My Certification Journey
Share and learn from real life stories of those who are on the path to become Juniper Certified
Showing results for 
Search instead for 
Do you mean 

JNCIE-SEC: How I Mastered Junos Security

by Trusted Contributor ‎07-19-2012 10:02 AM - edited ‎07-19-2012 10:22 AM

This is a guest blog post. Views expressed in this post are original thoughts posted by Gavin Thirlwall, Support Engineer at COMPUTERLINKS UK. These views are his own and in no way do they represent the views of the company he works for.


After studying Computer Systems Engineering at university and starting my career with a small Microsoft partner, I decided I wanted to build on the advanced networks and information security courses I studied at university and specialise in network security. Since then I’ve worked at COMPUTERLINKS for five years, working primarily with Juniper Networks and also another vendor in the ADN space.  Although I’m employed as a support engineer, I work across our support, presales and consulting teams as a subject matter expert for these two vendors.


I’ve been working with SRX services gateways and also EX switches since they were released, and used a mix of self-study and the instructor-led JIR and AJSEC courses at COMPUTERLINKS’ London-based training centre to prepare for the pre-requisite exams for my JNCIE certification. I passed my JNCIP-SEC certification at the first attempt on the 31st October 2011 and more or less immediately decided I wanted to pursue the JNCIE-SEC certification and to take my knowledge of Junos Security to the next level. I booked my exam for the 23rd January 2012 to give me a target to work towards.


It’s vital for JNCIE candidates not just to understand the concepts (for which I used both the Juniper Advanced Junos Security courseware and the excellent Junos Security O’Rielly book), but to have implemented everything on the exam blueprint in order to have the confidence to implement a secure network quickly and correctly, first time. Whilst the Junos documentation is available in the exam, there isn’t a lot of time to read it.


I’m fortunate that COMPUTERLINKS has invested heavily to ensure that its engineers have sufficient hardware to plan implementations, replicate support issues and build training scenarios. My office lab usually consisted of:


* It is technically possible to cluster both low and high memory SRX devices, but I would only suggest this in a lab.


This enabled me to build some reasonably complex networks incorporating UTM features. Towards the end of my preparation, I also added in a J6350 and SRX650, but to make the lab network more complex. Of course if you were building an environment specifically for lab purposes it’s more likely you would use only SRX100, 110 or 210 devices.


My main exam preparation strategy was to draw a random network involving several SRX devices on my office whiteboard and then set to work implementing it, rather than just following a scripted list of commands from a book. This re-enforced my understanding of the concepts and associated configuration syntax much more effectively as it forced me to “think” more about what I was doing. Doing this also helped me troubleshooting aspects of the exam, as if something didn’t work first time I would use traceoptions and logs to understand why, rather than giving up or starting again. Fast and effective troubleshooting is a vital JNCIE-level skill.


I had a limited amount of time during my working day that I could use to lab up simple concepts, but I found that a lot of the scenarios I wanted to implement required longer periods of concentration. So, I found myself in the office one day each weekend for a couple of months leading up to the exam. This gave me the focused lab time I needed with no distractions.


I had my first attempt at the JNCIE-SEC lab exam in January 2012. Everything I had seen regarding the JNCIE exams beforehand had made me aware this was going to be tough. I don’t want to just repeat what others have said, but I genuinely feel the hardest challenge is time management - most competent SRX engineers should be able to complete the exam tasks given a few days, but completing all the tasks accurately in 8 hours is a real challenge and one of the hardest things I have ever tried.


I also found maintaining accuracy and speed for the whole 8 hours hard going. As an example security zone names in Junos are case-sensitive and entering a command to add an interface to a zone with the wrong case for the zone name does not throw an error, but creates a new zone. Troubleshooting what I had done wrong here cost me valuable time.


At the end of the exam I wasn’t sure if I had passed or not. Sadly after a few days I got the bad news that I had not passed. The feedback given following JNCP lab exams is very limited for exam security reasons and I felt quite frustrated at this, but decided to re-attempt the exam as soon as was practical to avoid wasting the effort I had already put in. I tried to re-create aspects of the exam in my office lab to work out where I went wrong.


I re-attempted the exam in March 2012, where I found the familiarity with the lab experience definitely helped and allowed me to get a good night’s sleep beforehand and focus my efforts on the exam itself. The additional lab time paid off and I got told I passed two weeks later, and awarded JNCIE-SEC #47.


Following the exam I found that whilst I was very happy to be in such an exclusive club and be recognised for my efforts in the exam, I have found that the work I put in learning for the exam helps me in my job nearly every day. Since March I’ve taken a bit of a break from certifications, but still enjoy learning new things.

on ‎07-19-2012 08:00 PM
Congrats buddy! U done it... Smiley Happy Kindly share the course materials if possible. Congrats again. Best of Luck.
by Omer Rehman
on ‎07-13-2013 04:17 PM

Congrats Gavin


Kindly hare the course material.


Thanks in advance

by dhruv
on ‎06-18-2014 06:55 PM

Hi Gavin, As requested before, please share the training material. I was wondering how i can start for JNCIE. I am working on SRX at my office, but not sure how i can begin my fight ... Br Dhruv

Juniper Networks Technical Books
About the Author
  • Senior Network Engineer / Architect working for a large ISP in New Zealand. JNCIE-SP#2204, JNCIE-ENT#458.
  • I'm a Network Security Engineer working with Vodafone in their Cloud and Hosting Services team based in Leeds, UK. My role is to implement, test and deliver secure cloud based solutions to external customers.
  • I am a Senior Systems Engineer for NEC, based in Auckland, New Zealand. My main focus for NEC is all things Juniper, ranging from the smallest SRX platform to the PTX5K and everything in between, including the QFX and MX series. In addition to looking after the Juniper Networks equipment, I am also deeply involved in the SDN and compute platforms from NEC and Netcracker (an NEC company). Next on my certification list is the JNCIP-DC, having already completed the JNCIP-SP, JNCIP-ENT, JNCIP-SEC and the JNCDS-DC, SEC and WAN. Outside of work I enjoy the great outdoors: Mountaineering, bouldering, rock or ice climbing, tramping (hiking to non-Kiwis) and snowboarding. My partner and I own a lifestyle farm South East of Auckland, overlooking the beautiful Coromandel peninsula. We have 13.5Ha and keep Highland Cattle, horses and the chickens but also have a compliment of wild ducks, geese, peacocks and pheasants roaming through the land. Outside of work I enjoy the great outdoors: Mountaineering, bouldering, rock or ice climbing, tramping (hiking to non-Kiwis) and snowboarding. My partner and I own a lifestyle farm South East of Auckland, overlooking the beautiful Coromandel peninsula. We have 13.5Ha and keep Highland Cattle, horses and the chickens but also have a compliment of wild ducks, geese, peacocks and pheasants roaming through the land.
  • I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
  • Triple CCIE #21946 (R&S / Service Provider / Storage), JNCIE-SP #851, Technical Consultant at Telindus-ISIT
  • Networking & Security nerd (geek overall), Hockey fanatic, and Junos junkie! Born and raised in Grand Rapids, MI, with a few years of my life out in MN. Been in the IT field since I got out of High School. I've used Juniper products since around 2007, and really enjoy working with them. I currently work for a large retailer based in MI, with a footprint all across the Midwest.
  • Steve Puluka is a Senior IP Engineer with DQE Communications in Pittsburgh, PA. He holds a BSEET along with the professional level certification in Junos Security & Security Support Professional and specialist level in ScreenOS and SSL VPN, JNCDA Design Associate and his original associates in ER & EX. He holds the Palo Alto ACE certification in PanOS 6. He also has certification and extensive experience in Microsoft Windows server, along with strong Vmware skills starting with with version two. He has enjoyed supporting networks for more 20 years.