Done with JNCIS-Sec

hoogen82hoogen82 Member Posts: 272
So I finally got some time off from work and took the JNCIS-Sec.. The exam was pretty okay... Didn't seem hard enough except for the IPSec section...

The only disappointment was some of the wordings used in the exam... Wasn't 100% sure on some of the questions/answers.

SRX was my staple for 2 years so maybe the exam was not that hard for me. But I do think there is scope for improvement in the exam changes they are making when introducing UTM... and hopefully more than just an intro to IDP questions....

Aldur... Hopefully nothing posted here is breaching the NDA, if you do feel I might be borderline NDA do edit the post.

Cheers,
Hoogen
IS-IS Sleeps.
BGP peers are quiet.
Something must be wrong.

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Congratulations!! icon_cheers.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    Congrats man!
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • leslietanleslietan Registered Users Posts: 3 ■□□□□□□□□□
    congrats !! mate
  • AldurAldur Juniper Moderator Member Posts: 1,460
    No worries mate, no NDA breaking there. :)

    When I took the JNCIS-SEC last year I kind of felt the same way. Some of the wording was confusing, I actually remember making notes in the comments section about some of it. :s

    Also, I too thought the exam wasn't that difficult, but this was coming right off the JNCIE-ER so security stuff was fresh on my mind.

    But anywho, big congrats on the pass! icon_thumright.gif What's the next steps?
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
  • msteinhilbermsteinhilber Member Posts: 1,480 ■■■■■■■■□□
    Congrats!

    Nice to see some more feedback on the exam. It's in my sights hopefully by the year's end, but I can't seem to get myself away from being back in the office all night to try to iron out issues with our SRX240-H we're trying to use to replace our ASA5510 at our corporate branch (dang thing just stops passing traffic after a few hours, no core **** or anything odd in the logs). And once I finally get those issues ironed out, it will be time to pickup another to cluster them - I don't even want to imagine what I might run into for problems there or if I even care to cluster them judging from some of the feedback on the Juniper Forums. Maybe better I just keep it around pre-configured as a hot spare :D
  • AldurAldur Juniper Moderator Member Posts: 1,460
    Ouch, man that does sound painful. Have you by chance been working with JTAC on the SRX problems that you've had?
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
  • msteinhilbermsteinhilber Member Posts: 1,480 ■■■■■■■■□□
    Aldur wrote: »
    Ouch, man that does sound painful. Have you by chance been working with JTAC on the SRX problems that you've had?

    I've only spoke to them once unfortunately, regarding an unrelated issue with VPN's dropping at random from within hours to days time and requiring a reboot to bring them back up. And with the same tunnels taking 40-60 seconds or so each to come up. Didn't get anywhere with JTAC at that time partly due to my schedule not being very accommodating to spend an hour or two away from other work but corrected that with an alternate firmware version other than the current version recommended by JTAC.

    I'm a bit more free timewise to invest time with trying to correct the issue and I'm working towards that now. I was able to convince our provider to supply me with another couple /30's over our fiber to allow me to stick the SRX right at our handoff to be able to work on testing while our existing ASA5510 is completely out of the equation. Unfortunately, the SRX doesn't run into the same issues in that environment be it due to the lighter load or whatever it may be. So any troubleshooting I do on my own or with JTAC has to be at minimum after 9PM and before 6AM the following morning and still requires downtime for our e-mail if it stops passing traffic like it has been doing since our network relies on a single connection though I'm fighting to get at least a DSL line for backup.

    Not sure if I'm just trying to do too much with the SRX240-H or what. I've had advanced features we licensed (IPS/UTM) disabled for the time being after it stopped passing traffic the morning after my first time deploying it (was passing traffic as intended that evening). All in all once it's finally operating as intended it will have ~45 VPN tunnels up, and sitting between our 25mbps fiber and a couple of T1's linking our former corporate office building to our current. All in all, a pretty minimal amount of traffic flowing through - typically no more than 12mbps through the firewall as seen on our ASA at the moment. So I'm pretty sure I'm not trying to do more than intended with the product :)

    Anyways, I don't mean to hijack hoogen's thread :D I've got all of next week's evenings open since it's not my week with my son, so I'll see what kind of progress I can make on my own and with JTAC and hopefully get this guy running strong. The SRX100's I've setup at our remote branches so far have all been working flawless thus far, just looking forward to getting our 240 running so I can let it do it's thing for a month or so and trade-in our ASA5510 once I'm confident with the SRX240 and use the credit from the ASA toward another SRX240 to cluster - though I'll have to do some reading up there since I remember reading some issues with or limitations in some Junos versions with UTM and or IPS being disabled or not working correctly in active/active cluster configurations.

    Anyways... congrats again hoogen, sorry to hijack! :D
  • sainthsainth Member Posts: 35 ■■□□□□□□□□
    I've only spoke to them once unfortunately, regarding an unrelated issue with VPN's dropping at random from within hours to days time and requiring a reboot to bring them back up. And with the same tunnels taking 40-60 seconds or so each to come up. Didn't get anywhere with JTAC at that time partly due to my schedule not being very accommodating to spend an hour or two away from other work but corrected that with an alternate firmware version other than the current version recommended by JTAC.

    I'm a bit more free timewise to invest time with trying to correct the issue and I'm working towards that now. I was able to convince our provider to supply me with another couple /30's over our fiber to allow me to stick the SRX right at our handoff to be able to work on testing while our existing ASA5510 is completely out of the equation. Unfortunately, the SRX doesn't run into the same issues in that environment be it due to the lighter load or whatever it may be. So any troubleshooting I do on my own or with JTAC has to be at minimum after 9PM and before 6AM the following morning and still requires downtime for our e-mail if it stops passing traffic like it has been doing since our network relies on a single connection though I'm fighting to get at least a DSL line for backup.

    Not sure if I'm just trying to do too much with the SRX240-H or what. I've had advanced features we licensed (IPS/UTM) disabled for the time being after it stopped passing traffic the morning after my first time deploying it (was passing traffic as intended that evening). All in all once it's finally operating as intended it will have ~45 VPN tunnels up, and sitting between our 25mbps fiber and a couple of T1's linking our former corporate office building to our current. All in all, a pretty minimal amount of traffic flowing through - typically no more than 12mbps through the firewall as seen on our ASA at the moment. So I'm pretty sure I'm not trying to do more than intended with the product :)

    Anyways, I don't mean to hijack hoogen's thread :D I've got all of next week's evenings open since it's not my week with my son, so I'll see what kind of progress I can make on my own and with JTAC and hopefully get this guy running strong. The SRX100's I've setup at our remote branches so far have all been working flawless thus far, just looking forward to getting our 240 running so I can let it do it's thing for a month or so and trade-in our ASA5510 once I'm confident with the SRX240 and use the credit from the ASA toward another SRX240 to cluster - though I'll have to do some reading up there since I remember reading some issues with or limitations in some Junos versions with UTM and or IPS being disabled or not working correctly in active/active cluster configurations.

    Anyways... congrats again hoogen, sorry to hijack! :D

    Have you tried checking the speed of the port? Set it to 100 mbps and full duplex and disable the auto-neg....

    Hope this will help and I'm not late.
Sign In or Register to comment.