Training, Certification, and Career Topics
Highlighted
Training, Certification, and Career Topics

JNCIE-SEC SRX Model Suggestion required

‎04-28-2011 11:12 AM

Dear Experts,

 

I need your input on what model I should go for the SRX in order to build my own lab for JNCIE-SEC.

 

I did some research and i think the following should be sufficient .

 

1) SRX210HE = sty 1 , I will UTM, DYNAMIC VPN on this one, I am not going buy any PIM

2) SRX210BE = 3

 

Please note that "E" is the enhanced version of SRX with Faster CPU.

 

Total SRX = 4

 

Attached is the pdf file with all the parts I am thinking to order.

 

I need technical advice , will SRX 210 be enough for the preparation of JNCIE-SEC. Also if anyone (if moderator of exams) can give us idea about the number of SRX boxes to expect at the JNCIE-SEC exam, i hope this question is not violating any NDA.

 

As I understand only SRX boxes will be their in JNCIE-SEC exam, Can we expect any other appliances like J-series and other in the exam.

 

Is it possible if I can make cluster of TWO SRX , one SRX with UTM license and other SRX does not have UTM license.

 

Any suggestion is really appreciated as I want to do wise investment : ).

 

Thanks in advance

Nasim

 

 

Attachments

8 REPLIES 8
Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎04-28-2011 02:05 PM

You can run your cluster with only having a UTM license on one box. Obviously if you end up failing over your route engine to the secondary (non licensed) box UTM won't run.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎05-03-2011 04:38 AM

Hi,

 

Just wanted to know that the JNCIE-SEC is purely based on SRX only i guess that 's more of an SRX expert exam and not on the overall juniper security portfolio like SSL, IDP & UAC. Would have been great if this exam was more than CCIE Sec which covers most of the security products. 

 

Would like to hear other's thoughts on the same.

 

Regards

 

Sushil

Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎05-03-2011 05:49 AM

The JNCIx-SEC track is JUNOS Security so does not have those other solutions/products.  We do have focused tracks for some of the other non-Junos security products.

 

Regards,

Liz Burns
Director, Education Services
Certification and Marketing Programs

Kudos are always appreciated!
Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎05-03-2011 06:51 AM

Hi Liz,

 

 

So in summary it will only SRX appliances focusing on JUNOS security.

 

 

Could you please confirm it will only SRX appliances on JNCIE-SEC exam?. There will no EX, MX and J series routers.

 

 

Thanks to confirm the above .

 

Thanks & Best Regards

Muhammad Nasim Nasri

00966-556658830

 

Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

[ Edited ]
‎05-03-2011 06:55 PM

 


@Nasim wrote:

 

So in summary it will only SRX appliances focusing on JUNOS security.

 

Could you please confirm it will only SRX appliances on JNCIE-SEC exam?. There will no EX, MX and J series routers.


Nasim,

 

Yes, the exam only covers SRX devices.  There are no other devices in the exam that you would require knowledge of.

Stefan Fouant
Juniper Ambassador
JNCIEx5, JNCI, VCPx2, CISSP, PCNSE, PCNSC, CYBERFORCE Hero

Check out my videos on YouTube

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎06-24-2011 12:26 AM

Then how many SRX appliances will be required in the lab exam?

I have just bought 3 SRX 210H.

Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

‎06-25-2011 10:33 PM

Hi Cheng,

 

Based on post by Liz Burns http://forums.juniper.net/t5/Training-Certification-and/Junosphere-Virtual-Classroom/td-p/89968. Junosphere virtual Junos will be used for bootcamps for JNCIE-Sec & JNCIE-SP.  With Junosphere you can save up a lot of money spent on real hardware. Though I am not sure whether Junosphere will be able to emulate all the features of SRX that would be tested in the bootcamp. 

 

Current Junospshere emulates the J-series junos only which are common in J-series & SRX but does not emulate hardware dependant features like IPsec.

 

Hope this helps.

 

Regards

 

Sushil

Highlighted
Training, Certification, and Career Topics

Re: JNCIE-SEC SRX Model Suggestion required

[ Edited ]
‎06-30-2011 06:59 AM

At home, I'm using three SRX 210H series. Two of them have the IDP-Sig,Dynamic-VPN,anti-spam, and anti-virus licenses. I also have an EX 3200 juniper switch. I use the switch for aggregating the different SRX connections. I bridge a trunk link back to my iMac running a VMWare fusion linux guest with a 8 router olive setup simulating an ISP core network. So I have a HA cluster as a remote office appearing off a set of PE olives, and my third SRX is another remote office connected to a different set of PEs. They are linked via a MPLS Layer 3 VPN. I know simulating the ISP core isn't needed, but it was more fun to do that then connecting these SRX back to back.  I've been going through the JNCIP-SEC objectives (IPS, Advanced VPN, etc) and think this will be a useful setup for the JNCIE-SEC.

 

With the link to my iMac, I also have several VMWare guests I can launch and place in different parts of the internetwork. I have a vulnerable web server host that can be exploited. I also have a client hacker guest that runs BackTrack5. This is not needed, but is more fun to do and lets me run metasploit and other tools to test the security policies I implement.

 

 

 

If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Feedback