steve@puluka.comMy Journey to Enterprise Routing with Juniper
Last year I discovered Juniper Networks through the happy chance encounter that my current boss engineered. She was looking for vendors that support WAN Acceleration since we run all our services at a remote data center with everyone accessing them over WAN links. While this was the purpose of the meeting I had been struggling with the management and technical limitations of the existing network architecture for some time. The short version is that the system was conceived as a 30-50 office network that has already grown to nearly 100 with 250 in our 3-5 year plan.
I’ll create more on the transition and technologies we’re implementing in other articles. Here I’m going to sing the praises of JUNOS as my real entry into Network Engineering. I have touched on Cisco Frame Relay briefly in the past and managed a number of VPN firewall solutions. But my experience in hands-on real network routing was limited. Since we were stretching the limits of a large IPSEC VPN implementation the time was right to go back to school on routing for real and get the fundamentals under my belt.
I took the JUNOS boot camp two day introductory class in Pittsburgh October 27-28, 2008 – taught by Amir of Proteus Networks. The course was the standard mix of hands-on lab with instructor lectures and gave me the necessary books to get started. Our local Juniper Rep (Bill Wargo) and support engineer (Brian Fedak) are the best. The boot camp was followed by a great hands-on session with the firewall equipment we were purchasing for the start of the conversion. Juniper provided all of us who attended the boot camp a free copy of the JUNOS for Dummies book too, so I was off and running.
My Road to Certification
Juniper is running a “Fast Track” certification program that provides the needed resources and practice tests to get through the basic certification exams. Here are the full study guides, lab guides and diagrams for the first two levels of routing & switching and the class on enhanced services.The free on-line course “JUNOS as a Second Language” is great. They walk through all the basics with direct comparison to Cisco syntax. They also have the sample exam for the first level certification with a coupon for half off the exam.
This year they have also launched a special informational site just for the JUNOS Software. Here there are archived and on-going webinars and access to other on-line learning opportunities. Another introductory book was recently published and available as a free PDF “Day One: Exploring the JUNOS CLI”. (The series has since expanded to several other volumes covering more topics).
With all these helps I was able to pass the Internet Associate in Enterprise Routing exam this June. I’m now moving on to the application of my deeper understanding of enterprise routing to the SSG firewall series we are implementing in my current position. I’m also in the middle of that WAN acceleration test and putting together the project plan for the SSL-VPN system.
Updates on Certification
I have since earned the JNCIA-EX (Enterprise Switching) in January of 2010 . The Prometric folks came back to Pittsburgh in the Fall of 2009 with the switching boot camp as a nice supplement to the summer school sessions.
In June of 2010 I added the JNCIS-FWV (Advanced Firewall) certification as well. This is on the ScreenOS product line. I use the SSG series of firewall products and love the advanced VPN and routing feature set. I have a lab setup at work for the firewall tests. This along with the self study class books mentioned below were a great help getting this certification. I purchased the Advanced Juniper Networks VPN Implementations courseware from the site. (See blog on ScreenOS Firewalls.)
In July of 2010 I acheived “Recognized Expert” status on the J-NET forums. Rankings on the forums are based on your answers to questions be flagged as the “accepted solution” to their question or problem. J-NET is a great community that has a lot of participating experts that really go out of their way to help the Juniper user community. I enjoy meeting like minded engineers from all over the world there. . I also was named the first “Member Spotlight” for the forums in September 2010 for my participation in the community. http://forums.juniper.net/jnet/
In November 2010 I added the JNCIS-SSL certification. This is on the Juniper SSL-VPN secure remote access product line. They provide a very flexible proxy access to internal network resources based on SSL connections. See the blog on SSL-VPN.
Free Classes from Juniper
http://www.juniper.net/us/en/training/fasttrack/
Fast Track Certification Program Site
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=769
Free Networking Fundamentals On-line class. This covers all the basics for IP routing and basic Ethernet technologies.
Routing & Switching “Summer School”
J-Net Forum archive
Juniper Switching class: a full complement of four lectures in recorded web cast will all the supporting material to study.
Juniper Routing class: a full complement of four lectures in recorded web cast will all the supporting material to study.
Self Study Classes
Juniper has made a large number of their classes available for self study now. You can purchase the same courseware used for the classes to follow for your own studies. You get the full lab diagrams and instructions, but you will need to have equipment or rent lab time to do the actual excercises.
Resources
http://junos.juniper.net
JUNOS Software home page and training resources
http://www.juniper.net/us/en/training/jnbooks/
Books, Books, Books…
I have and use the both Cookbooks. The information is also in the manuals, but I still find the cookbooks are faster and more practical for quick setups of new features.
I have and used the JUNOS Enterprise routing by Doug Marschke (also of Proteus). It was very helpful for the basic concepts and the exam. This is also a main text for the second level JNCIE exam.
The SSL-VPN configuration guide was perfect for me starting from scratch.
http://www.juniper.net/us/en/training/technical_education/
Technical Training page
But in addition to the normal classes there are a pile of quick free on-line sessions on the various hardware lines. These aren’t very in depth but a good start.
http://www.juniper.net/us/en/training/elearning/ios_junos/content/index.html
Introduction to the new IOS to JUNOS conversion tool.
http://www.youtube.com/user/JuniperMediacenter Official Juniper You Tube site with various video intros on many topics
http://juniper.cluepon.net/index.php/Main_Page
Juniper Clue: the unofficial wiki on all things Juniper. Full of great information and answers.
http://juniper.cluepon.net/index.php/Olive VMware & JUNOS two of my favorite things. I haven’t had a chance to implement this yet, but you can build a VM with BSD and create virtual JUNOS routers for training purposes.
http://kb.juniper.net/index?page=home
Knowledge Base: we all know we should but we never do search before asking questions.
http://forums.juniper.net/jnet/
Juniper Forums: these are great. They are regularly monitored and contributed to by Juniper engineers. And there are a large number of knowledgable enthusiasts too.
Originally published June 2009 and updated multiple times since
Originally Posted June 24, 2009
Last Revised on November 20, 2010
Thu June 25, 2009, 23:25:56
Great overview. Who was your instructor for the JUNOS bootcamp? I think that was us 🙂
Sat June 27, 2009, 04:14:33
My notes don’t include the instructor names but the boot camp was at the University of Phoenix in South Hills Pittsburgh. It was a full house and everyone seemed to enjoy the program.
Wed October 17, 2012, 10:18:22
hi do you have a conversion tool to convert juniper screenos firewall config file to an srx junos firewall
Wed October 28, 2015, 21:52:47
I bought the SA540 for our home oficfe. It is one powerful, capable, and robust SOHO/SMB router.It has every VPN capability you could ever ask for in a router of this price range. We use the IPSec VPN functionality to VPN into our home oficfe via our iPhones, iPad, and Macbook Pros. It takes two separate IPSec Policies to do this, but using the built-in VPN wizard makes setting up the VPN policies very easy. We also use the SSL VPN functionality to VPN into our home oficfe via our Windows Ultimate laptop (amongst other devices depending on where we are at). We use the VPN split mode functionality which is awesome. We don’t even use the Quick VPN or Cisco VPN Client applications because we haven’t found a need to use them. They are there just in case SSL VPN does work for some reason. It’s always nice to have a backup way of VPN’ing to your home network. We have 3 Linksys E4200 configured in Bridge mode (actually not a true ‘bridge’ mode just a fancy name for ‘dumbing the device down into an Access Point’) that we have connected to the SA540. Amongst all at we have several D-Link 5- and 7-port gigabit switches. In total we have two Macbook Pros, a Windows 7 Home Premium PC, a Windows XP Professional PC, a Windows 7 Ultimate laptop, an iPad, two iPhones, two network printers (a Brother mono laser and a Dell color laser), two TVs, two AVRs, two Xbox 360s, 2 Playstation 3s, an Oppo BDP-93 universal blu-ray player, a Nintendo Wii, etc all networked together. The SA540 handles all the traffic with ease.To top it all off we use the Intrusion Prevention System (IPS) functionality as well. Between that and the powerful SPI firewall we feel we are well protected. We use Kiwi Syslog Server to collect SNMP traps and syslogs from the router. This router has the best/most logging options of any router we have owned. We monitor the logs when things aren’t going right (like when the IPS creates false positives) so we can make corrective action.This router isn’t for the faint-hearted. You really need to have a little networking background to take advantage of the advanced features this router has to offer. On the other hand it is all GUI based you are limited to just the GUI (no command line interface… CLI).All in all, I totally recommend this router to computer savvy individuals that have a desire to have a strong home or small business network. You won’t be disappointed. Cisco puts out regular firmware updates and IPS signatures. I’m not saying that this router doesn’t have some flaws, quirks, and/or bugs, but Cisco will eventually get around to fixing them.BTW, this router supports ipv6 and has a built-in ipv6 firewall. I have messed around with 6to4 and tunnel brokers, but I ended out disabling all the ipv6 features. I will wait until our ISP supports native ipv6.
Sat October 31, 2015, 05:28:40
Mohamed,
Thanks for stopping by. I’m glad you are enjoying your foray into networking at your home office. Always an important aspect of our journey.
But for me Juniper gear and Junos have been far superior than the Cisco offerings. I am a full convert. The biggest weakness I saw working Cisco gear is the complete and total inconsistency across the platforms. They run different OS and completely different command sets. So there is no carry over when you move from one product line to another.
On the switching side it drove me nuts that layer 2 configuration had 3 count them, 3 DIFFERENT command sets in the professional lines used in enterprise networks. Just a pain.
Steve