unified Firewall Policy 

• Managing Policies 

LAB 2: Provisioning Firewall Policies 

Deploying VPNs 

• Creating IPsec VPNs 

• Importing IPsec VPNs 

LAB 3: Provisioning IPsec VPNs

Deploying NAT Policies 

• Overview of NAT 

• Configuring NAT Policies in Security Director 

LAB 4: Provisioning NAT Policies

Day 2

IPS, UTM, and SSL Proxy Policies 

• Managing IPS Policies 

• Managing UTM Policies 

• Managing SSL Proxy Policies 

• Deploying Configuration Changes Review 

LAB 5: Provisioning IPS and UTM Policies and SSL Proxy Profiles 

Monitoring and Reporting 

• Log Director Overview, Installation, and Administration 

• Log Events 

• Alerts and Reports 

LAB 6: Deploying Log Director

Course Overview

This one-day course is designed to provide students with the knowledge required to manage the Junos Space Network Director application and to manage devices with that application. 

Students will gain in-depth knowledge of how to work with Network Director. 

Through demonstrations and hands-on labs, students will gain experience with the features of Network Director. 

This course is based on Junos Space Release 19.2R1 and Network Director 3.7.

Junos Space—Network Director (JS-ND) is an intermediate-level course.

Course Objectives

After successfully completing this course, you should be able to: 

• Explain the role of the Network Director. 

• Understand network views. 

• Describe the Network Director modes. 

• Build and deploy profiles. 

• Monitor managed devices. 

• Troubleshoot managed devices. 

• Generate reports through Network Director.

Course Content

Day 1

Course Introduction 

Working with Network Director 

• Network Director Overview 

• Network Director Views 

• Network Director Modes 

Lab 1: Working with Network Director

Managing Devices 

• Device Discovery 

Lab 2: Device Discovery 

• Image Management 

• Creating and Deploying Profiles 

• Case Study 

Lab 3: Managing Devices

Monitor, Fault, and Report Modes 

• Monitor Mode 

• Fault Mode 

• Report Mode 

Lab 4: Exploring Monitor and Report Modes

Please note that the following Appendix is not covered as standard in the course but can be included if requested at the time of booking.

Implementing Zero Touch Provisioning 

• ZTP Overview 

• Configure and Implement ZTP with Network Director Case Study

Course Overview

This three-day course provides students with the knowledge required to manage the Junos Space appliance and manage devices with Junos Space. 

Students will understand how to install Junos Space into a multimode Space Fabric, as well as learn how to administer and monitor the Fabric. 

Centralized Junos device management options offered by the Junos Space Network Management Platform will be explored, including configuration backup, synchronization, Junos image distribution, and application of templates. 

Students will also learn how to automate Junos Space management functions using Ansible. 

This content is current to Junos Space software release 20.1R1.2.

The Junos Space Essentials (JSE) course is an intermediate level course.

Relevant Juniper Product

• Automation • Network Management • Junos Space

Course Objectives

• Explain the benefits of Junos Space software.

• Describe the Junos Space architecture.

• List and identify the components and applications of Junos Space.

• Describe the two different form factors available for Junos Space.

• Perform the initial setup of Junos Space.

• Explain Junos Space security features and requirements.

• Explain how to navigate the Junos Space GUI.

• Describe multi-node Junos Space deployments.

• Describe the services that are used in a Junos Space deployment.

• Describe FMPM deployment.

• Describe High Availability failover scenarios.

• Describe how to manage jobs.

• Describe Roles, Users, and Domains.

• Describe how to recover from password lass and locked accounts.

• Explain how to manage Junos Space Network Management Platform.

• Describe how Junos Space discovers and manages devices.

• Edit device configurations.

• Upgrade the firmware of manage devices.

• Describe the differences between template definitions and templates

• Create and use templates and template definitions.

• Create Quick Templates.

• Create and deploy CLI Configlets.

• Describe the purposes of network monitoring.

• View nodes, node links and alarms using the Topology workspace.

• Configure and manage network monitoring features.

• Describe how reports function within Junos Space.

• Manage predefined and custom report definitions.

• Describe how to generate reports.

• Describe the benefits of using Ansible with the Junos Space Collection.

• List the Junos Space Collection modules and describe their purpose.

• Implement basic Ansible playbooks to work with Junos Space.

Course Content

Day 1

Course Introduction

Introduction to Junos Space

• Junos Space Overview

• Junos Space Architecture

• Junos Space Applications

• Junos Space Features

Junos Space Deployment 

• Junos Space Platforms

• Junos Space Initial Setup

• Initial Setup of Primary Node

• Junos Space Security

• Junos Space GUI 

LAB 1: Deploying Junos Space

Deploying Junos Space in a Fabric

• Junos Space Fabric Overview

• Junos Space Services

• Fabric Creation

• FMPM Nodes

• High Availability Failover Scenarios

LAB 2: Deploying Junos Space Fabric

Day 2

Platform Administration

• Job Management

• Roles, Users and Domains

• Recovery from Password Loss and Lockout

• Managing Junos Space

LAB 3: Platform Administration

Device Management

• Discover and Manage Devices

• Configure Devices

• Upgrade Device Firmware

LAB 4: Network Management Platform

Junos Space Templates

• Introduction to Templates

• Creation and Application of Template Definitions

• Creation and Application of Templates

• Quick Templates

• Creation and Application of CLI Configlets

LAB 5: Configuring and Applying Templates

Day 3

Network Monitoring

• Monitoring Network Devices

• Monitoring the Network using the Topology View

• Network Monitoring Features

• Searching for Nodes and Assets

LAB 6: Network Monitoring

Reports

• Reports Overview

• Report Definitions

• Generating Reports

LAB 7: Reports

Junos Space Automation using Ansible

• Ansible Overview

• YAML and JSON

• Ansible Modules for Space and Security Director

• Setting up the Ansible Environment

• Creating and Running Ansible Playbooks

LAB 8: Junos Space Automation

Course Overview

This three-day course is designed to provide students with MPLS-based Layer 3 virtual private network (VPN) knowledge and configuration examples. 

The course includes an overview of MPLS Layer 3 VPN concepts, scaling Layer 3 VPNs, Internet access, Interprovider Layer 3 VPNs, and Multicast for Layer 3 VPNs. 

This course also covers Junos operating system-specific implementations of Layer 3 VPNs. 

These concepts are put into practice with a series of in-depth hands-on labs, which will allow participants to gain experience in configuring and monitoring Layer 3 VPNs on Junos OS devices. 

These hands-on labs utilize Juniper Networks vMX Series devices using the Junos OS Release 19.4R1.10, and are also applicable to other MX Series devices.

The Junos Layer 3 VPNs (JL3V) course is an advanced-level course.

Relevant Juniper Product

• Routing • Junos OS • M Series • T Series • MX Series • PTX Series • Service Provider Routing and Switching Track

Course Objectives

• Describe the value of MPLS VPNs.

• Describe the differences between provider-provisioned VPNs and customerprovisioned VPNs.

• Describe the differences between Layer 2 VPNs and Layer 3 VPNs.

• List the provider-provisioned MPLS VPN features supported by the Junos OS software.

• Describe the roles of a CE device, PE router, and P router in a BGP Layer 3 VPN.

• Describe the format of the BGP routing information, including VPN-IPv4 addresses and route distinguishers.

• Describe the propagation of VPN routing information within an AS.

• List the BGP design constraints to enable Layer 3 VPNs within a provider network.

• Explain the operation of the Layer 3 VPN data plane within a provider network.

• Create a routing instance, assign interfaces to a routing instance, create routes in a routing instance, and import/export routes from a routing instance using route distinguishers/route targets.

• Describe the purpose of BGP extended communities, configure extended BGP extended communities, and use BGP extended communities.

• List the steps necessary for proper operation of a PE-CE dynamic routing protocol.

• List the troubleshooting and monitoring techniques for routing instances.

• Explain the difference between the bgp.l3vpn table and the inet.0 table of a routing instance.

• Monitor the operation of a CE-PE dynamic routing protocol.

• Explain the operation of a PE multi-access interface in a Layer 3 VPN and list commands to modify that behavior.

• Describe ways to support communication between sites attached to a common PE router.

• Provision and troubleshoot hub-and-spoke Layer 3 VPNs,

• Describe the flow of control traffic and data traffic in a hub-and-spoke Layer 3 VPN.

• Describe QoS mechanisms available in L3VPNs.

• Configure L3VPN over GRE tunnels.

• Describe the RFC 4364 VPN options.

• Describe the carrier-of-carriers model.

• Configure the carrier-of-carriers and “Option C” configuration.

• Describe the flow of control and data traffic in a draft-rosen multicast VPN.

• Describe the configuration steps for establishing a draft-rosen multicast VPN.

• Monitor and verify the operation of draft-rosen multicast VPNs.

• Describe the flow of control traffic and data traffic in a next-generation multicast VPN.

• Describe the configuration steps for establishing a next-generation multicast VPN.

• Monitor and verify the operation of next-generation multicast VPNs.

• Describe the flow of control traffic and data traffic when using MPVNs for Internet multicast.

• Describe the configuration steps for enabling internet multicast using MVPNs.

• Monitor and verify the operation of MVPN internet multicast.

Course Content

Day 1

Course Introduction

MPLS VPNs

• MPLS VPNs

• Provider-Provisioned VPNs

Layer 3 VPNs 

• Layer 3 VPN Terminology

• VPN-IPv4 Address Structure

• Operational Characteristics

Basic Layer 3 VPN Configuration

• Preliminary Steps

• PE Router Configuration

LAB: Layer 3 VPN with Static and BGP Routing

Layer 3 VPN Scaling and Internet Access

• Scaling Layer 3 VPNs

• Public Internet Access Options

LAB: LDP over RSVP Tunnels and Public Internet Access

Day 2

Layer 3 VPNs – Advanced Topics 

• Exchanging Routes between Routing Instances

• Hub-and-Spoke Topologies

• Layer 3 VPN CoS Options

• Layer 3 VPN and GRE Tunneling Integration

• Layer 3 VPN and IPsec Integration

• Layer 3 VPN Egress Protection

• BGP Prefix-Independent Convergence (PIC)

• Edge for MPLS VPNs

• VRF Localization

• Provider Edge Link Protection

• Support for Configuring More Than 3 Million L3VPN Labels

LAB: GRE Tunneling and Route Redistribution

Interprovider Backbones for Layer 3 VPNs 

• Hierarchical VPN Models

• Carrier-of-Carriers Model

• Option C Configuration

LAB: Carrier-of-Carriers VPNs

Troubleshooting Layer 3 VPNs

• Working with Multiple Layers

• Troubleshooting Commands on a PE Device

• Multi-Access Interfaces in Layer 3 VPNs

• PE and CE-Based Traceroutes

• Layer 3 VPN Monitoring Commands

LAB: Troubleshooting Layer 3 VPNs

Day 3

Draft Rosen Multicast VPNs 

• Multicast Overview

• Draft Rosen MVPN Overview

• Draft Rosen MVPN Operation

• Configuration

• Monitoring

Next-Generation Multicast VPNs

• Multicast VPN Overview

• Next-Generation MVPN Operation

• Configuration

• Monitoring

• Internet Multicast

• Ingress Replication

• Internet Multicast Signaling and Data Plane

• Configuring MVPN Internet Multicast

• Monitoring MVPN Internet Multicast

LAB: MVPNs

Course Overview

This two-day course provides students with advanced class-of-service (CoS) knowledge and configuration examples. 

The course begins with an overview of CoS before going into classification, policing, scheduling, and rewriting. 

The course then covers class-based forwarding and finishes with a case study. 

Through demonstrations and hands-on labs, students will gain experience in configuring and verifying Junos CoS features. 

This course is based on the Junos operating system Release 21.1R1. 

The Junos Class of Service (JCOS) is an advanced-level course.

Course Objectives

• Understand the history and evolution of CoS.

• Identify the CoS fields in various packet headers.

• List the CoS processing stages on devices running the Junos OS.

• Identify the default CoS settings on devices running the Junos OS.

• Configure and verify behavior aggregate (BA) and multifield (MF) classification.

• Configure and verify two-color and tricolor marking policers.

• Configure and verify schedulers and their components.

• Configure and verify the multiple levels of hierarchical schedulers.

• Configure and verify packet header rewriting.

• Configure and verify class-based forwarding.

• Create a CoS configuration based on a set of design requirements.



Course Content

DAY 1

Course Introduction

CoS Overview

• CoS History and Evolution

• CoS and DiffServ

• CoS Fields in Packet Headers

• CoS Processing 

Packet Classification

• Classification Overview

• Forwarding Classes and Packet Loss Priority

• Fixed Classification

• Multifield Classification

• Behavior Aggregate Classification

Lab 1: Configuring Packet Classification

Policing

• Policing Overview

• Single-Rate Two-Color Policer

• Tricolor Marking Policers

• Hierarchical Policers

• Application—Directly on an Interface

• Application—Within a Firewall Filter

Lab 2: Configuring Policers

Scheduling

• Scheduling Overview

• Transmission Rate

• Queue Priority

• Delay Buffers

• Drop Profiles and Drop Profile Maps

• Scheduling Configuration

Lab 3: Configuring Schedulers

DAY 2 

Hierarchical Scheduling

• Hierarchical Scheduling Overview

• Scheduler Modes

• Hierarchical Scheduling Levels

• Throughput Example

• Remaining Traffic

• Queue Properties in a Hierarchical Scheduling Context

• Putting It All Together

Lab 4—Configuring Hierarchical Scheduling

Rewrite Rules

• Packet Header Rewrite Overview

• Rewrite Rules and Tables

• Rewrite Combinations

Lab 5: Configuring Rewrite Rules

CoS-Based Forwarding

• CBF Overview

• CBF Configuration

Lab 6: Configuring CBF 

Case Study

• VoIP Case Study Overview

• VoIP Case Study: Ingress Node

• VoIP Case Study: Transit and Egress Nodes

Course Overview

This five-day course is designed to provide students with the knowledge required to work with Juniper Connected Security devices. 

This course uses Junos CLI, Security Directory, J-Web, and other Web user interfaces to introduce students to Juniper Connected Security devices. 

The course provides further instruction on how Juniper Networks approaches a complete security solution for current and future security problems, called Juniper Connected Security. 

Key topics include tasks for advanced security policies, application-layer security using the AppSecure suite, intrusion prevention system (IPS) rules and custom attack objects, Security Director management, Juniper Advanced Threat Prevention (ATP) Cloud management, Juniper ATP Appliance management, Juniper Secure Analytics (JSA) management, Policy Enforcer management, Juniper Identity Management Service (JIMS), vSRX and cSRX usage, SSL Proxy configuration, and SRX high availability configuration and troubleshooting. 

Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS and monitoring basic device operations. 

This course is based on Junos OS Release 22.1R2, Junos Space 22.2R1, Security Director 22.2R1, JATP 5.0.6.0, JSA v7.3.2, Policy Enforcer 22.2R1, and JIMS 1.1.5R1. 

Course Level

Juniper Security (JSEC) is an intermediate-level course.

Relevant Juniper Product

• JIMS • JSA • Juniper ATP Appliance • Juniper ATP Cloud • Junos OS • Security Director • SRX Series

Course Objectives

After successfully completing this course, you should be able to: 

• Explain the function of SSL Proxy. 

• Explain how application security theory works. 

• Discuss in depth the AppSecure modules. 

• Describe unified security policies. 

• Review the different security policy options. 

• Explain the basics of intrusion detection. 

• Describe the Juniper ATP Cloud solutions. 

• Describe the ATP Cloud features. 

• Introduce Security Director. 

• Explain the purpose of Policy Enforcer. 

• Examine the different virtualized SRX instances. 

• Describe the Juniper Identity Management Service. 

• Explain chassis cluster concepts. 

• Explain how to set up a chassis cluster. 

• Review troubleshooting steps for chassis clusters. 

• Explain Juniper ATP Appliance components. 

• Explain how to set up a Juniper ATP Appliance.

• Explain how the Juniper Secure Analytics device works.

Course Content

Day 1

Course Introduction

SSL Proxy 

• Explain why SSL proxy is necessary 

• Describe and configure client-protection SSL proxy 

• Describe and configure server-protection SSL proxy 

• Discuss how to monitor SSL proxy 

• Explain SSL mirror decrypt feature 

Lab 1: SSL Proxy Client Protection 

Application Security Theory 

• Describe the functionality of the AppSecure suite 

• Explain how application identification works 

• Describe how to create custom application signatures 

• Explain the purpose of the application system cache 

Application Security Implementation 

• Discuss in depth the AppSecure modules 

Lab 2: Implementing AppSecure 

Unified Security Policies 

• Explain unified security policy evaluation 

• Explain URL Category options 

Lab 3: Unified Security Policies

Day 2

Security Policy Options 

• Explain session management options 

• Explain Junos ALG functionality 

• Implement policy scheduling 

• Explain logging 

Lab 4: Security Policy Options 

Intrusion Detection and Prevention 

• Describe the purpose of IPS 

• Utilize and update the IPS signature database 

• Configure IPS policy 

• Utilize and configure IPS policy using a template 

• Monitor IPS operations Lab 5: IPS 

Juniper ATP Cloud 

• Describe the Juniper ATP Cloud Web UI options 

• Configure the SRX Series Firewall to use Juniper ATP Cloud anti-malware 

• Discuss an Infected Host case study 

Lab 6: Juniper ATP Cloud Anti-Malware 

Juniper ATP Cloud Features 

• Explain Security Intelligence 

• Describe Encrypted Traffic Insights 

• Describe Adaptive Threat Profiling 

• Explain IoT Security 

Lab 7: ATP Cloud Features

Day 3

Introduction to Security Director 

• Explain how to use Security Director 

• Describe how to configure firewall policies 

• Deploy configuration changes using Security Director 

Lab 8: Working with Security Director 

Security Director with Policy Enforcer 

• Explain how to configure a secure fabric 

• Describe how infected host remediation occurs 

Lab 9: Configuring Juniper Connected Security 

Virtual SRX and cSRX 

• Explain virtualization 

• Discuss network virtualization and software-defined networking 

• Review the virtual SRX platform 

• Review the cSRX platform 

• Deploy the virtual SRX 

• Integrate the virtual SRX with public cloud services 

Lab 10: vSRX Implementation 

Juniper Identity Management Service 

• Explain how to install Juniper Identity Management Service 

• Configure Juniper Identity Management Service 

• Describe troubleshooting Juniper Identity Management Service 

Lab 11: Juniper Identity Management Service

Day 4

Chassis Cluster Concepts 

• Describe chassis clusters 

• Identify chassis cluster components 

• Describe chassis cluster operation 

Chassis Cluster Implementation 

• Configure chassis clusters 

• Describe advanced chassis cluster options 

Lab 12: Implementing Chassis Clusters 

Chassis Cluster Troubleshooting 

• Troubleshoot chassis clusters 

• Review chassis cluster case studies 

Lab 13: Troubleshooting Chassis Clusters

Day 5

Juniper ATP Appliance—Overview 

• Explain the Cyber Kill Chain model 

• Define deployment models for Juniper ATP Appliance 

Implementing Juniper ATP Appliance 

• Describe how to configure an SRX Series device with ATP Appliance 

• Describe how to mitigate a threat with the ATP Appliance Web UI 

• Demo Video: Implementing Juniper ATP Appliance 

Juniper Secure Analytics 

• Describe the JSA Series device and its basic functionality 

• Define how JSA processes log activity 

• Explain how JSA processes network activity 

• Explain how to customize the processing of information 

Lab 14: Monitoring with JSA