JNCIS-FWV Exam Objectives (Exam: JN0-532)

This list is intended to provide a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.

Network Management
Troubleshooting with Debug & Snoop
Traffic Management
Virtual Systems
Dynamic Routing/Routing over VPNs
Attack Prevention


  • Identify IKE Phase 1/Phase2 negotiation sequence and proposals
  • Identify/differentiate IPSec standard elements (encapsulations, SA, SPI, etc.)
  • List steps for policy-based/route-based VPN configuration
  • Relate proxy-ID to VPN setup
  • Identify proper configuration for various hub/spoke configurations (policy, int. placement, etc.)
  • Identify NHTB requirements/configurations
  • Configure/verify AC-VPNs
  • Identify PKI components (certificates, CDL, etc.)
  • List steps for PKI implementation w/ VPNs
  • VPN Variations
  • Configure Dynamic Peer VPNs
  • Configure Transparent mode VPNs
  • Configure Overlapping Networks
  • Describe GRE applications/Configure GRE

Network Management

  • Configure local management (SSL, SSH, management restrictions).
  • Interpret internal counters and logs.
  • Configure SYSLOG.
  • Discuss logging levels.
  • Configure SNMP.

Troubleshooting with Debug/Snoop

  • Enable debug/snoop.
  • Set debug filters.
  • Set snoop filters.
  • Use get commands to validates/troubleshoot routing and policies.
  • Use debug output to identify routing and policy problems.
  • Use get commands to validate/troubleshoot address translation.
  • Use debug output to identify problems.
  • Use get commands to validate/troubleshoot VPN setup.

Traffic Management

  • Describe the bandwidth allocation process.
  • Describe queuing functionality.
  • List requirements/steps for configuring traffic management.

Virtual Systems

  • Define VSYS applications
  • Describe root vs. VSYS administration
  • Explain VSYS vs. root assignment of routes/NAT pools/etc.
  • Configure interface-based VSYS
  • Configure inter-VSYS communications, including NAT.
  • Use show/debug output to identify VSYS usage.
  • Configure VSYS resource allocation


  • Distinguish active/passive and active/active.
  • Describe NSRP operations (HA link, session sync, master election, etc.)
  • Configure active/passive and active/active NSRP.
  • Validate NSRP operations.
  • Adjust operations (secondary link, failover settings).
  • Configure redundant interface.

Dynamic Routing/Routing over VPNs

  • Configure RIP over VPNs
  • Configure OSPF over VPNs
  • Configure/verify OSPF routing
  • Configure OSPF options
  • Configure/verify BGP
  • Configure redistribution/filters/route maps
  • Configure static routes incl. floating static routes
  • Configure/verify source routing
  • Configure/verify policy routing

Attack Prevention

  • Describe SCREEN functions
  • Describe/configure Deep Inspection
  • Describe/configure anti-virus functionality
  • Configure web filtering


  • Configure/verify IGMP
  • Configure/verify PIM-SM