Sie sind auf Seite 1von 40

Junos Security

12.b

Junos Security 12.b WorldwideWorldwide EducationEducation ServicesServices 1194 North Mathilda Avenue Sunnyvale, CA 94089

WorldwideWorldwide EducationEducation ServicesServices

1194 North Mathilda Avenue Sunnyvale, CA 94089 USA

408-745-2000

www.juniper.net

Course Number: EDU-JUN-JSEC

Lab Diagrams

1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Course Number: EDU-JUN-JSEC Lab Diagrams

This document is produced by Juniper Networks, Inc.

This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education Services.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Junos Security Lab Diagrams, Revision 12.b

Copyright © 2013 Juniper Networks, Inc. All rights reserved.

Printed in USA.

Revision History:

Revision 9.a—July 2009

Revision 10.a—May 2010

Revision 10.b—December 2010

Revision 12.a—June 2012

Revision 12.b—June 2013

The information in this document is current as of the date listed above.

The information in this document has been carefully verified and is believed to be accurate for software Release 12.1X44-D10.4. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.

Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

YEAR 2000 NOTICE

Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.

Management Network Diagram

/ / / / / / / ge-0/0/0 (on all student devices) srxA-1 Management Network
/
/
/
/
/
/
/
ge-0/0/0 (on all student devices)
srxA-1
Management
Network
Serial Console
Terminal
Connections
srxA-2
Server
/
W Student
or stat ons
k
i
.
.
Management Addressing
srxD-2
srxA-1
srxD-1
srxA-2
srxD-2
srxB-1
/
vr-device
/
vr-device
srxB-2
Server
srxC-1
Gateway
srxC-2
Term Server
Server
Note: Your instructor will provide address and access information.
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Lab Diagrams

Pod A Network Diagram: Configuring and Monitoring Zones Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Security Policies Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Configuring Firewall Authentication Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Implementing Screen Options Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Network Address Translation Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Implementing IPsec VPNs Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Implementing IDP Lab

VLAN Assignments Hostname VLAN-ID Internet srxA-1 101 201 , srxA-2 102, 202 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxA-1
101 201
,
srxA-2
102, 202
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxA-2srxA-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.101
ge-0/0/4.102
ge-0/0/4.201
ge-0/0/4.202
(.1)
(.1)
Tagged Interface
172.20.101.0/24
172.20.201.0/24
172.20.102.0/24
172.20.202.0/24
(.10)
(.10)
(.10)(.10)
vr102 vr202vr201vr101
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod A Network Diagram: Implementing High Availability Techniques Lab

Internet Host 172.31.15.1 Untrust Zone Cluster-ID 1 ge-0/0/1 fxp1 ge-5/0/1 srxA-1 srxA-2 ge-5/0/2ge-0/0/2 fab0
Internet
Host 172.31.15.1
Untrust Zone
Cluster-ID 1
ge-0/0/1
fxp1
ge-5/0/1
srxA-1
srxA-2
ge-5/0/2ge-0/0/2
fab0
fab1
node0
node1
(.1)
(.1)
(.1)
reth0reth0
reth0
reth1
reth0 Network
reth1 Network
172.20.10.0/24
Trust Zone
172.30.10.0/24
VLAN 221
VLAN 231
2) ( 2)(
vr221
vr231vr22v

Pod B Lab Diagrams

Pod B Network Diagram: Configuring and Monitoring Zones Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Security Policies Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Configuring Firewall Authentication Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Implementing Screen Options Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Network Address Translation Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Implementing IPsec VPNs Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Implementing IDP Lab

VLAN Assignments Hostname VLAN-ID Internet srxB-1 103 203 , srxB-2 104, 204 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxB-1
103 203
,
srxB-2
104, 204
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxB-2srxB-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.103
ge-0/0/4.203
ge-0/0/4.104
ge-0/0/4.204
(.1)
(.1)
172.20.103.0/24
172.20.203.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.104.0/24
172.20.204.0/24
(.10)
(.10)
(.10)(.10)
vr104 vr204vr203vr103
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod B Network Diagram: Implementing High Availability Techniques Lab

Internet Host 172.31.15.1 Untrust Zone Cluster-ID 1 ge-0/0/1 fxp1 ge-5/0/1 srxB-1 srxB-2 ge-5/0/2ge-0/0/2 fab0
Internet
Host 172.31.15.1
Untrust Zone
Cluster-ID 1
ge-0/0/1
fxp1
ge-5/0/1
srxB-1
srxB-2
ge-5/0/2ge-0/0/2
fab0
fab1
node0
node1
(.1)
(.1)
(.1)
reth0reth0
reth0
reth1
reth0 Network
reth1 Network
172.20.20.0/24
Trust Zone
172.30.20.0/24
VLAN 222
VLAN 232
2) ( 2)(
vr222
vr232vr22v

Pod C Lab Diagrams

Pod C Network Diagram: Configuring and Monitoring Zones Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Security Policies Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Configuring Firewall Authentication Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Implementing Screen Options Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Network Address Translation Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Implementing IPsec VPNs Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Implementing IDP Lab

VLAN Assignments Hostname VLAN-ID Internet srxC-1 105 205 , srxC-2 106, 206 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxC-1
105 205
,
srxC-2
106, 206
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxC-2srxC-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.105
ge-0/0/4.106
ge-0/0/4.205
ge-0/0/4.206
(.1)
(.1)
172.20.105.0/24
172.20.205.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.106.0/24
172.20.206.0/24
(.10)
(.10)
(.10)(.10)
vr106 vr206vr205vr105
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod C Network Diagram: Implementing High Availability Techniques Lab

Internet Host 172.31.15.1 Untrust Zone Cluster-ID 1 ge-0/0/1 fxp1 ge-5/0/1 srxC-1 srxC-2 ge-5/0/2ge-0/0/2 fab0
Internet
Host 172.31.15.1
Untrust Zone
Cluster-ID 1
ge-0/0/1
fxp1
ge-5/0/1
srxC-1
srxC-2
ge-5/0/2ge-0/0/2
fab0
fab1
node0
node1
(.1)
(.1)
(.1)
reth0reth0
reth0
reth1
reth0 Network
reth1 Network
172.20.30.0/24
Trust Zone
172.30.30.0/24
VLAN 223
VLAN 233
2) ( 2)(
vr223
vr233vr22v

Pod D Lab Diagrams

Pod D Network Diagram: Configuring and Monitoring Zones Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Security Policies Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Configuring Firewall Authentication Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Implementing Screen Options Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Network Address Translation Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Implementing IPsec VPNs Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Implementing IDP Lab

VLAN Assignments Hostname VLAN-ID Internet srxD-1 107 207 , srxD-2 108, 208 Host 172.31.15.1 Untr
VLAN Assignments
Hostname
VLAN-ID
Internet
srxD-1
107 207
,
srxD-2
108, 208
Host 172.31.15.1
Untr st Zone
u
Untr st Zone
u
srxD-2srxD-1
lo0: 192.168.1.1
lo0: 192.168.2.1
ge-0/0/4.107
ge-0/0/4.207
ge-0/0/4.108
ge-0/0/4.208
(.1)
(.1)
172.20.107.0/24
172.20.207.0/24
Tagged Interface
(see VLAN Assignments table)
172.20.108.0/24
172.20.208.0/24
(.10)
(.10)
(.10)(.10)
vr108 vr208vr207vr107
Virtual Routers
ACME-SVJuniper-SV
Juniper-WF
ACME-WF
www.juniper.net©
Worldwide Education Services
2013 Juniper Networks, Inc. All rights reserved.

Pod D Network Diagram: Implementing High Availability Techniques Lab

Internet Host 172.31.15.1 Untrust Zone Cluster-ID 1 ge-0/0/1 fxp1 ge-5/0/1 srxD-1 srxD-2 ge-5/0/2ge-0/0/2 fab0
Internet
Host 172.31.15.1
Untrust Zone
Cluster-ID 1
ge-0/0/1
fxp1
ge-5/0/1
srxD-1
srxD-2
ge-5/0/2ge-0/0/2
fab0
fab1
node0
node1
(.1)
(.1)
(.1)
reth0reth0
reth0
reth1
reth0 Network
reth1 Network
172.20.40.0/24
Trust Zone
172.30.40.0/24
VLAN 224
VLAN 234
2) ( 2)(
vr224
vr234vr22v