JNCIP-SEC Journey Begins

snadam

tomtom1 wrote: »

Best of luck with your studies and thanks for the reply in my thread. I'm in the pre process of building a chassis cluster across sites with SRX650's and multiple routing instances for some tennants, and throwing in some UTM features too. Should prove a decent learning experience.

First off, sorry tomtom for not seeing this a month ago. THANK YOU! Good luck on your studying as well! Have fun with your SRX project there also! Looks like fun.


As for studying for today, I knocked on the quick and easy transparent mode/ethernet switching chapter today. Pretty short, and further strengthened my knowledge on the subject.



On to the next chapter, Virtualization!

Staunchy

How do you find the AppSecure stuff? I heard that juniper is planning on integrating jwas and ddos into the srx platform, waiting for the official anouncement towards end of the year.

I have 2 big projects kicking off now 1 is to rollout juniper srx220 for a global company branch offices, they want to also use junos space security however their infrastructure is running on Azure so we waiting for juniper to rollout support. The other project is consolidating a clients multiple different firewalls onto a srx240 cluster at their head office and a stand alone srx240 at their DR. Think I need to start reading the same book might pick up a thing or 2 that will help.

No social life or proper study time for the next 6 to 8 weeks...

snadam

Conceptually, it looks great. I actually have a post about AppSecure in a real world application, with no replies Sadly, I haven't really had an opportunity to use it in production; just a bit of experience in it with my lab. Once I get more experience under my belt with it, I will be sure to post a reply in my other thread.

As for your projects, that sounds like fun! These are a good start:


Juniper SRX Series: Brad Woodberg, Rob Cameron: 9781449338961: Amazon.com: Books
and

Junos Security: 9781449381714: Computer Science Books @ Amazon.com

the first one is newer and focuses more on the SRX technology, or at least I thought so.


Also, a FREE option is the fast track PDF's for the JNCIS-SEC. They were pretty straightforward and will get you some pretty good info.

snadam

Attempting to be an early riser and get the habit formed this week. Feels great, until I crash later Woke up at 5am to finish the virtualization chapter. Plan on finishing up notes later today.

Aldur

Sounds like you're studying is coming along quiet nicely. Keep up the good work, it'll definitely be worth it in the end.

snadam

thanks! I sure hope so, because I feel like I've been slacking lately.

snadam

So another early riser study session got me reading the advanced NAT chapter. Should have it read by this evening.

snadam

Finished reading the Advanced NAT chapter. Plan on finishing notes tomorrow evening. I'll be an early riser tomorrow, but unfortunately have some work related items to do.

snadam

woke up early, finished the reading portion of Advanced NAT. Just took about half my notes this evening. will probably have to pick this up either tomorrow morning, or Saturday morning or all day Sunday. Some really good info in this chapter that has grabbed my attention. This is ironic, because I felt like my lack of focus and spelling errors were amplified this evening.


See if I can pick this back up at 5AM tomorrow!

snadam

Knocked out the rest of the notes for the chapter this morning. This leaves me with IPSEC over the weekend.

This early-riser thing is hard to do, but has become easier over time. And to be honest, it really feels good to get things accomplished. And did I mention its quiet?

snadam

read the IPSec Implementations chapter and finishing the notes. Should have that done in the next day or two. Then is on to volume 2 of 2 with Group and Dynamic VPNs.

Side note: JNCIP Training has been rescheduled (AGAIN!) due to work conflicts. I go some time in June. This is okay, as I can use it as my "am I ready for the exam" prep. Then take a week to focus on the weak spots and knock this out.

snadam

finished notes on ipsec vpn. On to dynamic and group VPNs!

This early-riser business seems to be working

Staunchy

I attended a Juniper event yesterday, apparently they going overhauling the SRX's they will release info Q3 Q4. They also announce design tracks for ent, sp and security which seems interesting.

With the event I managed to score a free exam voucher so Snadam looks like I'm going to be joining you on studying for JNCIP-SEC.:)

Aldur

Not so much of an overhaul, just a massive increase in performance.

And the design courses are for the WAN, Data Center, and Security. I should know, I'm working on the team that is developing the Data Center courses at the moment.

snadam

Staunchly - awesome!!! The more the merrier!

Aldur - I'm really looking forward to hearing about the SRX overhaul/upgrades. I'm looking to research IDP replacements in 2016

snadam

finished reading the Group/Dynamic VPN chapter. Halfway done with notes. Should finish this up tomorrow. Then its on to VPN case studies and solutions chapter.

itching to get these notes done so I can start labbing some stuff up!

snadam

Finished up my notes on Group/Dynamic VPN. Next up is IPSEC VPN Case Studies and Solutions.

tomtom1

Good luck with IPSec, still a pain in the ass! How much real world experience do you have with the SRX series and / or JunOS in general?

snadam

Thanks! Fortunately, I dont mind IPSec too much. I think I'm going to dislike IDP the most based off my studies for this exam. We shall see...


My junos experience consists of EX, QFX and SRX. I have ScreenOS experience as well (cool, but doesn't compare to Junos/SRX). To be honest, I don't have a ton of years with Juniper. I have a little less than two years of real-world experience with the exception of QFX; just got those this year I, like many, came from a Cisco background. I eventually took a job that was a Juniper shop and jumped right in to the fire. It doesn't seem like a long time. In fact, I feel embarrassed saying it . BUT, I certainly feel I have made very good use of those 19 months logging at least 6 hours a day in a SRX, EX, or ISG doing SOMETHING; not including lab work.

Whats been your experience with Juniper/JunOS? I am always curious to hear other people's stories.

snadam

started reading the IPSEC Case study chapter. Should finish in the morning. Next week will be a challenging week, as I have a lot of early shift work, including the weekend. We'll see how it goes.

snadam

this chapter is DONE! on to chapter 9 - Troubleshooting Junos Security. Almost done with AJSEC book. Then its on to IDP book.

tvaneker

Really enjoyed reading through your study experience so far. I have the 2 books mentioned but don't feel like they are comprehensive enough to cover the syllabus in enough detail. Do you know if the official course material is available anywhere online? I'm trying to pass this exam in the next 6 months without a boot-camp

Thanks

snadam

tvaneker - thanks! Sorry its not more detailed. I'm using this thread more for my progress updates than anything else. However, I am almost done reading books and taking my initial notes. That means I will be starting to lab up very soon. So chances are I will be sharing my topologies and lab-work instead of "I read this today; took notes in the evening".

As for the juniper courseware, it can be found on juniper's website: http://www.onfulfillment.com/JuniperTraining/

Just select your country and instead of browsing through the categories on the left pane, just search for the following in the top right search box:
-"AJSEC" - Advanced Junos Security
-"JIPS" - Junos Intrusion Prevention Systems

Fair warning, they aint cheap! (compared to other vendors books) They are concise and full of good info, IMO.



Speaking of AJSEC, I am done reading the Troubleshooting chapter, and plan on finishing up my notes either tomorrow or Friday morning.

snadam

Finished my notes on troubleshooting chapter. Will probably glance at the hardware appendix in this book, then its on to the IDP books! Took the assessment test on junipers website and scored 25% higher than I did in March. While not a super accurate way to assess your knowledge, I'd say its definitely improving.

Taking the morning off of studying due to some early work, but will start the IDP chapter in the evening most likely.

snadam

With construction going on in my house and a 14-hour work day Saturday, I didn't get as much studying done over the weekend.

I did finish the intro to IDP chapter this morning. I'm starting to get my lab topology set up as I just got my 1' cables I ordered to reduce clutter. I can't wait to focus on labs more than reading!

snadam

Knocked out the Intro to IPS notes and read and took notes on IPS policy and initial configuration today. Planning on reading the Rulebase Operations chapter tomorrow. while I am making progress, I'm in a "no light at the end of the tunnel" funk lately. Just got to keep grinding through these chapters and then my reward is labs.

snadam

Finished chapters 3 and 4. Planning on reading the next chapter in the morning. I think I am going to take a break over the weekend. Knowing me though, I'll probably sneak some reading in

snadam

And I did sneak in some reading. Finished reading chapter 5. We'll see if I take notes. I really want to get the reading done so I can start labbing up this stuff.

jotasan

Doyou have access to the AJSEC and/or JIPS courses material?

I'm particularly interested in the labs (topologies). I know is extremely useful to attend to the sessions but I cannot afford to pay the whole course at the moment....

Many thanks!

snadam

Hi Jotasan,

you can get the books from Juniper without taking the course. They should include the lab books as well if I'm not mistaken. I put a link to Juniper's store a few posts up at post #55 if you click the link just to the left. While A LOT cheaper than the instructor-led course, they are still pricey.


Good Luck!