Synopses & Reviews
This complete field guide, authorized by Juniper Networks, is the perfect hands-on reference for deploying, configuring, and operating Junipers SRX Series networking device. Authors Brad Woodberg and Rob Cameron provide field-tested best practices for getting the most out of SRX deployments, based on their extensive field experience.
While their earlier book, Junos Security, covered the SRX platform, this book focuses on the SRX Series devices themselves. You'll learn how to use SRX gateways to address an array of network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Along with case studies and troubleshooting tips, each chapter provides study questions and lots of useful illustrations.
- Explore SRX components, platforms, and various deployment scenarios
- Learn best practices for configuring SRXs core networking features
- Leverage SRX system services to attain the best operational state
- Deploy SRX in transparent mode to act as a Layer 2 bridge
- Configure, troubleshoot, and deploy SRX in a highly available manner
- Design and configure an effective security policy in your network
- Implement and configure network address translation (NAT) types
- Provide security against deep threats with AppSecure, intrusion protection services, and unified threat management tools
In a field guide authorized by the manufacturer, Woodberg and Cameronexplains how to deploy, configure, and operate Juniper Network's SRX networking device. They cover SRX series product lines, SRX GUImanagement, SRX networking basics, system services, transparent mode, high availability, security policies, network addresstranslation, Ipsec VPN, screens and flow options, AppSecure basics, intrusion prevention, and unified threat management. They assumereaders have some background in networking, but review the fundamentals just in case.Annotation ©2014 Ringgold, Inc., Portland, OR (protoview.com)
This complete and authorized introduction to Juniper Networks SRX hardware series has been thoroughly revised and updated to cover the impressive changes SRX has undergone from its initial deployments—including more advanced level firewalling, deep packet inspection, and flow routing.
Juniper SRX Series provides a practical, hands-on field guide to deploying, configuring, and operating SRX, and serves as a reference to help you prepare for JUNOS Security Certification examinations offered by Juniper Networks.
Youll learn how to use SRX JUNOS services gateways to address an array of enterprise data network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. The only book on the market addressing SRX platforms and software, Juniper SRX Series provides a clear and detailed roadmap to these product lines.
- Get a complete and thorough update to the Junos Security book
- Explore four new chapters on SRX technology: GUI Management, System Services, Interfaces, Zones, & Routing, and AppSecure deployment
- Gain up-to-date information on the security device in Juniper networks around the world
- Examine real-world configuration examples
- Learn about routing fundamentals and high availability with SRX platforms
About the Author
Brad Woodberg is a Product Line Engineer at Juniper Networks. He is JNCIE-M, JNCIE-SEC, JNCIS-FWV, JNCIS-SSL, JNCIA-IDP, JNCIA-EX, JNCIA-UAC, CCNP R&S and holds a bachelors degree in computer engineering from Michigan State University. Before joining Juniper Networks, he spent four and a half years working at a Juniper reseller where he designed, deployed, supported, and managed computer networks worldwide with equipment from a variety of vendors. In addition to being a co-author of Junos Security, he is a coauthor of Juniper Net- works NetScreen and SSG Firewalls and Juniper Networks Secure SSL VPN, both published by Syngress.
Rob Cameron is a Principal Engineer at a stealth startup in Silicon Valley. In his 12-plus-year career, he has held positions as a security reseller, service provider engineer, and security consultant. For the past eight years, he has worked for Juniper Networks as a systems engineer, a data center architect, and a technical marketing engineer. He is the primary author of the books Junos Security, Configuring NetScreen Firewalls and Configuring NetScreen and SSG Firewalls, both published by Syngress. He is also a contributing author of Security Interviews Exposed and the Best Damn Firewall Book Period, Second Edition (also published by Syngress), and has been a technical reviewer for any number of professional publications.
Table of Contents
Foreword; Preface; How to Use This Book; What's in This Book?; Conventions Used in This Book; Using Code Examples; Safari® Books Online; How to Contact Us; Acknowledgments; Chapter 1: Welcome to the SRX; 1.1 Evolving into the SRX; 1.2 The SRX Series Platform; 1.3 Deployment Solutions; 1.4 Summary; 1.5 Study Questions; Chapter 2: SRX Series Product Lines; 2.1 Branch SRX Series; 2.2 Data Center SRX Series; 2.3 Summary; 2.4 Study Questions; Chapter 3: SRX GUI Management; 3.1 J-Web: Your On-Box Assistant; 3.2 Centralized Management; 3.3 Summary; 3.4 Study Questions; Chapter 4: SRX Networking Basics; 4.1 Interfaces; 4.2 Zones; 4.3 Basic Protocols; 4.4 Routing Instances; 4.5 Flow Mode and Packet Mode; 4.6 Sample Deployment; 4.7 Summary; 4.8 Study Questions; Chapter 5: System Services; 5.1 System Services Operation on the SRX; 5.2 Management Services; 5.3 SNMP Management; 5.4 Networking Services; 5.5 SRX Logging and Flow Records; 5.6 Best Practices; 5.7 Troubleshooting and Operation; 5.8 Summary; 5.9 Study Questions; Chapter 6: Transparent Mode; 6.1 Transparent Mode Overview; 6.2 Configuring Transparent Mode; 6.3 Troubleshooting and Operation; 6.4 Sample Deployments; 6.5 Summary; 6.6 Study Questions; Chapter 7: High Availability; 7.1 Understanding High Availability in the SRX; 7.2 Getting Started with High Availability; 7.3 Deployment Concepts; 7.4 Preparing Devices for Deployment; 7.5 Integrating the Cluster into Your Network; 7.6 Fault Monitoring; 7.7 Troubleshooting and Operation; 7.8 Sample Deployments; 7.9 Summary; 7.10 Study Questions; Chapter 8: Security Policies; 8.1 Packet Flow; 8.2 Security Policy Criteria and Precedence; 8.3 Security Policy Precedence; 8.4 Security Policy Components in Depth; 8.5 Best Practices; 8.6 Troubleshooting and Operation; 8.7 Sample Deployment; 8.8 Summary; 8.9 Study Questions; Chapter 9: Network Address Translation; 9.1 The Need for NAT; 9.2 Junos NAT Fundamentals; 9.3 Junos NAT Components; 9.4 Junos NAT in Practice; 9.5 Best Practices; 9.6 Troubleshooting and Operation; 9.7 Sample Deployment; 9.8 Summary; 9.9 Study Questions; Chapter 10: IPsec VPN; 10.1 VPN Architecture Overview; 10.2 IPsec VPN Concepts Overview; 10.3 IKE Negotiations; 10.4 Flow Processing and IPsec VPNs; 10.5 SRX VPN Types; 10.6 Other SRX VPN Components; 10.7 Selecting the Appropriate VPN Configuration; 10.8 IPsec VPN Configuration; 10.9 Best Practices; 10.10 Troubleshooting and Operation; 10.11 Sample Deployments; 10.12 Summary; 10.13 Study Questions; Chapter 11: Screens and Flow Options; 11.1 A Brief Review of Denial-of-Service Attacks; 11.2 Screen Theory and Examples; 11.3 Best Practices; 11.4 Troubleshooting and Operation; 11.5 Sample Deployment; 11.6 Summary; 11.7 Study Questions; Chapter 12: AppSecure Basics; 12.1 AppSecure Component Overview; 12.2 Deploying AppSecure; 12.3 Best Practices; 12.4 Troubleshooting and Operation; 12.5 Sample Deployments; 12.6 Summary; 12.7 Study Questions; Chapter 13: Intrusion Prevention; 13.1 The Need for IPS; 13.2 How Does IPS Work?; 13.3 Configuring IPS Features on the SRX; 13.4 Deploying and Tuning IPS; 13.5 Best Practices; 13.6 Troubleshooting and Operation; 13.7 Sample Deployments; 13.8 Summary; 13.9 Study Questions; Chapter 14: Unified Threat Management; 14.1 Shifting Threats; 14.2 UTM, IPS, or Both?; 14.3 UTM Licensing; 14.4 UTM Components; 14.5 Best Practices; 14.6 Troubleshooting and Operation; 14.7 Sample Deployments; 14.8 Summary; 14.9 Study Questions; Colophon;