My Certification Journey
Share and learn from real life stories of those who are on the path to become Juniper Certified
Showing results for 
Search instead for 
Do you mean 

How I prepared myself for JNCIE-SEC Beta Certification

by on ‎10-21-2011 04:05 AM

This is a guest blog post. Views expressed in this post are original thoughts posted by Wim De Smet, Operations Manager at Securelink. These views are his own and in no way do they represent the views of the company he works for.


For years I was an active member on the ScreenOS forum, a forum for Netscreen before J-NET, some of you may remember me as “frac” in this community. I also spent a lot of time with the local Juniper Networks team and worked on some very interesting projects.


In 2008 and 2011 I was rewarded by Juniper with the title “Master of System Engineering of Juniper Networks”, which was a major accomplishment in my career.


Wim De Smet Awardkopie


I think this was one of the reasons why I was selected for the JNCIE-SEC beta exams. My journey to getting JNCIE-SEC, started 12 years ago. I had been working with ScreenOS since 1999, so I knew the security features and flow very well, which was a major benefit because they are used a lot in Junos for security.


At the start of my career I was heavily involved with Cisco products and I worked up to CCNP and almost started to do CCIE, but never went there because I moved from switching/routing to security. The day I started this route I thought whenever there was a Netscreen equivalent of the CCIE certification I wanted to get it.


About two or three years ago I started to play with Junos as Juniper released a special version Junos-es (enhanced services) for the J-Series routers that had some of the security features there in. Then they came with the EX devices and SRX devices and I then started to work more with Junos rather than ScreenOS. From then on I wanted to know as much as I could about this OS and all the features (EX/SRX/MX/etc).

Before embarking on the expert level certification I would thoroughly recommend that you gain as much extensive practical experience you can before starting your JNCIE-SEC journey. And I would also recommend it for the JNCIP-SEC exams it makes doing the lab work much easier. Here are some tips I would like to share with you:

My Preparation

To prepare myself for the lab I first completed all the other written exams (JNCIS-SEC/JNCIP-SEC). The first was no problem, but the JNCIP-SEC wasn’t that easy, my first attempt I didn’t pass. The reason being was I didn’t study for it because I was pretty sure I would pass based on my hands-on experience, maybe I was over confident.

For my second attempt I ordered the two Juniper courses to prepare myself, these were Advanced Junos Security (AJSEC)  and Junos Intrusion Prevention System Functionality (JIPS). After reading them I retook the exam and passed, I guess second time lucky for me!

So, this exam was good experience, it highlighted which topics I never did in real life and needed to do in lab environment.

My Lab Setup

I built a lab, where I could test most of the topics that were listed in the lab topics covered:


  • Complex policy implementations, including anti-virus scanning, and URL filtering
  • IPS, IPSec VPNs, including PKI, hub-and-spoke, transparent mode, dynamic, and overlapping address designs
  • HA (high availability)
  • Troubleshooting of policy, routing, and IPSec VPNs
  • Traffic management
  • Advanced management configurations
  • VLANs
  • Aggregated Ethernet

    My Lab Schema

    2 x SRX100: (HA, IPS, UTM, VPN, OSPF)
    1 x SRX100: Remote Sites (VPN, OSPF)

    With this setup I tested the following things:


  • Complex policy implementations, including anti-virus scanning, and URL filtering
  • IPS, IPSec VPNs, hub-and-spoke, dynamic, and overlapping address designs.
  • HA (high availability)
  • Troubleshooting of policy, routing, and IPSec VPNs
  • Traffic management

I didn’t test the following things:


  • PKI, transparent mode
  • Advanced management configurations
  • VLANs
  • Aggregated Ethernet

because I already knew how these worked from my hands-on experience previously gained.

To give some more details on the things I did test:


  • With 2 SRX100 we made a cluster. On this cluster we did all the IPS and UTM stuff.
  • We connected 1 SRX100 with vpn (one time with fixed IP and other time with a dynamic IP (so we both had dynamic and static VPN peer tested).
  • With this setup we could test all the above.
  • We also tested the “Group VPN”, because we never did this before and wanted to see what it could do and how you needed to build it.
  • One of the last tests was to ask someone from work to change some stuff and try to find what the problem was. (Test some advanced troubleshooting)
  • The day before I did my exams I also configured a dynamic VPN (remote IPSEC client feature) on the SRX.




  • Read all your questions in the beginning and make a L3 drawing of the setup
  • Know your configuration commands (you don’t have much time)
  • The whole exam is in CLI (no web or nsm)
  • Be sure you can configure all the topics that are in the exam description!

This is how I prepared and I hope this will guide you all in your Journey to JNCIE-SEC. Do share your journey in the comments, so we can help others to be prepared for their exams. And receive this nice gift.


Wim De Smet



Finally, please keep in mind not to post things that will break the exam NDA! For the latest certification specifications go to.

by Super Contributor
on ‎10-25-2011 07:12 AM

Many Thanks Frac for your advises , and congratulation for your JNCIE-SEC certif ,

on ‎06-21-2013 12:39 PM

Hi Frac,


Good day,

Should I need buying license while practiceing UTM and IPS for JNCIE-SEC LAB .


Would you please help me to share any book/study guied/lab materials for practiceing JNCIE-SEC.


Plese Advice me








Juniper Design & Architecture Center - Mobile Cloud
About the Author
  • Senior Systems Engineer for NEC NZ. Focused on Juniper Networking equipment, SDN and NEC compute platforms. Busy studying for the JNCIP-SP and DC. Outside of work I enjoy the great outdoors: Mountaineering, Bouldering, Rock or Ice climbing, Tramping (hiking to non-Kiwis) and Snowboarding.
  • I'm a Network Security Engineer working with Vodafone in their Cloud and Hosting Services team based in Leeds, UK. My role is to implement, test and deliver secure cloud based solutions to external customers.
  • I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
  • Triple CCIE #21946 (R&S / Service Provider / Storage), JNCIE-SP #851, Technical Consultant at Telindus-ISIT
  • Networking & Security nerd (geek overall), Hockey fanatic, and Junos junkie! Born and raised in Grand Rapids, MI, with a few years of my life out in MN. Been in the IT field since I got out of High School. I've used Juniper products since around 2007, and really enjoy working with them. I currently work for a large retailer based in MI, with a footprint all across the Midwest.
  • Steve Puluka is a Senior IP Engineer with DQE Communications in Pittsburgh, PA. He holds a BSEET along with the professional level certification in Junos Security & Security Support Professional and specialist level in ScreenOS and SSL VPN, JNCDA Design Associate and his original associates in ER & EX. He holds the Palo Alto ACE certification in PanOS 6. He also has certification and extensive experience in Microsoft Windows server, along with strong Vmware skills starting with with version two. He has enjoyed supporting networks for more 20 years.
  • Senior Network Engineer / Architect working for a large ISP in New Zealand. JNCIE-SP#2204, JNCIE-ENT#458.