This three-day, intermediate-level course focuses on the ScreenOS features typically required in large-scale networks, including dynamic routing, virtual systems, traffic shaping and high availability. Upon completing this course, students should be able to return to work and successfully install, configure and verify that a ScreenOS-based device is interoperating in the network as desired.

Through demonstrations and hands-on labs, students gain experience in configuring, testing and troubleshooting these features. By the end of this course, students will be able to configure Juniper Firewall/VPN appliances and systems that support the virtualization feature set, including sub-interfaces and virtual systems. Students will also be able to configure NSRP in both active/passive and active/active deployment.

Course Duration: 3 days

This course assumes that students have successfully completed the Configuring Juniper Firewall/VPNs (CJFV) course and the Network and Security Manager Fundamentals (NSMF) course or have equivalent experience with ScreenOS. Specifically, students need to be familiar with configuration of:

  • Ethernet
  • Transparent bridging
  • TCP/IP operations
  • IP addressing
  • Basic IPSec VPN deployments
Course Objectives:
  • Configure virtual systems, including standard, IP-based and transparent mode
  • Configure OSPF, routing redistribution and optimization
  • Configure BGP, EBGP and IBGP connectivity
  • Implement source-based and policy-based routes
  • Configure multi-cast operations, including IGMP and PIM-SM
  • Configure virtual systems (vsys) and manage resources
  • Configure high availability (NSRP) in static routing and dynamic routing environments
  • Configure traffic management and ingress/egress policies
  • Verify operations and troubleshoot all configurations
Course Outline:
  • Course Introduction


  • ScreenOS Basics Review
    • Concepts Review
    • Configuration Review


  • Interior Gateway Protocols
    • RIP Operations
    • OSPF Operations
    • OSPF Configuration
    • Verification and Troubleshooting
    • Route Redistribution
    • Route Optimization


  • BGP
    • BGP Operations
    • EBGP Configuration
    • Verification and Troubleshooting
    • IBGP Configuration
    • BGP Connectivity


  • Advanced Static Routing
    • Source-Based Routing
    • Policy-Based Routing
    • Destination Routing


  • Multicast
    • Multicast Overview
    • IGMP Operations
    • IGMP Configuration
    • PIM-SM Operations
    • PIM-SM Configuration
    • Multi-cast Policies


  • Virtual Systems
    • Vsys Operations and Concepts Configuring
    • Vsys Using Interface Classification
    • Vsys Resource Management
    • Inter-Vsys Routing
    • Address Translation


  • Redundancy
    • NSRP Terms and Concepts
    • Configuring NSRP Active/Passive
    • Configuring NSRP Active/Active, VSD-Less Cluster and NSRP-Lite
    • Tuning Failover Performance
    • VRRP Support
    • Redundant Interfaces


  • Traffic Management
    • Need for Traffic Management
    • Egress Traffic Shaping
    • Ingress Policing
    • DSCP Marking


  • Appendix A: Virtual Systems Variations
    • Vsys with IP Classification
    • Transparent Mode Vsys