SUMMARY

• A network engineer wif almost 7 years of experience wif Cisco Certified CCNP ENCOR certification, proficiency in Fortinetand Palo Alto Environment.
• Technical solution deployment to merge voice and Data network for enterprise infrastructure.
• Expertise in migrating Cisco ASA and Fortinet firewalls to Palo Alto's Next - Generation Firewalls using PAN migration tool/ Expedition Tool.
• Extensive knowledge in Configuring, troubleshooting, and monitoring Palo Alto Firewalls from central management device Panorama M500.
• Expertise in implementing IPS/IDS.
• Hands on experience in implementing, configuring & troubleshootingrouting protocol like BGP, OSPF and EIGRP.
• Proficiently used python and netmiko libraries to develop pre/post validation scripts for thorough and efficient network maintenance and validations.
• Experience in working wif complex LAN & WAN networks, Cisco Routers, Catalyst & Nexus switches, Cisco ASA, FTDs, Palo Alto Firewalls, Arbordatacentersecurity tool, Forti managerdevice management,Forti analyzertool.
• Stood as primary support contact for all test teams regarding architecture, network topology and connectivity.
• Good understanding and troubleshooting skills on Linux and windows environment servers.

TECHNICAL SKILLS

Network Concepts: OSI Model, TCP/IP, IP addressing, Subnetting

Cisco devices: Cisco 2900, 3500,3750,, 6500 series, Nexus 6k,7k switches, ASR 1000 routers

Firewall: ASA 5520, 5555-X, Fortinet 60E, 100E, 500E,1101E, Palo Alto3k, 5220, 5250

Routing Protocols: Inter-VLAN, RIP, EIGRP, OSPF, BGP

Switching Protocols: VLAN, ARP, VTP, STP, MSTP, HSRP, GLBP, Port-Channels, Port Security

Security: NAT/PAT, Ingress & Egress Design, VPN, ACL’s, zone-based policy,IPv DoS policy

Infrastructure services: DNS, DHCP, ICMP, SYSLOG, SNMP, NTP, TFTP, AAA, TACAS, RADIUS, SSH

Networking Tools: Wireshark, MobaXterm, Putty, GNS3, VMware, Lucid CHart, Nagios, PRTG, SolarWinds

PROFESSIONAL EXPERIENCE

Network Engineer /Architect

Confidential, Dallas, Texas

Responsibilities:

• Migrated Cisco ASA Firewalls to Palo Alto Firewalls and Installed Palo Alto PA 7000, 5260,5250 firewalls to teh Data Center and maintained IPSec and SSL VPNs.
• Performed Firewall migrations from ASA 55XX Series to Palo Alto using teh PAN Expedition Tool.
• Configuration of firewall (Palo Alto) security policies, Global Protect VPN, URL filtering, Data filtering and file blocking Profiles.
• Currently working on Palo Alto (3050, 5060,7000) and Panorama 100, 500 series machines, (PAN - OS 8.6)
• Installed and maintained VMware NSX.
• Experience in developing & implementing use cases of next generation firewalls in VMware NSX & Palo alto Network.
• Configured ADS (Active Directory Sever) and LDAP wif Palo Alto Firewall to autanticate User IDs.
• Maintained multi-segmented application-based network wif VMware NSX and Palo alto firewalls.
• Created enterprise multi-Zones in VMware NSX and Integrated that wif Palo Alto network. Experience in integration of NSX manager 6.0 wif Palo alto firewalls.
• Implemented and analyzed IPS IDS / Application Filter / Web Filter Configurations, IDS/IPS Signature for various vulnerability as per teh company user requirement.
• Diagnosed several networking issues using pcap captures, packet sniffing and tools like Wireshark.
• Design of a multi-location network to maintain teh connectivity between teh various field offices.
• Ensured high availability wif Bi-FortiGate (HA) feature and wif HSRP for cisco devices
• Firewall security policy implementation and monitoring Cisco ASA and Fortinet policy and network.
• Designed network flow for critical payment transaction business for internet access and reachability from Internet on cisco layer 2 switch and FortiGate equipment over teh enterprise environment
• Worked wif datacentre Internet Service Provider to request IP subnet expansioninvoice and deployed new IP subnet in DC environment by adding policy’s, rules and routing.
• Hands on experience on Arbor tool for Mitigation and Countermeasure maintenance and analysis
• Implemented Ipv4 DoS policiesfor internet facing apps wif incorporating L3/L4 anomaliesto protect against security breaches
• Point of contact for enterprise VPN user connection and service on ASA and FortiGate VPN firewalls.
• Configured LDAP backup solution for Okta VPN user autantication failure issues.
• Migrated vendor IPsec tunnels form cisco platform toFortiGate by co-ordinating improvised phase1 and 2 proposals.
• Upgraded and Maintained ASA 55XX and FortiGate 60E, 100E, 500E, 1101E based on vulnerability scans.
• Experience in setting up IPSEC VPN and AnyConnect remote VPNfor Business connectivity using ASA.
• Supported network device migration project from Cisco ACS to ISE 2.6 & upgraded version to 2.7 patch 3
• Implemented and redistributedOSPF routesto internalEIGRP and BGP routing using route filter and summarization.
• Managed Fertigate firewalls utilizing FortiManager and constantly ensured software upgrades.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Configured ACLs in Cisco ASA 5520 firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT and Implemented and configured Fortinet firewall FortiGate 600, 800 series
• Designed & implemented Fortinet network & third party equipment as per ISP SR (service request) teh included A10, Cisco Catalyst, Cisco Nexus 7K and higher end FortiGate
• Created multiple security profiles such as DOS protection, URL filtering, File blocking etc. and grouped them to apply for security policies on Palo Alto Firewalls.
• Configured and X-Forwardedmore than 100 Virtual IP addresson A10 Load-Balancer.
• Developed scripts to perform health check across entire Data Center network component including routers, switches, firewalls and load balancer using netmiko library and python coding.
• Rendered support for a blend of Fortinet products such as FortiGate Firewall and Forti analyzer.
• Incorporatedweb-filtering and intrusion prevention solutions for Fortinet clients in order to meet surf control policy and Industry standards. Also utilize fortianaylzer tool for data flow and analysis.
• Identified and worked wif TAC to replace a faulty module on Nexus 7K DC core switch.
• Acted as an escalated point of contact for tier and tier2 engineers
• MaintainedMerakiAPdashboard: adding andclaiming AP, monitoring, troubleshooting client connectivity to Internet.
• Configured DHCP pool on cisco router and resolved on DNS service outage issues.
• Whitelisting and blacklisting teh public websites on teh Fortinet 500E as per application.
• Manage and support all network related services and systems including: L2/L3 switches, DNS, DHCP, IPSEC tunnels, VPN user remote access, network switches, load balancers and a variety of monitoring, management, and notification systems.
• Planned and Deployed IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers along wif ASA Firewalls.
• Coordinated and deployed SD-WAN solution for more than 100 sites to increase teh site efficiently to 40%
• Well versed in voice call issuestroubleshooting andInternet Circuit turn up.

Network Analyst

Confidential, Tampa, Florida

Responsibilities:

• Troubleshooted issues in network wif OSPF, BGP protocols at different platforms of IOS, IOS-X.
• Cost-effective implementation of ACL and PATon ASA 5500for encrypted IPsec VPN links between teh networks.
• Expert level knowledge on standard and extended ACL's. Versed wif Route-map; implemented Policy Based Routing, Redistribution.
• Designed and deployed Palo Alto Network physical/virtual firewalls in private/public cloud infrastructures and datacenters. Worked wif F5BigIP LTM appliances, written I Rules, SSL offload, and everyday WIP and VIP tasks
• Expertise in Conducting security policy rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
• Create Rules (Pre, Post and Default), Objects, Device Groups and Templates on Panorama. Configure NAT/PAT Policies as well as Captive Portal
• Worked on AWS to Corporate connectivity and AWS EC2, Auto scaling, NAT Gateways. Managed Cisco PIX firewall for ACL and VPN and also worked wif teh physical server migration to AWS data center.
• Involved in designing and implementation of AWS network and connectivity b/w physical and AWS DC and designing and deploying dynamically scalable, highly available, fault tolerant and reliable applications on AWS.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, iBGP, eBGP and ability to interpret and resolve complex routing issues.
• Expert level knowledge on standard and extended ACL's. Versed wif Route-map; implemented Policy Based Routing, Redistribution.
• Expert level Knowledge in OSI model, in depth knowledge and hands on experience on IPV4 addressing, subnetting, VLSM, ARP, reverse ARP, proxy ARP and ICMP concepts.
• Packet analysis tools such as Wireshark and monitoring tools like SolarWinds, Nagios, Netscout and SIEM tools like Splunk, QRadar.
• Expertise wif setting up NAT to secure resources in LAN by enabling PAT (Dynamic NAT Overload).
• Implement SMNP based monitoring and automated recovery system, reducing server downtime 15%.
• Analyzed TCP/IP like ICMP protocol (ping, telnet), traceroute packet using Wireshark.
• Adept knowledge on Linux server to maintain, managethe server’s health wif automated recovery script.
• Created VLAN and Inter-VLan routing wif Multilayer Switching.
• Developed auto-remediation of network alerts using python, monitoring tool (PRTG), StackStorm and SlackBot(hubot-adapter).
• Developed test cases to validate network state/health using PyATS and Genie.
• Resolved network issues involving Cisco Meraki switches, firewalls, access points and MDM platforms.
• Reviewing and creating teh new security policies on cisco ASAs and Palo Alto firewalls as per teh tickets requested by teh devops and designing team at teh front end
• Created instances in Service-Nowfor tickets & resolved network issues ofVoIP, 802.11a/b/g wireless technologies
• Maximizing network performance by monitoring performance tools; troubleshooting network issues and outages; scheduling upgrades; collaborating wif network architects on network optimization.
• Securing network system by establishing and enforcing policies; defining and monitoring access.
• Configuring and installing various network devices and services like routers, switches, firewalls, load balancers, VPN, QoS.

Network Support Engineer

Confidential

Responsibilities:

• Performed technical support for various client’s networks connections on EIGRP, BGP.
• Migrated of Cisco ACS to Cisco ISE, virtual ISE appliances to physical ISE appliances, forklift rip and replaces, patches and softwareupgrades.Tasksincluding installing software on Linux based systems, installing patches and upgrades, configuring teh autantication systems to support a variety vendor platform.
• Review, approve and provision tokens for user autantication. Enable locked user accounts. Perform periodic audits of users and groups in teh autantication system.
• Designed and deployed automation for network configuration, troubleshooting and monitoring.
• Developed customized monitoring checks, alerting, reporting and business intelligence.
• Configured Dynamic and Static NAT, extended access-list on Cisco ASA firewalls.
• Worked on route maps to understand and implement different BGP attributes like local preference, MED, AS-PATH etc. Managed enterprise BGP setup, made configuration changes and troubleshooting when needed.
• Performed several network and security review and remediation projects including Cisco ACS, Cisco ISE, Aruba ClearPass, Cisco network infrastructure, and Juniper network infrastructure.
• Deployed a remote DHCP server to client’s devices and configured NTP, AAA (TACAS/RADIUS), automatic logging.
• In depth knowledge on creating host profiles on ESXi 5/5.5 and deploy to hosts in a VMware cluster.
• Created reports on regular basis on network performance and traffic flow using PRTG monitoring tool.
• Day to day troubleshooting of various firewall related issues by monitoring and capturing teh real-time logs on firewalls using ASDM and Splunk as syslog server.
• Configured VLAN Trunking 802.1Q, STP and 802.1Q, STP and Port Security on Catalyst 6500 switches.