P. 1
Gdnw Jncis-fwv Study Guide

Gdnw Jncis-fwv Study Guide

|Views: 4,558|Likes:
Published by Gavrilo
Hi,
Attached is a Juniper JNCIS-FWV Study Guide for exam JN0-532 in PDF document format. It is similar to the Jason Ha document some of you may remember from the past. However, my version follows the syllabus for the current exam.
If you find it useful, I would be really grateful if you can donate a little something to the below appeal Fund.
The Tsunami appeal information is here: http://www.rescue.org/japan-crisis
Finally can I ask for errata etc. to be sent to my GMX account which is garnet.newton-wade@gmx.com (I can withstand a bit of spam on that address  )
Thanks
Garnet Newton-Wade

Hi,
Attached is a Juniper JNCIS-FWV Study Guide for exam JN0-532 in PDF document format. It is similar to the Jason Ha document some of you may remember from the past. However, my version follows the syllabus for the current exam.
If you find it useful, I would be really grateful if you can donate a little something to the below appeal Fund.
The Tsunami appeal information is here: http://www.rescue.org/japan-crisis
Finally can I ask for errata etc. to be sent to my GMX account which is garnet.newton-wade@gmx.com (I can withstand a bit of spam on that address  )
Thanks
Garnet Newton-Wade

More info:

Published by: Gavrilo on Mar 21, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/11/2013

pdf

text

original

Failing over to a different firewall is disruptive and should be avoided but by cabling firewalls so
that each one has a redundant interface links to each network segment; interface redundancy
means an interface can be failed over failed over to a different interface rather than all traffic
failing over to a different firewall. Redundant interfaces are not part of NSRP but are used with
NSRP to build full-mesh setups.

It is possible to create redundant interfaces without enabling NSRP. If you are using redundant
interfaces with NSRP you can bind VSIs to the redundant interfaces. A redundant interface can
also be kept as a local interface instead of a VSI.

Grouping Physical Interfaces

Two or more physical interfaces are grouped together to create a redundant interface. One
interface is considered the primary interface and will be used for sending and receiving traffic
unless its link goes down in a redundant interface group. The secondary interface has its link up
at all times but is not active; traffic sent to it is discarded. Once the redundant interface has
been created, it can be configured like any other interface. It is assigned to a zone, given an IP
address, and can be referred to in unnumbered VPN tunnels.

Page | 101

NOTE: physical interfaces do not need to be assigned to the same zone as the redundant interface.

Internet

Eth 1

Eth 2

Ethernet 1 & 2 of the
NetScreen Firewall are
grouped together into
interface redundant 1
– IP Address 192.168.41.1

Primary Path

NetScreen
Firewall

In the above configuration all traffic normally passes over ethernet1. If that link fails, traffic is
instantly moved to ethernet2.

set interface redundant1 zone inside
set interface redundant1 ip 192.168.41.1/24
set interface ethernet1 group redundant1
set interface ethernet2 group redundant1
The first physical interface added to the redundant interface group becomes the primary
interface. This can be changed if desired. E.g. Interface redundant1 consists of physical
interfaces ethernet1 and ethernet2, and ethernet1 is currently the primary interface.

To change the primary interface to ethernet2:

set interface redundant1 phy primary ethernet2

Page | 102

NSRP QUESTIONS

QUESTION 1

You have configured NSRP Active/Passive using the default vsd-group. You are using
BGP to learn routes from adjacent network devices. You want each firewall to establish
a BGP peer to different upstream routers. You also want the backup device to learn
dynamic routes. Which configuration would ensure you can establish a BGP peer to two
different routers?

A. Configure two BGP peers on the same VSI interface, but use a different virtual
router on each device.
B. Use the unset vr nsrp-config-sync command and configure BGP peers
on the VSI interface.
C. Use the unset nsrp vsd-group id 0 and set nsrp vsd-group id 1 commands for VSI
interfaces, then configure BGP peers on the local interfaces, then unset vr
untrust-vr nsrp-config-sync.
D. Use the unset nsrp vsd-group id 0 and set nsrp vsd-group id 1 commands for the
VSI interfaces, then configure BGP peers on the local interfaces, then unset vr
nsrp-config-sync.

QUESTION 2

Which three steps comprise the basic NSRP configuration? (Choose three.)

A. Adjust VSD settings
B. Configure interfaces
C. Establish the HA link
D. Activate NSRP protocol
E. Configure cluster settings.

QUESTION 3

You have configured set nsrp vsd-group master-always-exist on your ScreenOS device.
What does this do?

A. The NSRP protocol will not initialize without a master
B. This device will always be master in the NSRP cluster
C. There will always be a master device in the NSRP cluste
D. The vsd-group will always be homed to the master in the NSRP cluster.

Page | 103

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->