My Certification Journey
Share and learn from real life stories of those who are on the path to become Juniper Certified
gavint

JNCIE-SEC: How I Mastered Junos Security

by ‎07-19-2012 10:02 AM - edited ‎07-19-2012 10:22 AM

This is a guest blog post. Views expressed in this post are original thoughts posted by Gavin Thirlwall, Support Engineer at COMPUTERLINKS UK. These views are his own and in no way do they represent the views of the company he works for.

 

After studying Computer Systems Engineering at university and starting my career with a small Microsoft partner, I decided I wanted to build on the advanced networks and information security courses I studied at university and specialise in network security. Since then I’ve worked at COMPUTERLINKS for five years, working primarily with Juniper Networks and also another vendor in the ADN space.  Although I’m employed as a support engineer, I work across our support, presales and consulting teams as a subject matter expert for these two vendors.

 

I’ve been working with SRX services gateways and also EX switches since they were released, and used a mix of self-study and the instructor-led JIR and AJSEC courses at COMPUTERLINKS’ London-based training centre to prepare for the pre-requisite exams for my JNCIE certification. I passed my JNCIP-SEC certification at the first attempt on the 31st October 2011 and more or less immediately decided I wanted to pursue the JNCIE-SEC certification and to take my knowledge of Junos Security to the next level. I booked my exam for the 23rd January 2012 to give me a target to work towards.

 

It’s vital for JNCIE candidates not just to understand the concepts (for which I used both the Juniper Advanced Junos Security courseware and the excellent Junos Security O’Rielly book), but to have implemented everything on the exam blueprint in order to have the confidence to implement a secure network quickly and correctly, first time. Whilst the Junos documentation is available in the exam, there isn’t a lot of time to read it.

 

I’m fortunate that COMPUTERLINKS has invested heavily to ensure that its engineers have sufficient hardware to plan implementations, replicate support issues and build training scenarios. My office lab usually consisted of:

 

* It is technically possible to cluster both low and high memory SRX devices, but I would only suggest this in a lab.

 

This enabled me to build some reasonably complex networks incorporating UTM features. Towards the end of my preparation, I also added in a J6350 and SRX650, but to make the lab network more complex. Of course if you were building an environment specifically for lab purposes it’s more likely you would use only SRX100, 110 or 210 devices.

 

My main exam preparation strategy was to draw a random network involving several SRX devices on my office whiteboard and then set to work implementing it, rather than just following a scripted list of commands from a book. This re-enforced my understanding of the concepts and associated configuration syntax much more effectively as it forced me to “think” more about what I was doing. Doing this also helped me troubleshooting aspects of the exam, as if something didn’t work first time I would use traceoptions and logs to understand why, rather than giving up or starting again. Fast and effective troubleshooting is a vital JNCIE-level skill.

 

I had a limited amount of time during my working day that I could use to lab up simple concepts, but I found that a lot of the scenarios I wanted to implement required longer periods of concentration. So, I found myself in the office one day each weekend for a couple of months leading up to the exam. This gave me the focused lab time I needed with no distractions.

 

I had my first attempt at the JNCIE-SEC lab exam in January 2012. Everything I had seen regarding the JNCIE exams beforehand had made me aware this was going to be tough. I don’t want to just repeat what others have said, but I genuinely feel the hardest challenge is time management - most competent SRX engineers should be able to complete the exam tasks given a few days, but completing all the tasks accurately in 8 hours is a real challenge and one of the hardest things I have ever tried.

 

I also found maintaining accuracy and speed for the whole 8 hours hard going. As an example security zone names in Junos are case-sensitive and entering a command to add an interface to a zone with the wrong case for the zone name does not throw an error, but creates a new zone. Troubleshooting what I had done wrong here cost me valuable time.

 

At the end of the exam I wasn’t sure if I had passed or not. Sadly after a few days I got the bad news that I had not passed. The feedback given following JNCP lab exams is very limited for exam security reasons and I felt quite frustrated at this, but decided to re-attempt the exam as soon as was practical to avoid wasting the effort I had already put in. I tried to re-create aspects of the exam in my office lab to work out where I went wrong.

 

I re-attempted the exam in March 2012, where I found the familiarity with the lab experience definitely helped and allowed me to get a good night’s sleep beforehand and focus my efforts on the exam itself. The additional lab time paid off and I got told I passed two weeks later, and awarded JNCIE-SEC #47.

 

Following the exam I found that whilst I was very happy to be in such an exclusive club and be recognised for my efforts in the exam, I have found that the work I put in learning for the exam helps me in my job nearly every day. Since March I’ve taken a bit of a break from certifications, but still enjoy learning new things.

Comments
by vinayak.m@mindlance.com on ‎07-19-2012 08:00 PM
Congrats buddy! U done it... :smileyhappy: Kindly share the course materials if possible. Congrats again. Best of Luck.
by Omer Rehman on ‎07-13-2013 04:17 PM

Congrats Gavin

 

Kindly hare the course material.

 

Thanks in advance

by dhruv on ‎06-18-2014 06:55 PM

Hi Gavin, As requested before, please share the training material. I was wondering how i can start for JNCIE. I am working on SRX at my office, but not sure how i can begin my fight ... Br Dhruv

About the Author
  • ISP Network Engineer currently enjoying the security side of the Juniper product range. Busy studying for the JNCIP-SP and ENT. Outside of work I enjoy the great outdoors: Mountaineering, Bouldering, Rock or Ice climbing, Tramping (hiking to non-Kiwis) and Snowboarding. I'm also a member of the Alpine Cliff Rescue Team in Christchurch, assisting is vertical rescues or those requiring specialist access or extraction techniques, crevasse rescue etc.
  • I'm a Network Security Engineer working with Vodafone in their Cloud and Hosting Services team based in Leeds, UK. My role is to implement, test and deliver secure cloud based solutions to external customers.
  • I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
  • Triple CCIE #21946 (R&S / Service Provider / Storage), JNCIE-SP #851, Technical Consultant at Telindus-ISIT
  • Networking & Security nerd (geek overall), Hockey fanatic, and Junos junkie! Born and raised in Grand Rapids, MI, with a few years of my life out in MN. Been in the IT field since I got out of High School. I've used Juniper products since around 2007, and really enjoy working with them. I currently work for a large retailer based in MI, with a footprint all across the Midwest.
  • Steve Puluka is a Expert Network Security Engineer with UPMC in Pittsburgh, PA. He is part of a team that manages about 400 firewalls primarily ScreenOS and Junos with a Palo Alto presence and two Cisco VPN router clusters. He holds a BSEET along with the professional level certification in Junos Security and specialist level in ScreenOS and SSL VPN and his original associates in ER & EX. He holds the Palo Alto ACE certification in PanOS 6. He also has certification and extensive experience in Microsoft Windows server, along with strong Vmware skills starting with with version two. He has enjoyed supporting networks for more 20 years.
  • Senior Network Engineer / Architect working for a large ISP in New Zealand. JNCIE-SP#2204, JNCIE-ENT#458.
  • Zoe Sands is Head of Digital Marketing at Juniper Networks and is responsible for digital marketing and social media across EMEA. She is an experienced Digital Marketer since 1997 with PRINCE2 practitioner status, during this period Zoe has successfully launched many new online innovations for Juniper Networks, Cisco, Dialogic, the Chartered Institute of Marketing (CIM) and Hyundai, including content managed and e-commerce based websites to integrated social media programmes. She has International exposure running projects globally, regionally and at a country level. Zoe’s approach is to create an environment where those around her can share her passion for the Internet and the opportunities it presents. She says sharing knowledge, championing and communicating the benefits of digital capabilities enhances both the user experience and offers additional online communication channels and business opportunities. Zoe has a blog ‘Learning and sharing...’ to share her experience of all things online marketing, social media, chat online, SEO, SEM and mobile related content. You connect with Zoe via LinkedIn or find her on Twitter: @zoe9 and @ZoeSands.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.