Junos Security
12.a
Lab Diagrams
Worldwide Education Services
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-JSEC
�This document is produced by Juniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks
Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their respective owners.
Junos Security Lab Diagrams, Revision 12.a
Copyright 2012, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History:
Revision 9.aJuly 2009
Revision 10.aMay 2010
Revision 10.b--December 2010
Revision 12.aJune 2012
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 12.1R1.9. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental
or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
�Server
vr-device
srxD-2
Serial Console
Connections srxA-2
2012 Juniper Networks, Inc. All rights reserved.
Terminal
Server
srxA-1
Student
Workstations
____________/___
srxC-2
_______________
_______________
___________/___
/
___________/___
___________/___
Term Server _______________
Gateway
Server
vr-device
vr
device
srxD-2
srxD-1
Worldwide Education Services
www.juniper.net
Note: Your instructor will provide address and access information.
____________/___
srxC-1
____________/___
/
srxB-1
srxB
1
____________/___
____________/___
srxA-2
srxB-2
____________/___
srxA-1
Management Addressing
__.__.__.__/__
/
Management
Network
ge-0/0/0 (on all student devices)
Management Network Diagram
� 2012 Juniper Networks, Inc. All rights reserved.
Worldwide Education Services
Pod A Lab Diagrams
www.juniper.net
�Tagged Interface
Untrust Zone
ACME-SV
Juniper-SV
2012 Juniper Networks, Inc. All rights reserved.
vr201
201
(.10)
172.20.201.0/24
0/0/4 201
(.1) ge-0/0/4.201
vr101
101
(.10)
172.20.101.0/24
ge-0/0/4.101
0/0/4 101
Worldwide Education Services
Virtual Routers
Juniper-WF
vr102
102
(.10)
172.20.102.0/24
ge 0/0/4 102
ge-0/0/4.102
www.juniper.net
ACME-WF
vr202
202
(.10)
172.20.202.0/24
0/0/4 202
(.1) ge-0/0/4.202
lo0: 192.168.2.1
Untrust Zone
Host 172.31.15.1
lo0: 192.168.1.1
102, 202
srxA-2
Internet
srxA-2
101 201
101,
srxA-1
srxA
1
srxA-1
VLAN-ID
Hostname
VLAN Assignments
Network Diagram: Labs 17
�vr221
vr22v
( 2)
(.2)
(.1)
reth0
ge-0/0/2
2012 Juniper Networks, Inc. All rights reserved.
reth0 Network
172.20.10.0/24
VLAN 221
srxA-1
node0
ge-0/0/1
fab0
fab1
( 2)
(.2)
vr231
(.1)
reth1
ge-5/0/2
gge-5/0/1
Host 172.31.15.1
Worldwide Education Services
Trust Zone
Cluster-ID 1
fxp1
Untrust Zone
Internet
Network Diagram: Lab 8
www.juniper.net
reth1 Network
172.30.10.0/24
VLAN 231
srxA-2
node1
� 2012 Juniper Networks, Inc. All rights reserved.
Worldwide Education Services
Pod B Lab Diagrams
www.juniper.net
�Untrust Zone
ACME-SV
Juniper-SV
2012 Juniper Networks, Inc. All rights reserved.
vr203
203
(.10)
172.20.203.0/24
vr103
103
(.10)
172.20.103.0/24
ge-0/0/4.103
0/0/4 103 (.1) ge-0/0/4.203
0/0/4 203
Juniper-WF
vr104
104
(.10)
172.20.104.0/24
Worldwide Education Services
Virtual Routers
Tagged Interface
(see VLAN Assignments table)
g 0/0/4 104
ge-0/0/4.104
www.juniper.net
ACME-WF
vr204
204
(.10)
172.20.204.0/24
0/0/4 204
(.1) ge-0/0/4.204
lo0: 192.168.2.1
Untrust Zone
Host 172.31.15.1
lo0: 192.168.1.1
104, 204
srxB-2
Internet
srxB-2
103 203
103,
srxB-1
srxB
1
srxB-1
VLAN-ID
Hostname
VLAN Assignments
Network Diagram: Labs 17
�vr222
vr22v
( 2)
(.2)
(.1)
reth0
ge-0/0/2
2012 Juniper Networks, Inc. All rights reserved.
reth0 Network
172.20.20.0/24
VLAN 222
srxB-1
node0
ge-0/0/1
fab0
fab1
( 2)
(.2)
vr232
(.1)
reth1
ge-5/0/2
gge-5/0/1
Host 172.31.15.1
Worldwide Education Services
Trust Zone
Cluster-ID 1
fxp1
Untrust Zone
Internet
Network Diagram: Lab 8
www.juniper.net
reth1 Network
172.30.20.0/24
VLAN 232
srxB-2
node1
� 2012 Juniper Networks, Inc. All rights reserved.
Worldwide Education Services
Pod C Lab Diagrams
www.juniper.net
�Untrust Zone
ACME-SV
Juniper-SV
2012 Juniper Networks, Inc. All rights reserved.
vr205
205
(.10)
172.20.205.0/24
vr105
105
(.10)
172.20.105.0/24
ge-0/0/4.105
0/0/4 105 (.1) ge-0/0/4.205
0/0/4 205
Juniper-WF
vr106
106
(.10)
172.20.106.0/24
Worldwide Education Services
Virtual Routers
Tagged Interface
(see VLAN Assignments table)
ge 0/0/4 106
ge-0/0/4.106
www.juniper.net
ACME-WF
vr206
206
(.10)
172.20.206.0/24
0/0/4 206
(.1) ge-0/0/4.206
lo0: 192.168.2.1
Untrust Zone
Host 172.31.15.1
lo0: 192.168.1.1
106, 206
srxC-2
Internet
srxC-2
105 205
105,
srxC-1
srxC
1
srxC-1
VLAN-ID
Hostname
VLAN Assignments
Network Diagram: Labs 17
�vr223
vr22v
( 2)
(.2)
(.1)
reth0
ge-0/0/2
2012 Juniper Networks, Inc. All rights reserved.
reth0 Network
172.20.30.0/24
VLAN 223
srxC-1
node0
ge-0/0/1
fab0
fab1
( 2)
(.2)
vr233
(.1)
reth1
ge-5/0/2
gge-5/0/1
Host 172.31.15.1
Worldwide Education Services
Trust Zone
Cluster-ID 1
fxp1
Untrust Zone
Internet
Network Diagram: Lab 8
www.juniper.net
reth1 Network
172.30.30.0/24
VLAN 233
srxC-2
node1
� 2012 Juniper Networks, Inc. All rights reserved.
Worldwide Education Services
Pod D Lab Diagrams
www.juniper.net
�Untrust Zone
ACME-SV
Juniper-SV
2012 Juniper Networks, Inc. All rights reserved.
vr207
207
(.10)
172.20.207.0/24
0/0/4 207
(.1) ge-0/0/4.207
vr107
107
(.10)
172.20.107.0/24
ge-0/0/4.107
0/0/4 107
g 0/0/4 108
ge-0/0/4.108
Juniper-WF
vr108
108
(.10)
172.20.108.0/24
Worldwide Education Services
Virtual Routers
Tagged Interface
(see VLAN Assignments table)
www.juniper.net
ACME-WF
vr208
208
(.10)
172.20.208.0/24
0/0/4 208
(.1) ge-0/0/4.208
lo0: 192.168.2.1
Untrust Zone
Host 172.31.15.1
lo0: 192.168.1.1
108, 208
srxD-2
Internet
srxD-2
107 207
107,
srxD-1
srxD
1
srxD-1
VLAN-ID
Hostname
VLAN Assignments
Network Diagram: Labs 17
�vr224
vr22v
( 2)
(.2)
(.1)
reth0
ge-0/0/2
2012 Juniper Networks, Inc. All rights reserved.
reth0 Network
172.20.40.0/24
VLAN 224
srxD-1
node0
ge-0/0/1
fab0
fab1
( 2)
(.2)
vr234
(.1)
reth1
ge-5/0/2
gge-5/0/1
Host 172.31.15.1
Worldwide Education Services
Trust Zone
Cluster-ID 1
fxp1
Untrust Zone
Internet
Network Diagram: Lab 8
www.juniper.net
reth1 Network
172.30.40.0/24
VLAN 234
srxD-2
node1
