- 9+ years of experience in Network design, Security, Tier support of Networks in various environments.
- Experience working with security devices such as Firewalls, VPN switches and Intrusion Detection Systems.
- Extensive experience working on Cisco and Juniper routers/switches in complex environments with multiple ISPs.
- Expert in dealing with Networking Protocols and Standards such as TCP/IP, OSI, UDP, Layer 2 (VLANs, STP, VTP), Routing Protocols ( EIGRP, OSPF, BGP), WAN technologies (Frame relay, IPSec, VPNs, MPLS), QoS.
- Worked on Sever Profiles such as AD (Active Directory) and LDAP with Palo Alto Firewall to authenticate User - IDs.
- Experience working on Cloud Computing Virtualization using VMWare ESXi 4.0 and Windows Hyper-V.
- Experience on Network Monitoring & Testing tools such as Wireshark/Ethereal, Cisco Works, and IXIA.
- Good understanding of VoIP implementation and protocols such as H.323, RTP, and SIP.
- Experience in troubleshooting NAT configurations, Access-Lists (ACL), and DNS/DHCP related issues within the LAN network.
- In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
- Good understanding of cable management such as CAT3/4/5, Fiber-Optic (Multi & Single mode fibers).
- Knowledge of Subnetting IPv4/IPv6 addresses and IP address management.
- Experience in configuring HSRP and redistribution between routing protocols troubleshooting them.
- Familiar with security products such as Cisco ISE.
- Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
- In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
- Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
- Hands-on experience with TCP/IP, LANs, WANs, and WLANs (WiFi) Cisco VPN Concentrators, F5 Fire pass SSL VPN, 6509 Core Datacenter designs.
- Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection
- Worked on Palo Alto Firewall
- Worked on Cisco ASA 5500 series firewalls.
- Worked on Cisco Nexus 5010 Switch.
- Worked on FabricPath line card model N7k and N5k.
- Experience in F5, Cisco ACE 4710 Load balancers.
- Exposure to Cisco WAAS, WCS.
- Expert Level Knowledge about TCP/IP and OSI models.
- Familiar with security products such as Cisco ISE
- Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
- Excellent communication skills to interact with team members and support personnel and also can act as a mentor to less experienced personnel
- Working knowledge of security products such as Cisco ISE
Operating Systems: Windows (Server 2003/2008, Vista, Windows 7), Linux OS
Routers: Cisco GSR12016, ASR1001,1004, 2900, 3900, 7200, 7600, ASR9000 ASR9001, ASR 9006, Nexus 7010, 3900, 7206VXR.
Switches: Cisco 3750, 4507, 4510 & 6500 series switches, Nexus 7010, 5548, Nexus 9372px-E, Nexus 5010, Nexus 5548, Nexus 5020, Nexus 5596.
Routing: MPLS, OSPF, EIGRP, BGP, RIP-2, PBR, IS-IS, Route Filtering, Redistribution, Summarization, Static Routing
Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.
Network security: Cisco (ASA, PIX) 5510, Palo Alto, juniper, ACL, IPSEC VPN, GRE VPN, NAT/PAT, Filtering, Load Balancing, IDS/IPS,4G,5G.
Load Balancer: F5 Networks (Big-IP) LTM Module, Cisco ACE 30 load balancer
LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
WAN: Leased lines 128k - 155Mb (PPP / HDLC), Channelized links (T1/DS3/OC3/OC12), Fiber Optic Circuits, Frame Relay, ISDN, Load Balancing. Various Features & Services: IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP Management
AAA Architecture: TACACS+, RADIUS, Cisco ACS
Network Management: SNMP, Solar Winds, HP open view, and Wire shark, Netscout NGenius-one, HP OVO and Node Manager,Cacti,Cascade, Datadog and Newrelic(for application monitoring short term), Splunk (Log monitoring).
Network/Wi-Fi Support Engineer
- Most of the work included deployment, Migration, Security (managing the firewall, VPN and proxy’s) and operational.
- Provide Cloud migration support to AWS, GCP and Netbond. By Helping setup VPC through direct connects and help configure the servers to be a part to company private network.
- Implemented SNMPv3 on all of Disney online network space.
- Manage the Multi-Vendor Network for the Disney corporate online which comprises of Cisco, Juniper, Palo alto, F5, bluecoat devices.
- Working on Meraki access points, set up 4 access points for our work network with cloud management and cloud control.
- Working on manual replica (re-IP) reconfiguration and ensure minimum failover downtime, Veeam Backup & Replication offers possibilities of network mapping and automatic IP address transformation. configure a number of re IP rules for the replication job
- Configured, troubleshoot and monitored Checkpoint (21k, 5k, 3k and 2k) Palo Alto 3020 and Cisco 5500 Firewall.
- Perform failover on Veeam Backup & Replication to check if configured Re-IP rules apply for the VM replica.
- Experience of various wireless 802.11 standards, controllers, Access Points, Wi-Fi analytics from various vendors (Cisco Meraki, HPE/Aruba), SD-WAN (MX 65, MX100, MX400).
- Worked on tools like Cisco Prime Infrastructure, solar winds, CA - Spectrum, CA - Soi, NetMri, Infoblox, ClearPass, Aruba Airwave, Meraki and IP Data Base
- Implemented the migrated policies from Checkpoint R60 to Cisco ASA 8.6.
- Configuration and troubleshooting of Cisco ASR 9910, Juniper MX-960, MX-480, MX-104 routers in the data center and branch sites
- Work on VDC based routing on Nexus.
- Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010
- Configured and troubleshoot multi trust-zone SRX firewalls and VPN devices.
- Configure and maintain various F5 load balancer modules like BIG IP 3900 GTM, BIG IP PB200,Viprion 4300, BIG IP 8900, BIG-IP 4200.
- Worked on FabricPath line card model N7k and N5k.
- Knowledge and experience in DATA Center design and support. VPC, eVPC, VPC+, VDC, FabricPath.
- Configure site to site VPN to Vendors and business partners like Azure and Financial partners for secure connectivity.
- Leading team that enabled EM measurements for MMW for first generation of 5G products.
- Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE (Inline PEPs)
- Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls
- Troubleshooting network communication problems to resolve Layer 1 - 3 routing, switching, security, and wireless services.
- Make critical recommendations for WiFi designs
- Monitor and respond to network intrusions and vulnerability alerts raised by automated detection systems, internal and external reports and manual investigation, using tools such as: Solar Winds Network Monitoring, Source Fire IDS, Palo Alto Firewall Administration.
- Support Panorama Centralized Management for Palo alto firewall PA-500, PA-200 and PA3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
- Troubleshoot packet flow and memory leak issues on SRX 5800 and 1400 alongside vendor and customer.
- Maintain firewalls and replace SPC and FPC cards and help clear micro fabric chip alarms on srx5800.
- Cleanup memory issues on firewall and upgrade Clustered SRX5800 firewalls using ISSU from 12.1.to 12.3x48D30.
- Drafting and installation of Checkpoint Firewall rules and policies
- Implemented Cisco IWAN at 25 sites till now. Worked on turning a site into IWAN involving provision of two circuits, one for MPLS, other for Internet, activating these circuits, forming DMVPN over MPLS and DMVPN over Internet with our IWAN-MPLS and IWAN- INET head end routers at Datacenters.
- Configure firewall rules for business partner VPNs.
- Update Proxy rules on proxy sg900 through Bluecoat director and perform URL whitelists on Virtual Policy Manager (VPM) through web management console.
- Create new SNATs on Proxy for expansion subnets in the network for new business applications.
- Backup and restore proxy configuration and Perform upgrade on bluecoat proxy SG to keep and update Bluecoat web filter database locally.
- Configured Global Protect (Palo Alto) and SSL Network extender (Checkpoint) for remote users that create VPN Tunnel such as SSL VPN.
- Mitigate high CPU utilization issues on Proxys during peak moments and update health monitors.
- Perform Curl tests for proxy rules for user ad troubleshoot with user and bypass SSL if necessary.
- Configure VIPs and WAN profiles for customers.
- Train Business Units on F5 VIP creation process and write KB articles on the VIP creation process and Cert request process. Reset routes when a OSPF bug is triggered due to addition or removal of pool members or monitors for a VIP.
- Synchronize load balancers and create dashboard monitors on F5 for critical applications to monitor https transactions and gather data when Cavium nitrox card issue is triggered during peak utilization period.
- Perform blade replacement on Big-IP Viprion 4300 chassis and perform end user diagnostics (EUD) to find out any system and hardware failures on the chassis.
- Extract QKview and create UCS archives as backup and extract core files in an event of blade failure or reboot.
- Analyze qk-view files on i-health to see possible logs that may help determine the RCA for a failover or reboot event on the load balancers.
- Create customized health monitors for nodes and pools.
- Create GTM WIPs for users for global load balancing as disaster recovery/redundancy.
- Troubleshoot and search for missing configuration of VIPs throughout the network from Big-IP enterprise manager.
- Deploy and troubleshoot Layer 3 Vlans, configure STP an d HSRP. Investigate fex oversubscription issues in the network.
- Upgrade Nexus switches 5k access layer switches from os version 5.2 to 7.0 as per company standards and cisco recommendation to address some software bugs.
- Troubleshoot BGP on the core layer ASR 9006 to check route advertisement. Check MPLS circuit utilization and maintain the circuit.
- Update and create documentation for future reference and create KBs for training.
- Incident and change management through Service Now (SNOW) ticketing system.
- Co-ordinate and create shift rotation schedule for the team.
- Participate in 24x7 On-call rotation.
- On-call support for 45 Cisco and 3 Checkpoint firewalls
Confidential, Glenside, Philadelphia
- Primary responsibilities include performing move changes to network following standard ITIL ticketing process, design, implement & troubleshooting of networks.
- Created Operational, Standard & Emergency Changes for network design, raised demands, worked on tickets of various levels (P1, P2, P3) for troubleshooting user issues.
- Responsible for configuration and troubleshooting of Cisco 4331, 4431, 3945, 1941 and similar routers, Cisco 3650, 3560, 2960 and other switches. Configurations involved routing protocols like OSPF, BGP, and EIGRP, DMVPN, IWAN, QoS, Static routes, Vlans, VRFs etc.
- Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper MX Routers / SRX firewall.
- Managed Smart Center Checkpoint management server (SmartView Tracker)
- Migrated Checkpoint Open Server Cluster to Checkpoint 5400 Appliances.
- Migrated 6000+ users from icrosoft VPN to Checkpoint VPN.
- Creating or Modifying Firewall rules on Cisco 5555, 5520, Juniper SRX 345 and Palo Alto VM-300 devices
- Administrating PaloAlto Network Firewalls using Panorama Centralized Management System and troubleshooting firewall rules to prevent system problems.
- In corporate Cisco Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-protocol Label Switching (MPLS)
- Experience working on CISCO NEXUS data center infrastructure with 2000, 5000 and 7000 series switches by enabling networked devices to communicate effectively
- Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080.
- Managed Interoperable IPSec Tunnels between different Vendors like checkpoint and Cisco.
- Built, deployed and maintained Cisco Meraki Wireless Access Points. Created Networks, Implemented Firewall Policies, Defined Access, Formed Tunnels and maintained all devices on Meraki Cloud in separate networks with their respective SSIDs.
- Engaged in cross functional, technical discussions to define SW infrastructure / architecture for 5G factory algorithms and products.
- Define enterprise 5G strategy and product roadmap and identify priority use cases and industry verticals
- Install, troubleshoot, perform software update on a cloud based 5G RAN system.
- Prepared Functional/Performance 5G modem validation test plans for IP bring-up (Throughput, Stability, Carrier Aggregation, Mobility, IRAT, cDRX)
- Changing the Configuration, rules of Palo Alto Firewall and Checkpoint firewall changes as per the business requirement.
- Worked on migrating Checkpoint multi-Domain Servers (Provider 1) from R7 .30
- Built, deployed and maintained Cradlepoints for Internet access to various sites using Verizon 4G. Managed all the Cradlepoints on Cradlepoint ECM portal. Built some of them as main Internet providers, some to provide Internet offload and many others to work with Cisco ASAs to provide secure 4G VPN offload.
- Built Site to Site VPN tunnels between Cisco ASAs at required sites to the main hub ASAs at our Datacenters. Configured access lists, NAT statements, DHCP scopes, allowed the subnets on our main Checkpoint Firewall, redistributed these subnets on our main Nexus switches.
- Built, configured and maintained PRTG Network monitoring probes. Deployed probes with VMWARE-ESXi OS and communications established with main PRTG servers at Datacenters. Uploaded sensors for various applications like OTM, Salesforce, EDX, Hyperion, O365 etc. to monitor traffic utilization, latencies.
- All PRTG network monitors managed and maintained on the main PRTG server. Reports pulled out regularly when a change is made to a site to monitor the network performance.
- Worked on Checkpoint Firewalls to monitor traffic drops, implemented NAT rules to allow specific subnets on specific ports. Checked logs to monitor traffic hits, worked on failover to secondary firewall, troubleshooting of various bugs and fixes.
- Level 3 on call for Managing 52 Checkpoint firewalls and 4 Cisco FWSM firewalls
- Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig)
- Designed and built a number of sites to work on site to site VPN. Configured the core switch to have separate VLANs for different Wireless SSIDs, Data, Voice and Spare networks and traffic being routed to ASA. Underlying downstream switches connected to core using fiber.
- Migrated 7 VPN Tunnels from Checkpoint to Brand New Cisco ASA firewalls.
- Designed sites to have just MPLS or just Internet where DMVPN is established. Cradlepoints are designed to work alongside MPLS or Internet connections to provide offload.
- Design, Build & Troubleshoot networks for Univar locations and its acquisitions. Network Diagrams.
- Monitor nodes and troubleshoot any issues, TACACS, Cisco ACS, Cisco Prime, Cisco WCS, and Amazon Web Services.
- Managed Cisco firewalls from both the Command line and ASDM.
- Daily troubleshooting and log analysis of firewall issues using syslog, Smartview Tracker and Smartlog.
- Work with Cisco switches and routers, HP switches, Juniper and magnablend devices, Riverbed systems, Phone systems, Cisco ASA, Checkpoint firewalls, UPS systems, cradlepoints and PRTG network monitors, Opengear out of Band devices.
- Level 3 firewall Break-fix support - received and acted on pages from Level 2 and corrected faults
- 2960, 2950, 3560, 3650 cisco PoE & Non PoE switches. 1941, 3945, 4431, 4331 cisco routers, nexus 5k, 7k switches, riverbed 555 series, cisco ASA 5505,5506, Siemens phone system, Avaya phone systems
- IWAN deployment, MPLS & Internet circuit activations and configurations, cabling process, orders and quotes.
- Cisco Meraki configuration and cloud management. Configuration of APs, Firewall & Traffic Shaping, ACLs, Radius Server and wireless networks.
- Installed and maintained multiple Checkpoint firewalls R75 to R76 from scratch
- Configuration and deployment of Cradle points for internet offload.
- Configuration and deployment of PRTG network monitors using VMWare EsXi and vSphere.
- DNS Management (NS, A, PTR records), DHCP management, IPAM. Licenses and IOS of devices, TFTP Servers.
- Request and implement Operational, Standard & Emergency changes, raise and resolve incidents (High, Medium & Low Priorities), Raise Demands, ITIL ticketing system.
Confidential, Sacramento, CA
- Installed and Configured a Cisco secure ACS server for AAA authentication (RADIUS).
- Participated with the deployment and operation of information security systems, including integration, testing, troubleshooting, and updating/upgrading of various security tools and appliances such as antivirus, IPS, malware detection tools.
- Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
- Designed network rules to remove any-any rules for new implementation of Checkpoint firewalls version R-75-40.
- VPN configuration and troubleshooting on Checkpoint and Cisco ASA.
- Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
- Configured Panorama web-based management for multiple firewalls. Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network.
- Replaced many failed firewalls with new devices
- Worked on the Cisco I wan routers like Meraki MX(84,400)
- • Configuration of cisco meraki wireless security MX(64H,84)
- Configuration and maintenance of Cisco ASR routers such as ASR 1013, 1009-X, 1006, 1006-X,1004, 1002-HX, 1002-X, 1001-X routers.
- Created and managed Checkpoint firewall rules
- Implemented IPSec VPNs on ASA firewalls for site-to-site VPN Connectivity.
- Responsible for the global design, engineering and level 3 support of existing network technologies services and the integration of new network technologies/services.
- Installing, configuring and troubleshooting of ACL's and firewall filters on Cisco routers.
- Has experience in working on cloud AWS cloud EC2, S3, RDS, Load Balancer, Auto Scaling with AWS command line interface and AWS python SDK.
- Configuring VLAN, Spanning tree (STP), SNMP on Cisco series switches.
- Design Wi-Fi implementations
- Corrected production Wi-Fi and server problems that would otherwise inhibit the Turn- Around-Time for the product and SLA
- Designed and implemented the Cisco network backbone, Cisco VoIP phone system, Cisco WiFi.
- Surveyed, designed, and activated school and institution WiFi deployments.
- Performed OSPF, EIGRP routing protocols administration and provided redistribution.
- Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series, routers and Cisco 2950, 3500, 5000, 6500 Series switches.
- Configured and deployed VPC for the pair of Nexus 7010 and Nexus 5596, 5548 switches.
- Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox).
- Configured various routing protocols including OSPF (Single Area, Multi Area) BGP, MP-BGP.
- Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
- Involved in Complete LAN/WAN Development which includes IP address planning, designing, installation, configuration, testing, maintenance, troubleshooting etc.
- Experienced in managing and using different security controls (Firewalls, IDS/HIDS, Antivirus, etc.)
- Configured Client VPN technologies including Cisco's VPN client via SSL
- Setting up VLANs and configuring Inter-VLAN, Trunking, STP, PVST, RSTP, Port aggregation & link negotiation on Ethernet channel between switches.
- Manage Cisco Routers and troubleshoot layer 2 and layer 3 technologies for customer escalations.
- Designed, validated and implemented LAN, WLAN & WAN solution to suite client’s needs.
- Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
- Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
- Involved in configuring Juniper SSG-140 and Check point firewall
- Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
- Experience in configuring Vdc, fex pinning, fex port-channel, port-channel, peer keep alive, peer link.
- Upgraded the data center network environment with Cisco ASA 5520. Configured ACL’s on Cisco Switches as well as configured routers as terminal servers
- Experience with setting up IPSEC VPN on Juniper SRX 3600 Firewalls towards the multiple Customer sites as backup path to the datacenter.
- Installed and Implemented Wi-Fi Access Points and Service
- Managed Wi-Fi Access via Group Policy
- Performed Automation testing of access points using Spirent iTest and Python scripting.
- Implementing new/changing existing data networks for various projects as per the requirement.
- Experience in working and designing configurations for VPC, VPC Domian, Vpc peer-gateway, VPC peer-switch, auto-discovery, VPC single sided, VPC double sided, NX-OS, Vfr, Otv, fabric path.
- Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works)
- Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
- Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to GetVPN.
- Write test cases from a variety of documentation types; business requirements, system requirements & design documentation.
- Executes and update test cases.
- Logs and triages defects and test multiple mobile devices across multiple applications.
- Tests & Quality assurance of web client and service level software delivering unified messaging, address contacts and digital media experience to mobile device &webtop subscribers.
- Applies test expertise and experience to craft & execute test plans, conduct negative/exception tests, verification, performance and regression testing of RIA, HTML, AJAX, Mobile Web client, integration services, enablers & platformsf5
- Facilitated the up-gradation of 10G throughout the NLD network.
- Tracked the rearrangement of the channel as per the requirement of the customer.
- Addressed the problem related to DCN network which included Routers & Switches.
- Involved in DWDM ring upgradation & channel upgradation activity.
- Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
- Working with Juniper JUNOS on M and MX series routers
- Reviewing, analyzing, approving and executing all changes in the network. All Configurations of Cisco Routers and Switches.
- Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
- Involved in the modification and removal(wherever necessary) of BGP from the MPLS routers.
- Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
- Working on as security devices ASA, juniper, Palo Alto firewalls, routers, switches.
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
- Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTMs and GTMs
- Responsible for procurement and installation of Hardware, network drives and other IT infrastructure. Documented the design, implementation and troubleshooting procedures with Method of Procedure (MOPS).
- Documented all the work done by using Visio, Excel&MS word
- Implement Cisco IOS Firewall IDS using 2600 series router
- Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
- Configured and debugged policy based routing for special traffic, route filtering with route maps, route redistribution.
- Configured VLAN Trucking 802.1Q, STP, and Port Security on Catalyst 6500 switches.
- Performed OSPF, BGP routing protocol administration.
- Router memory & IOS upgrade with TFTP.
- Network Assessment and Documentation (including technical, operational, and economic assessment)
- Responsible for designing and implementation of customers network infrastructure
- Help negotiate hardware, software, and circuit contracts for customers
- Redesign customers office copper and fiber cable plant for scalability
- Build and maintain Visio documentations for Clients
- Was Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes, and all around technical support.
- Ensured network, system and data availability and integrity through preventative maintenance and upgrade.