My Certification Journey
Share and learn from real life stories of those who are on the path to become Juniper Certified
gavint

JNCIE-SEC: How I Mastered Junos Security

by ‎07-19-2012 10:02 AM - edited ‎07-19-2012 10:22 AM

This is a guest blog post. Views expressed in this post are original thoughts posted by Gavin Thirlwall, Support Engineer at COMPUTERLINKS UK. These views are his own and in no way do they represent the views of the company he works for.

 

After studying Computer Systems Engineering at university and starting my career with a small Microsoft partner, I decided I wanted to build on the advanced networks and information security courses I studied at university and specialise in network security. Since then I’ve worked at COMPUTERLINKS for five years, working primarily with Juniper Networks and also another vendor in the ADN space.  Although I’m employed as a support engineer, I work across our support, presales and consulting teams as a subject matter expert for these two vendors.

 

I’ve been working with SRX services gateways and also EX switches since they were released, and used a mix of self-study and the instructor-led JIR and AJSEC courses at COMPUTERLINKS’ London-based training centre to prepare for the pre-requisite exams for my JNCIE certification. I passed my JNCIP-SEC certification at the first attempt on the 31st October 2011 and more or less immediately decided I wanted to pursue the JNCIE-SEC certification and to take my knowledge of Junos Security to the next level. I booked my exam for the 23rd January 2012 to give me a target to work towards.

 

It’s vital for JNCIE candidates not just to understand the concepts (for which I used both the Juniper Advanced Junos Security courseware and the excellent Junos Security O’Rielly book), but to have implemented everything on the exam blueprint in order to have the confidence to implement a secure network quickly and correctly, first time. Whilst the Junos documentation is available in the exam, there isn’t a lot of time to read it.

 

I’m fortunate that COMPUTERLINKS has invested heavily to ensure that its engineers have sufficient hardware to plan implementations, replicate support issues and build training scenarios. My office lab usually consisted of:

 

* It is technically possible to cluster both low and high memory SRX devices, but I would only suggest this in a lab.

 

This enabled me to build some reasonably complex networks incorporating UTM features. Towards the end of my preparation, I also added in a J6350 and SRX650, but to make the lab network more complex. Of course if you were building an environment specifically for lab purposes it’s more likely you would use only SRX100, 110 or 210 devices.

 

My main exam preparation strategy was to draw a random network involving several SRX devices on my office whiteboard and then set to work implementing it, rather than just following a scripted list of commands from a book. This re-enforced my understanding of the concepts and associated configuration syntax much more effectively as it forced me to “think” more about what I was doing. Doing this also helped me troubleshooting aspects of the exam, as if something didn’t work first time I would use traceoptions and logs to understand why, rather than giving up or starting again. Fast and effective troubleshooting is a vital JNCIE-level skill.

 

I had a limited amount of time during my working day that I could use to lab up simple concepts, but I found that a lot of the scenarios I wanted to implement required longer periods of concentration. So, I found myself in the office one day each weekend for a couple of months leading up to the exam. This gave me the focused lab time I needed with no distractions.

 

I had my first attempt at the JNCIE-SEC lab exam in January 2012. Everything I had seen regarding the JNCIE exams beforehand had made me aware this was going to be tough. I don’t want to just repeat what others have said, but I genuinely feel the hardest challenge is time management - most competent SRX engineers should be able to complete the exam tasks given a few days, but completing all the tasks accurately in 8 hours is a real challenge and one of the hardest things I have ever tried.

 

I also found maintaining accuracy and speed for the whole 8 hours hard going. As an example security zone names in Junos are case-sensitive and entering a command to add an interface to a zone with the wrong case for the zone name does not throw an error, but creates a new zone. Troubleshooting what I had done wrong here cost me valuable time.

 

At the end of the exam I wasn’t sure if I had passed or not. Sadly after a few days I got the bad news that I had not passed. The feedback given following JNCP lab exams is very limited for exam security reasons and I felt quite frustrated at this, but decided to re-attempt the exam as soon as was practical to avoid wasting the effort I had already put in. I tried to re-create aspects of the exam in my office lab to work out where I went wrong.

 

I re-attempted the exam in March 2012, where I found the familiarity with the lab experience definitely helped and allowed me to get a good night’s sleep beforehand and focus my efforts on the exam itself. The additional lab time paid off and I got told I passed two weeks later, and awarded JNCIE-SEC #47.

 

Following the exam I found that whilst I was very happy to be in such an exclusive club and be recognised for my efforts in the exam, I have found that the work I put in learning for the exam helps me in my job nearly every day. Since March I’ve taken a bit of a break from certifications, but still enjoy learning new things.

Comments
by vinayak.m@mindlance.com on ‎07-19-2012 08:00 PM
Congrats buddy! U done it... :smileyhappy: Kindly share the course materials if possible. Congrats again. Best of Luck.
by Omer Rehman on ‎07-13-2013 04:17 PM

Congrats Gavin

 

Kindly hare the course material.

 

Thanks in advance

by dhruv(anon) on ‎06-18-2014 06:55 PM

Hi Gavin, As requested before, please share the training material. I was wondering how i can start for JNCIE. I am working on SRX at my office, but not sure how i can begin my fight ... Br Dhruv

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.