newbie chasing the dream called JNCIE-SEC - Blog?

kasujkasuj Member Posts: 19 ■□□□□□□□□□
Hi all icon_smile.gif

Being really inspired by Ahriakin and his achievements I’ve decided to start my own blog-topic to motivate myself more to the work. Really this men is amassing having JNCIE-SEC and CCIE-SEC this is really a fantastic achievement.

I’ve passed the JNCIA last year just after we bought to our company SRX3600. After the supplier implemented the whole solution I’ve went to the juniper training. After that I was given the exam vouchers and then passed the JNCIA. The second voucher expired but I was able to find myself another one (don’t ask how icon_wink.gif ) and as a result I’ve managed to pass the JNCIS-SEC last month. After that I’ve made a decision to try going for the JNCIE-SEC. This journey took Ahriakin about a year so I should be able to do it in two :)

As I’ve mentioned I have a voucher or the exam, he will expire soon so I sign for the JNCIP-SEC for monday 3.06.2013. I will probably fail it but it will be for free so it’s worth to try.

As for the materials and equipment I’ve bought the inetzero workbooks and already had one free rack session last night. The materials and the rack service from inetzero is really great. One thing that I’m missing in the workbook is explanation of the staff. I would really like inetzero to go in the Narbik direction. Write workbook and also include the info way you do it this way.

I also have safari subscription so I have access to the books. Now I’m reading the Junos Security again. My weakest point is IPS now I’ve skipped it and also on the JNCIS I’ve got lowest score on it.

As for the equipment I have couple of SRX100b so I can check things on my own staff. And a cluster of two SRX3600 on my work lab.


  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    Best of luck! Sounds like you're already off at a good pace.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    Thank you and I'm really looking for you advice in the future.

    Ahriakin, I cannot go to do official training for AJSEC and the materials from Juniper cost a lot. You scored them high are they really so good? They have anything that I cannot find In Juniper website, Junos security book?
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    Nope you can find it all elsewhere but there's a big difference in how digestible the information is in these course books vs. say the official documentation. If you can't get your hands on the courseware then definitely stick with the O'Reilly book and supplement heavily from the Security Configuration guides, and regular checks on for KB articles related to anything you are not 100% sure on. I was lucky in that my company had Juniper learning credits I could use for the courses, if they had not I'm not sure I would have paid out of pocket for them either. No matter how good they are (and they are) a few hundred dollars for a book is a hard sell.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    Thank you Ahriakin.

    I’m doing now my second session with inetzero. And I just found appendix secion in the materials. There is the explanation I was missing icon_lol.gif
    Anyway I’ve almost finished chapter two. And what can I say. Things seems to be easier when read about them. When you configure them it’s not so easy anymore :)
  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    Just got back from the exam. As I was expecting – failed. I’ve finished it after hour and I thing in the middle of the test I’ve started to skip the IPS and transparent firewall questions. So as for free voucher it was worth it.
  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    28.06.2013 JNCIP-SEC passed icon_smile.gif now back to the inetzero materials and maybe in january i will take my first attempt.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    icon_cheers.gificon_cheers.gif Well done.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • AldurAldur Juniper Moderator Member Posts: 1,460
    congrats on the pass
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    Long time since last post. Thanks to a project in my company I've managed to go to AJSEC training. So I have the materials icon_smile.gif

    One great thing that I discovered is the "ser2net" package ( I already have raspberrypi and for about 10$ I bought a usb hub and 4 usb-to-rs232 cables. It redirects /dev/ttyUSB0 to tcp port that you can connect to. It works like cisco console servers icon_smile.gif

    Now I have to find the time and get back to the materials from the training.
  • kasujkasuj Member Posts: 19 ■□□□□□□□□□
    Virtual SRX is awsome, you can do most of the things on it. Plus two SRX100 to do a cluster. One thing that bothers me is the UTM section. I don't have access to the license and this does not work on virtual. I wonder if it's really hard tested on the lab exam?
  • zoidbergzoidberg Member Posts: 365
    Expect to see some UTM scenarios on the exam.

    It is unfortunate that vSRX doesn't even let you walk thru UTM configs just to get familiar with the syntax. But, you do have a pair of SRX100s, so I would suggest trying there. There are UTM features that don't need a license, so be sure to know how to use those. And for those that require a license, you can still go thru the all the config steps just the same.

    You may be able to get a demo license for your SRXs. If you deal at all with a Juniper account team they may be able to help you. Another option that may work, is going to the license generator at and creating a license. Generally, I've had good success on that site in creating a 30-day demo license for just about any licensed feature. You won't be able to keep recreating demo licenses for the same SRX and feature every 30 days though. But, you have 2 SRXs, so you could get the license for 1, use it for 30 days to become familiar with UTM, and then later get a license for the other one for final study before your exam. You could do the same for IDP, though the engine may not install if you are using the 100B models.
  • zoidbergzoidberg Member Posts: 365
    Hmm, and you may have issues with some UTM features on the 100B as well. Generally need the high-men models for UTM and IDP.
Sign In or Register to comment.