Hardware for JNCIE-SEC exam preparation
I'm in the process of starting to study for the JNCIE-SEC cert. I have noticed that people who have done the exam said that often they only need access to a few branch series devices, e.g. 100 or 210 or 240 to prepare for the lab. I was just wondering if anyone here has studied and prepared for the lab using any of the data center SRX series, e.g. 1400, 3000 (3400 & 3600) or 5000 (5600 & 5800)? Reason for asking is that I actually don't have access to the branch series SRX, except for single SRX210H. But I do have access to couple of SRX3600. I was thinking of using Junos release 11.2 to configure logical systems (using back-to-back connections) and work with that (logical systems on SRX are only supported starting from 11.2). I do understand the current version of Junos use in the JNCIE-SEC lab is 11.1, but I think I should be OK with this from a practising perspective?
Comments
-
JDMurray
Admin Posts: 13,091 Admin
Are those 3600's running in a production environment or do you just happen to have then laying around? -
Batou
Registered Users Posts: 3 ■□□□□□□□□□
These are lab devices. No way am I going to be allowed (nor would I even contemplating) to muck around with a production box.Are those 3600's running in a production environment or do you just happen to have then laying around? -
zoidberg
Member Posts: 365 ■■■■□□□□□□
The thing you will miss by using data center boxes is UTM. They will do everything else. If you can find a branch SRX to play with you can use it to fill the UTM gap. Or, wing it? UTM config is pretty simple and repetitive.
You'll also want to make sure you have the licenses on your SRXs to run IPS and LSYS. If you don't have those you may be able to create a demo license for those (30 days) from support.juniper.net, or bug your Juniper account reps for one.
Actually, speaking of LSYS and IPS, if you're going to play with those on the same SRX you may want to check out 11.4 instead. -
Batou
Registered Users Posts: 3 ■□□□□□□□□□
Thanks for the feedback zoidberg. As mentioned I do have one SRX210H and I am indeed planning to have that as part of the setup for my study. With regards to the license for LSYS and IPS I am aware of the license and yes will intend to get one.As for the 11.4 release, any reason why you're recommending this particular version?The thing you will miss by using data center boxes is UTM. They will do everything else. If you can find a branch SRX to play with you can use it to fill the UTM gap. Or, wing it? UTM config is pretty simple and repetitive. You'll also want to make sure you have the licenses on your SRXs to run IPS and LSYS. If you don't have those you may be able to create a demo license for those (30 days) from support.juniper.net, or bug your Juniper account reps for one. Actually, speaking of LSYS and IPS, if you're going to play with those on the same SRX you may want to check out 11.4 instead. -
zoidberg
Member Posts: 365 ■■■■□□□□□□
If I remember correctly, better support for IPS and LSYS on the same box in 11.4. It may be the first to support both? Or maybe it added IPS support in non-root LSYS? I can't remember, it's late and I don't play with IPS :P
If you plan on testing v6 on a box running LSYS, you will need 11.4 for sure. 11.2 supports running either LSYS or v6, but not both at the same time.
Take a look at the 11.4 release notes and see if any of the new features sound like something you will need I your environment.
Another option to skip dealing with all the LSYS hassle is virtual-routers, but that all de -
zoidberg
Member Posts: 365 ■■■■□□□□□□
but that all depends on your lab setup and how you plan on configuring and using it.
Let us know how your lab prep goes. Have fun!
