F5 Engineer Resume
Newark, NJ
PROFESSIONAL SUMMARY:
- Over 8 years of experience in the design, implementation, troubleshooting and documentation of LAN/WAN networking systems in Branch, telecommunication and Data Center environments
- Proficient with network hardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet, Gigabit Ethernet.
- In depth expertise in routing protocols (BGP, OSPF, EIGRP, RIPv1&2), Switching architecture and protocols (VLAN’s, Truncking and Spanning Tree)
- Hands - on experience in configuring Cisco routers/ Switches to perform functions at the Access, Distribution, and Core layers.
- Experience in working with Nexus.
- Excellent working knowledge of TCP/IP protocol suite and OSI layers.
- Experience with Firewall Administration, Rule Analysis, Rule Modification.
- Implemented traffic filters using Standard, Extended and Named access-lists.
- Experience in configuring and troubleshooting IPSEC site to site VPN solutions.
- Working experience with Datacenter Switches such as Nexus 2K, 5K and 7K.
- Experience with F5 Load Balancing.
- Responsible for Checkpoint and Cisco ASA firewall administration across our global networks.
- Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
- Expertise in telecom OSS support and integration of new network elements through OSS
- Experience in Tier- 2 support, BMC Remedy tool, NMS ticketing system, network troubleshooting, handling escalation, Root cause analysis (RCA) and SLA’s
- Understanding of latest security trends, vulnerability assessment techniques and attacks like DOS and MITM.
- Hands on experience with BIG-IP environment utilizing two or more of the following: GTM, LTM, APM or ASM.
- Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
- Documented standard operation policies for Cisco IOS, IOS-XR, IOS-XE, NX-OS and ASA firewalls.
- Worked on BIG-IP Access Policy Manager (APM) contextually secures, simplifies, and protects user access to apps and data, while delivering the most scalable access gateway.
- Extensive level of experience on Network firewall security like Palo Alto, ASA, IPS/IDS, checkpoints, NGX R65 Gateways, Secure Platforms.
- Networking: TCP/IP, Troubleshooting client network connectivity in SIMS Buildings, DNS Troubleshooting, Remote Access - Virtual Private Network (VPN).
- Configuring and supporting various SIMS Applications in Virtual Machine (VM) ; Process training for new hires and mentoring them in the first few weeks of hitting the floor
- Provided Managed firewall clients with regular status reports of their trouble tickets and opened, resolved, or updated support tickets for managed firewall clients.
- Executed changes on various firewall proxies and scripts over entire network infrastructure using Service Now ticketing tool.
- Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewall, Check Point Clustering and load balancing features.
- Configuring and troubleshooting remote access and site to site-in Check Point & ASA Firewall.
- Experience with converting Check Point VPN rules over to the Cisco ASA solution. Migration experience with Cisco ASA VPN.
- Backup and restore of Check Point and Cisco ASA Firewall policies.
- Monitoring traffic and connections in Juniper and ASA Firewall.
- Manage project task to migrate from Cisco ASA Firewall to Check Point Firewall.
- Automated administration using PowerShell, Perl & Python scripting.
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN, Trunks, VTP, Ether channel, STP, RSTP and MST
- Proficiency in configuration of VLAN setup on various Cisco Routers and Switches
- Experience in operating and maintaining Cisco IOS, Cisco Works, Cisco ACS, and Cisco Wireless.
- Experience in configuring and troubleshoot of Wireless LAN Controller and Access Points.
- Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
- Extensive Knowledge on monitoring tools like SolarWinds, Net flow, Netbrain, and Infoblox.
- Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools
- Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, DMVPN AAA (TACACS and LDAP)
- Experience in trouble-shooting both connectivity issues and hardware problems on Cisco based networks
- Implemented Riverbed network monitoring solution for critical networks and applications.
- Strong hands on experience on PIX, Firewalls, ASA (5540/5550) and Juniper SRX Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, DMVPN IPS/IDS, AAA (TACACS+ &RADIUS).
- Expertise in VOIP protocols like H.323, MGCP, SIP, and SCCP.
- Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
- Provided 24x7x365 availability and on-call support as required by the projects.
- Worked on the migration to new Checkpoint R75 firewalls from Juniper firewalls.
- Excellent working knowledge of TCP/IP protocol suite and OSI layers.
- Experience of communicating with customers, solving complex problems in a timely productive manner.
TECHNICAL SKILLS:
Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, Confidential, QIP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS
Hardware: Dell, HP, CISCO, IBM, SUN, Checkpoint, Sonic Wall, Barracuda Appliances, SOPHOS email appliances
Operating Systems: Windows, NT, MS-DOS, Linux, Microsoft Windows 2008 R 2/ 2008/2003/2000 /2012 NOS family, Microsoft Active directory 2008/2003/2000, VM Ware ESX/ESXi server, Cisco ISO
Application Servers: DNS, Confidential, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010, Microsoft SharePoint 2007/2010
CISCO Switches: Cisco 3550, 3750, 45XX, 65XX series
JUNIPER Routers: Juniper MX480, 240, 80 series
JUNIPER Switches: Juniper EX4500, 4200, QFX 5100, QFX 5200
Firewalls: Check Point, ISA 2004/2006/ ASA 5585/5520, FWSM, Palo Alto /Checkpoint 4200/Nokia IP-560, Cisco PIX 535/525
Routing/Routers: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600
Infrastructure Hardware: IBM, HP, Compaq, Dell desktops\laptops\servers, Cabling, Network printers, IP KVM Switches, Cisco Routers & Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN
Switching: VLAN, VTP, STP, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging
Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, Confidential, DYNDNS, DNS, QIP
VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500
Security Tools: Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase
PROFESSIONAL EXPERIENCE:
Confidential, Newark, NJ
F5 Engineer
Responsibilities:
- Engineering traffic management solutions, including the design, low level engineering, and application load balancing solutions for client applications across the pre-provisioned ADC infrastructure.
- Collaborating with Application owners, Network Team, DNS Team, and Firewall Team, to migrate applications from Legacy NetScaler Load Balancer to New F5 BIG-IP Local Traffic Manager
- Engineering and configuring Virtual Server, Pools, iRules, Profiles, Persistence, and monitor on F5 LTM to match the configuration the Application had on NetScaler
- Successfully migrated from BIG-IP 3600 to vCMP 5200v.
- Used Confidential to dynamically assign reusable IP addresses to Confidential clients using Inflobox IPAM and resolved IP address conflicts.
- • Monitoring and capturing the traffic using network management tools like solar winds and InfloBox.
- F5 migration of applications to new BIG-IP vCMP infrastructure.
- F5 build-out of the base F5 BIG-IP infrastructure, including the BIG-IP 10200v platforms and vCMP guest instances.
- Updated the vCMP guest and exporting the vCMP.
- Migrating applications from cisco ACE/CSM to F5LTM, and GSS configurations to F5 GTM wide-ip's.
- Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers.
- Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers.
- Extensive hands on experience with BIG-IP 5000 and 2000 series.
- Allocation and designing appropriate virtual IP for F5 ADC through IPAM InfloBox.
- Licensing and provisioning of F5 modules such as LTM, GTM, VCMP (Virtual Cluster Multi Processing).
- Extensively worked on code upgrades from v11.5.3 to v11.5.3 and downgrades from 12.0.0 to 11.5.4.
- Extensively worked on virtual F5 LTM module on VMware for application testing.
- Configured VCMP Host and created VCMP guests for Exchange and ACE migrations.
- Created a high availability feature between the VCMP guests for different VCMP hosts.
- Extensive knowledge in configuration via CLI (TMSH and advance shell).
- Good knowledge on basic iRules scripting and debugging.
- Creating custom profiles, health monitors, and also configuring SNAT pools, syslog and SNMP
- Implementation of major application services with the iApps templates.
- Extensive knowledge and experience regarding F5 BIG-IP LTM VIP configuration with health check.
- Extensive knowledge and experience with hosting SSL certificates on F5 platforms.
- Experience in managing the load balancers in a high-availability infrastructure.
- Strong verbal and written communication skills, problem solving skills, customer service and interpersonal skill
Confidential , Oakbrook, IL
F5 Consultant
Responsibilities:
- Engineering traffic management solutions, including the design, low level engineering, and application load balancing solutions for client applications across the pre-provisioned ADC infrastructure.
- Collaborating with Application owners, Network Team, DNS Team, and Firewall Team, to migrate applications from Legacy NetScaler Load Balancer to New F5 BIG-IP Local Traffic Manager
- Engineering and configuring Virtual Server, Pools, iRules, Profiles, Persistence, and monitor on F5 LTM to match the configuration the Application had on NetScaler
- Onboarding and Certifying new F5 device to replace End of Support, End of Life legacy F5 appliances
- Coordinating post-application-migration sessions with Network Team, Application Support Team, and firewall Team to identify issues related to Application migration.
- Handling various trouble tickets, firewall rule changes, assisting other teams to bring the device to production, making DNS changes in InfloBox and routing changes.
- F5 BigIP pools, monitors, profiles and VIP's configuration and troubleshooting.
- iRules scripting using TCL (Tool command language) for HTTP redirection, redirection of HTTP traffic from one data center to another data center, content based redirection.
- Live VIP's cutover from NetScaler to F5 LTM, migrating Citrix NetScaler devices to F5 LTM 8900 Series devices.
- Worked on configuration and maintenance of Webtops and Portal Access, and F5 SSL VPN and network access.
- Configured different load balancing methods on F5 LTM & GTM and worked on one-connect profiles and HTTP compression and several persistence profiles.
- Successfully migrated from BIG-IP 3600 to vCMP 5200v.
- F5 migration of applications to new BIG-IP vCMP infrastructure.
- F5 build-out of the base F5 BIG-IP infrastructure, including the BIG-IP 10200v platforms and vCMP guest instances.
- Updated the vCMP guest and exporting the vCMP.
- Configured VIPIRION chassis on v11.x on Active/Standby mode with 4 vCMp guests
- Successfully deployed VIPRION 2400 with 2 blades and licensed the chassis with vCMP
- Licensing the VIPRION 2400 vCMP guest and mirroring the vCMP guests
- Configuration of vCMP in HA architecture and sync-failover group between two vCMP guests.
- Separation of partitions and interfaces on vCMP guests.
- Successfully migrated from BIG-IP 4200 LTM to 5250 vCMP guest.
- Migration of applications from Cisco ACE to F5 LTM.
- Maintenance and analysis of the F5 network for any possible up-gradation.
- Configuring the VIPs, pools, irules and profiles on F5 LTM 10.x and 11.x version and also Code upgrades from 11.4.0 to 11.5.1 HF8.
- Migrating applications from cisco ACE/CSM to F5LTM, and GSS configurations to F5 GTM wide-ip's.
- Configured and troubleshooting the F5 LTM and APM and providing level 2 support for the customers.
- Working with F5 APM sessions and manipulating session using iRule and configuring and maintaining Webtops and Portal Access.
- Extensive experience configuring Access Policy Actions and branch rules.
- Experience in configuring and maintaining F5 SSL VPN and network access and Single Sign-On (SSO) for SAML resources.
- Upgraded the F5 LTM and APM modules from v.11.4.1 to v.11.5.3 in high-availability architecture.
- Implemented F5 LTM and GTM changes using CLI (TMSH and advance shell) configurations and Experienced in administration of F5 infrastructure.
- Created the AAA servers for LDAP and AD authentication in F5 APM.
- Design and deployed F5 LTM and GTM load balancer infrastructure per business needs from the ground up approach.
- Responsible for the implementation, migration and customization of customer DNS, Confidential, IPAM solutions using the Infoblox platform.
- Implementing Proof of Concept for Infoblox DNS Firewall and diagnosed issues and applied fixes on Infoblox Switch Port Manager.
- Applied current licenses and performed software upgrades for Infoblox Switch Port Manager Onboarding and Certifying new F5 device to replace End of Support, End of Life legacy F5 appliances
- Implemented Web traffic load balancing function and manipulated.
- Good knowledge on basic iRules scripting and debugging scripting to perform load balancing decisions
- Created Access policies on APM module using AD and LDAP authentication for external clients.
- Configured SSL offloading, bridging and pass through for custom applications per business needs.
- Responsible for High and low-level design as it pertains to load balancing infrastructure and changes
- Implementation of major application services with the iApps templates.
- Successfully migrated the Exchange 2010 application from TMG environment to F5 LTM/APM.
- Successfully migrated the SharePoint 2010 application from UAG environment to F5 LTM/APM.
- Successfully migrated other external facing web application onto F5 LTM.
- Extensive knowledge and experience regarding F5 BIG-IP LTM VIP configuration with health check.
- Extensive knowledge and experience with hosting SSL certificates on F5 platforms.
- Experience in managing the load balancers in a high-availability infrastructure.
- Strong verbal and written communication skills, problem solving skills, customer service and interpersonal skills
Confidential, Greensboro, NC
Sr. Network Engineer
Responsibilities:
- Installation, configuration and maintenance of Palo Alto Firewalls, Cisco ASA firewalls.
- Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
- Demonstrate the features and benefits of various software to the staff and documented the operations.
- Used Varonis Data advantage and Data Alert to monitor and analyze and alert file system activities on NAS.
- Switch experience includes Cisco Catalyst switches: CISCO 3750, 4500, 6500 series switches and Cisco Nexus switches 7000 and 7700 series.
- Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
- Configuration and maintenance of Juniper Net Screen SSG-550.
- Configured DNS and Confidential for servers using InfloBox.
- Configured Routers for OSPF, EIGRP, BGP protocols.
- Hands on experience and Good Understanding of OSPF, BGP, MP-BGP, MPLS-VPN, DMVPN.
- Network Deployment of MPLS Cloud - Designed, constructed, implemented, tested and launched various network nodes featuring BGP, OSPF, MPLS and VLANS using RSTP, gateway redundancy protocols HSRP, GLBP and VRRP.
- Working with QIP, Confidential and DNS with BGP, OSPF, EIGRP and MPLS experience help Build Data Centers.
- Used Infoblox for DNS management of network infrastructure.
- Configuration and maintenance of OSPF protocol which was the enterprise IGP. Configuration included deploying of new branch locations or new network devices in the existing infrastructure. Creating Stub Areas & configuring Summarization for effective Routing.
- Using PBR with Route Maps for route manipulation/filtering. Troubleshooting routing issues like suboptimal routing and asymmetric routing.
- Responsible team member to troubleshoot the problems from indoor 802.11n Access Point Cisco AirNet 600, 1600, 2600 and 5500/2504 wireless controller series.
- Provided technical support for full setup, debugged the problems of OSPF, switching and HSRP.
- Switching related tasks included implementing VLANs, VTP and configuring and maintaining multi VLAN environment and inter-VLAN routing on Fast-Ethernet channel.
- Configured Object Grouping, Protocol Handling and Code up gradation on Palo Alto Firewalls.
- Conducted vulnerability assessments and generic security scans of both systems and networks to identify and mitigate security vulnerabilities using Nessus Vulnerability Scanner.
- Configured and monitored Firewall logging, DMZ’s and related security policies.
- Responsible for service request tickets generated by the ServiceNow ticketing system in all phases such as troubleshooting, maintenance, upgrades, patches, fixes, and all around technical support.
- Configuration of ACLs in Cisco 5540 series ASA firewall for Internet Access requests for servers in LAN and DMZ and also for special user requests as authorized by management.
Confidential, Columbus, OH
Network Engineer
Responsibilities:
- Implemented Voice VLANS, UDP, SIP, and RTP and provide QOS by DSCP and IP Precedence.
- Used Confidential to automatically assign reusable IP addresses to Confidential clients.
- Integrate VoIP with PSTN and setup voice Gateway ensuring QOS for Cisco based Voice over IP and CDR for voice call Accounting.
- Experience working with Juniper Routers (MX960, MX480, M320) and Switches (EX2400, QFX Virtual Chassis Switches) with BGP, OSPF, VSTP, MST layer 2 and layer 3 Technologies.
- Design and implement campus switch network with Cisco Layer 3 switches (3750, 4500, and 6500) in multi VLANs environment and inter-VLAN routing, HSRP, ISL trunk, ether channel.
- Experience working Juniper T-Series, M-Series, MX-Series, J-Series Routers.
- Configuring OSPF and Static routing on Juniper M and MX series Routers
- Configuration 7609, 7606 with OSPF and juniper (EX, QFX and QFabric) switches with various VLAN.
- Designed MPLS VPN and QoS for the architecture using Cisco multilayer switches
- Implement Cisco Works 2000 device to manage Cisco routers, switches, PIX and ASA firewall, Access Points, Concentrators.
- Experience in working with installing Nexus 7010 License upgrade.
- Experience in installing and configuring Checkpoint NGX R60.
- Maintain Security policy by monitoring PIX firewalls (515 and 520).
- Experience working with Network management software NSM primarily to manage the firewalls as well as performing changes as per the requirement.
- Involved in effective communication with vendors, peers and clients in resolution of problems, equipment.
- Hands on experience in F5 LTM series like 6400 for the corporate applications and their availability.
- Experience working with F5 load balancer, its methods, implementation and troubleshooting on LTMs and GTMs.
- Manage and support all F5 LTM's in pre-production and production environments.
- Configuring Vlans, Self IP's& Routes on F5 load balancers.
- Worked with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- Worked extensively in configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs / Routing / NATing with the firewalls as per the design. Primary responsibility is to design and deploy various Network Security & High Availability products like Cisco ASA and other Security Products.
- Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
- Experience with converting PIX rules over to the Cisco ASA solution.
- Implemented Splunk to drive reporting and search for data collected from Cisco firewall devices - FWSM, Pix and ASA
- Handling network devices such as Switches (Cisco Catalyst 2900 and 3500 series), Routers (Cisco 2600, 2800 and 7200 series), Firewalls, Load balancers etc.
- Analyzed Network Traffic Latency issues and modified Riverbed for Resolution and Configured Riverbed In-Path and Peering Rule creation.
- Deployed the Cisco 3500 Access Points using Cisco Wireless controllers 5500 and 2500 and WCS System.
- Experience configuring Virtual Device Context in Nexus 7010.
- Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
- Designed and implemented a redundant WAN solution to interface existing platform in AWS to both the datacenters in US using AWS Direct Connect and BGP to provide high availability to the customers.
- Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access
- Management of Infoblox Grid Manager to manage DNS Forward and Revers Lookup Zones and Administrated QIP DNS system.
- Experience working with ASR 9000 series switches with IOS-XR
- Experience working with design and deployment of MPLS Layer 3 VPN, DMVPN cloud, involving VRF, Route Distinguisher(RD), Route Target(RT), Label Distribution Protocol (LDP) & MP-BGP
- Functional and Regression Testing.
- Experience in Configuring, upgrading and verifying the NX-OS operation system.
- Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Confidential, Reston, VA
Network Engineer
Responsibilities:
- Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
- Firewall Policy administration and work with user requests submitted by users. Use HP Service Manager Ticketing System for change and incident management.
- Work actively on Fortinet UTM firewall administration using FortiManager
- Cisco ASA Firewall configuration and troubleshooting.
- Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
- Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
- Troubleshooting issues using advanced techniques such as TCPDUMP, FW Monitor, Optnet packet captures, Wireshark.
- Built and support VRRP / Cluster based HA of Checkpoint firewalls.
- Firewall Policy Optimization
- Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
- Maintaining ACS server and providing access to Network devices.
- Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
- Backup and restore of checkpoint Firewall policies.
- Black listing and White listing of web URL on Blue Coat Proxy servers
- Review Firewall rule conflicts, unused rules and misconfigurations and clean up.
- Checkpoint firewall policy administration and support between various zones.
- Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
- Configuration and extension of VLAN from one network segment to their segment between Different vendor switches (Cisco, Juniper)
- Upgraded and converted 6 HA CheckPoint SPLAT pairs to PaloAlto.
- Architected and designed were on the network to place (multiple) IDS, FireEye and DLP devices.
- Implemented the SPAN ports to facilitate the various network device traffic captures with Endace.
- VPN User access management on Check point firewalls.
- Part of migrating the entire store Cisco ACL's to Fortinet UTM devices.
- Build and support Site to Site IPsec based VPN Tunnels
- Dynamic site to site IPsec VPN implementation with the help of DYDNS accounts for connecting four locations to a central location through internet by using cisco routers.
- Implemented site to site IPSec VPN solution between our Corporate Office and the Datacenters, POPs, AWS cloud network to facilitate remote IT administration purposes.
- Work on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
- Hardened Cisco routers and switches.
- Manage LAN & WAN and BlueCoat proxy servers
- Maintained DNS records via QIP and DYNDNS systems.
Confidential, Dallas, TX
Network Engineer
Responsibilities:
- Responsible for configuring firewall rules in between DMZ’s, from external vendors to the systems in DMZ’s for TDQ (Test, Development & Quality Analysis) as well as production Environments.
- Responsible for building and maintaining Private Frame Relay Circuits between Lowes and different banks to ensure secure transfer of the credit card and gift card data.
- Responsible for building and maintaining site to site VPN tunnels with other business partners based on the business requirements.
- Designing, implementing and configuring virtual device contexts (vDCs), virtual port channels (vPCs), and virtual routing and forwarding instances (vRFs).
- Designing, configuring and Handling complaints for intranet and extranet VPNs over MPLS backbone. Checking the connectivity between different locations.
- Worked on ASA 5500 series Firewall providing support and configuring for NAT, PAT & advanced Firewall rules implementation. IPS on ASA’s with Botnet protection
- Created dynamic access policies on the ASA’s for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.
- Upgraded the code on multiple ASA’s from 8.2 to 8.4 which required a very great deal of configuration changes especially due to the change of syntax for building NAT’s on 8.4.
- Planning, designing and implementation of moving multiple DMZ’s on FWSM’s to ASA’s by creating Multi-Context Environments on the ASA.
- Installing and configuring FWSM and ACE modules on Cisco 6509 distribution switches.
- Used CyberArk for a small cluster to provide multi-layer security, monitoring and maintaining activities in the network.
- Maintained security of the cluster by maintaining updated ACL using CyberArk. Creating, Managing and maintaining rules to adhere corporate security standards using checkpoint Firewall
- Developed shell Python scripts to automate the maintenance process.
- Involved in managing and maintaining around 100 + firewall of CISCO PIX, ASA and checkpoint, Netscreen firewalls and Cisco VPN concentrators
- Installing & Configuring Checkpoint NG AI (R-65) in a standalone environment.
- Configured Routing protocols such as OSPF, BGP static routing and policy based routing.
- Configured HSRP and VLAN trunking 802.1Q, VLAN Routing on Nexus 7k, 5k and Catalyst 6500 switches.
- Assisted in planning, designing and implementation of NAC for network access control throughout the Lowes network. Administrated Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trucking using Pap for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.
- Effectively utilizing complex lab setups to duplicate and solve Enterprise and Cisco Partners voice and video problems as well as possible interoperability issues between Cisco Video and Voice Platforms and third party video and voice platforms. Troubleshooting large video and voice networks on a daily basis, where protocols such as H323, SIP, ISDN are in use.
- Participated in On-call rotation along with just one other person throughout the period of work to provide level 3 support for the OCC on issues related to Firewalls.
Confidential
Network Engineer
Responsibilities:
- Responsible for managing network & security at the Data center.
- Implementation and configuration of Firewalls Especially Checkpoint and Cisco ASA.
- Work on Policy administration of Cisco and Checkpoint Firewalls
- Troubleshooting end user connectivity issues through the firewalls and network.
- Making sure the NAT is applied appropriately on the firewall for all the third party and DMZ traffic.
- LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
- VLAN’s design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
- Responsible for ASA 8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Troubleshooting Layer 2 and Layer 3 issues.
- EIGRP and RIP version 1 & 2 Routing Protocols. Redistributing from OSPF to EIGRP and vice versa.
- Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Transition.
- DNS, Confidential services configuration and support.
- Deployed a Syslog server to allow proactive network monitoring.
- Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
- Configured Client VPN technologies including Cisco's VPN client via IPSEC.
- Configured Firewall logging, DMZs and related security policies and monitoring.
- Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
- Installing and configuring System Center Configuration Manager 2007.
- Worked on Site Recovery Manager 5.0 for Disaster recovery.