Juniper ScreenOS Firewall Software

More certification updates on the Juniper firewall products. I’m using the SSG series of firewalls that run the ScreenOS operating system. I just completed the JNCIS-FWV (Juniper Networks Certified Internet Specialist-Firewall. I used the following resources.

Free Resources

Concepts & Examples Guide documentation (free and probably enough to pass) – The feature set is rich. Skim the table of contents for each volume and determine which features are applicable to your network. Then you can use the sample concepts and examples in these guides to create the configuration on your test unit. You may need other firewalls to create routing or VPN tunnels with for these exercises.
Juniper ScreenOS Documentation Site

NetScreen JNCIS-FWV Study Guide (PDF) – unofficial study guide compiled by Jason Ha. He is a network engineer that also prepped for the exam and shares this material.
Study Guide PDF (off-site).

Paid material but helpful for me

If you are good a self study you can consider getting the courseware and going through the material yourself.

Advanced VPN Implementations Courseware from Juniper. These are the same books and lab guides used for the classes but you take them on your own.
Purchase courseware

Configuring Juniper Networks NetScreen & SSG Firewalls – If you want a more formal organized introduction, the Syngress introduction to SSG firewalls is really well done. Experienced people can skip the opening chapters that start with even the networking firewall basics but this organizes and introduces the major concepts of ScreenOS configuration and I found it very helpful.
Configuring Netscreen Book at Amazon

ScreenOS Cookbook – There is also the Oreilly “Cookbook” for the ScreenOS. This is a great reference I use as a first stop for setting up new features. It is a quick and dirty guide to how to perform specific functions. There is not really anything here that is not in the concepts and examples documenation, and that is the place to go when you don’t understand or need to modify a configuration presented here, but it is a very convenient short cut for me.
ScreenOS Cookbook Information page

Practice in a lab – If you have budget and perhaps spare equipment, you can purchase a layer 3 switch to setup a test lab. Netgear has some very inexpensive models now for this type of setup. I have a layer 3 switch configured with separate VLANs on each port and RIP that allows each firewall to be used in a test lab. The switch setup mimics the internet for the group of firewalls and you can setup even the multi-site hub and spoke examples in the concepts and examples guide.

You can also add a VMware server and connect the LAN side segments to put servers and workstations behind the various firewalls. The newest version of VMware supports trunking on the NIC so you can setup multiple segments with workstations or servers for the test lab.

These switches can be picked up cheap on ebay if you watch for them. You can pick up retiring servers to setup a VMware lab from your local craigslist or ebay.

Originally Posted September 30, 2010
Last Revised on September 11, 2017