SUMMARY

• Over 5+ years of Experience in designing, deploying and troubleshooting enterprise level network infrastructure
• Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL - VPN and Zone Protection.
• Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
• Experience on configuring and troubleshooting HA, Zone Based Security Rules, Routing and NAT on Palo Alto firewalls as per the design requirements.
• Sound knowledge on Panorama, Wildfire and its integration with Palo Alto Firewalls.
• Responsible for Palo Alto and Cisco ASA firewall administration across global locations.
• Profound knowledge in Cisco ASA 5000 series installation, configuration and maintenance.
• Profound knowledge in mitigation of DDoS attacks on Cisco and Palo Alto Firewalls.
• Expertise in Configuring and troubleshooting of STP, RSTP, PVST, RPVST, along with BPDU Guard and BPDU filtering and Port Fast features on Switches.
• Strong working experience on VLANs, VTP, Trunking (802.1q/isl) and Ether channels using Link Aggregation Protocols (LACP/PAgP).
• Configuring and troubleshooting SVI, Inter-VLAN Routing.
• Substantial experience in installing, configuring and troubleshooting Cisco Switches (Nexus 5000, 7000, Catalyst 6500, 6800, 4500, 3500, 3800) and Cisco Routers (7600, 7200, ASR 9000).
• Worked extensively with Juniper EX (2200, 3200, 3300,3400, 4200, 4600, 6200) series switches and MX (MX5, MX9, MX 80, MX240) series routers.
• Experienced in working with Arista 7100, 7150, 7280, 7300 and 7500 series Switches.
• Implemented VSS on Catalyst 4500, 6500 along with VDC and VPC on Nexus 7K, 5K switches.
• Strong experience in upgrading Cisco IOS and Cisco Nexus NX-OS in the Datacenters. Also experienced in working with Arista EOS and Juniper JUNOS.
• Profound knowledge on First Hop Redundancy Protocols like HSRP, VRRP, and GLBP on L2/L3 Switches for HA.
• Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
• Proficient in implementation of filters using Standard and Extended access-lists, Prefix Lists, Distribute Lists, Route Maps and Offset Lists for Route Filtering and Metric Manipulation.
• Configuring and troubleshooting DNS, DHCP over large-scale networks.
• Extensive experience in dealing with vendors for MPLS/DSL installations.
• Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
• Domain Knowledge of various streams like managed services, Data Centers, Disaster Recovery, Remote Infrastructure monitoring and management, Servers, Desktops, End User Products, Storage, Network and Security, Internet access, MPLS, Cloud and Data Center Virtualization (Cisco ACI, Arista).
• Experience in maintaining and troubleshooting L1, L2 and L3 connectivity in the network.
• Expertise in implementing IP Address management and Subnetting (FLSM, VLSM) and NAT concepts on various Network architectural designs.
• Deployed Cisco Wireless 802.1x infrastructure across the enterprise network.
• Expertise in configuring and maintaining Wireless Infrastructure such as Cisco Meraki (MS225, MS250, MS350), Aironet Access Points (2600, 3600, 3700) and Wireless Controllers (8500, 5500, 5700), WLANs, RF Tuning and BYOD management.
• Experience in configuring and managing AAA Architecture using RADIUS, TACACS+ and AD.
• Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, Solar Winds and TCP dump.
• Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
• SME in OSI layer model and TCP/IP.
• Experience in handling and resolving tickets and strong hands-on experience on ticketing tools such as Remedy and Service Now.
• Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.
• Adept in Operating Systems like Linux, Windows Server 2008/2012, Windows OS, Microsoft Hyper-V.
• Excellent problem solving and troubleshooting skills with good communication skills.

TECHNICAL SKILLS

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, WAPs, IEEE 802.11, Domain, DNS, Static, VLAN, STP, 802.1w, VTP, Ether Channel, Trunks

WAN Technologies: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, SONET, MPLS, SDN (ACI) VPN, IPsec-VPN

Wireless Technologies: Cisco WLCs 8510, 5508, 5706, Aironet APs 2600, 3600, 3700, 3800, Cisco Meraki MR16, MR18, MR32, MR42, MR72, Aruba 220, 370 APs, 3600, 7200 WLCs, AirWave

Communication Protocols: TCP/IP, UDP/IP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, SDN, SD-WAN

Routing Protocols: OSPF, EIGRP, BGP, Static routing, Route redistribution, Route filtering, Summarization, MP-BGP

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security, VSS, and CEF

Network Security Technologies: ASA 5550/5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 200, 3000, IDS, and IPS

Firewalls: Cisco ASA 55XX series, Palo Alto 7000, 5000, 3000 series

Network Management: Wireshark, SNMP, TCP dump, Solar Winds, Syslog, NTP, DHCP, TFTP

Load Balancers: F5 Network (Big-IP) LTM 8900 and 6400

Redundancy Protocols: HSRP, GLBP, VRRP

NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards

VPN Technologies: GRE Tunnelling, Remote Access VPN, Site-to-Site VPN

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Operating Systems: Windows (XP, Vista, Windows 7, 8.1, 10), Linux, Hyper-V(ESX, KVM)

PROFESSIONAL EXPERIENCE

Network Engineer

Confidential

Responsibilities:

• Hands on experience with Palo Alto NGFW (3000, 5000, 7000 series) with security and management features such as Security Policies, APP-ID, Anti-Virus, URL filtering, Data filtering, Threat prevention and Log Management.
• Implemented Zone based policies for network segmentation and configured Virtual Routers on Palo Alto Firewalls.
• Experienced in taking in the Firewall Exception Requests (FER) from the users as per the policy in Palo alto Firewalls.
• Responsible for Palo Alto software and firmware upgrades.
• Configured and maintained HA for Palo Alto firewalls and managed the HA pair using PANORAMA.
• Worked with Senior Security Engineer on Firewall configurations and maintenance.
• Implemented Stateful Packet Filtering, ACLs on ASA 5500.
• Configured SSL Remote and IPSec Site-to-Site VPNs.
• Responsible for upgrading and maintenance of Cisco IOS, IOS-XR, NX-OS and Juniper JUNOS platform.
• Configured and maintained Cisco ASR 9000, Catalyst 6500, 4500, 3500 Switches, Nexus 5K Switches and Juniper Ex 3400, 4200, 6200 Switches and Juniper MX 240 routers.
• Provided L2 & L3 network support, Building configurations for Juniper EX 3300 and EX 4200 switches with features like port security, VLANS, VTP, and PVST+. Worked on MX Platform routers.
• Responsible for maintaining and utilization of VLANs, Spanning-tree, VTP of the switched multi-layer backbone with catalyst switches.
• Actively involved in Switching Technology administration including creating and managing Port Security (802.1x), Trunking (802.1q) RPVST+, Inter-VLAN Routing on Cisco Catalyst Switches.
• Enabled RPVST enhancements to speed up the network convergence using Port-fast, Uplink-fast and backbone-fast features.
• Configured First Hop Redundancy Protocols (HSRP and GLBP).
• Responsible for configuring and troubleshooting Routing Protocols (OSPF, BGP) and redistribution between the Routing Protocols.
• Worked on BGP configuration for providing redundant internet connectivity using Prefix Lists, Route Maps and BGP Attributes.
• Monitored network logs using Solar Winds and determined the correct action or escalation path.
• Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Worked with the Network Architect on optimization of network performance by troubleshooting network problems.
• Responsible for survey and maintenance of LAN/WAN, and 802.11 (a, b, g, n, ac) wireless networks.
• Captured packets by configuring span port and analysed using WIRESHARK and TCPDUMP.

Network Security Engineer

Confidential

Responsibilities:

• Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
• Implemented APP-ID, which defines custom applications and comprehensive set of predefined applications to be applied to firewall.
• Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
• Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
• Configured Palo Alto to Wildfire cloud to mitigate Zero day attacks.
• Provided level 2/3 operational support for Process Control networks and Security technologies.
• Responsible for configuring and managing Arista, Cisco switches, including new build configurations, maintaining current configuration and adding new connections/features.
• Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAgP along with troubleshooting of inter-VLAN routing.
• Hands on experience in troubleshooting VPC, Subnets, Routing tables, Internet gateways. Experience in troubleshooting of Layer 2 features (VLAN, STP, RSTP, VRRP, and Ether Channel)
• Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF and BGP.
• DCI implementation between datacenters with BGP-EVPN/VXLAN cross site connectivity.
• Protocols frequently used: - BGP for transit - BGP-EVPN - VXLAN - MPLS/VPLS.
• Configured and implemented enhanced VPC and fabric path between Nexus 5k series switches for reliable datacenter operations.
• Configuring VPN (IPSEC, GRE) in VPN concentrators and QOS in integrated networks.
• Provided design and support for wireless controller/AP solutions for additional client base.
• Installed, configured and maintained Cisco 5706 WLCs and 3600, 3800 series Access Points to provide reliable connection to the users.
• Installed Cisco Wireless LAN Controllers (WLC) with active/standby state controlling more than 100 Access Points.
• Installed and maintained Aruba Wireless APs 220, 370 and Aruba 7200, 3600 series wireless controllers, AirWave Wireless Network Management System and clear pass servers.
• Installed ClearPass policy manager and ClearPass guest access manager to authenticate wireless users.
• Co-ordinated with other team members to implement and maintain network solutions and design documentation.

Network Engineer

Confidential

Responsibilities:

• Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020) firewalls.
• Responsible for writing firewall rules based on applications, users and content.
• Implementing USER-ID on Palo Alto firewall, which identifies supported IP-to-USER mapping strategies.
• Configured and installed the Firewall pair in High Availability mode as Active/standby and managed through the management port.
• Integrated Cisco ASA with ACS Server for TACACS+ and RADIUS Authentication.
• Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
• Configured Client-to-Site VPN on Cisco ASA firewalls.
• Responsible for Cisco ASA firewall administration, Rule Analysis and Rule Modification.
• Experience with manipulating various BGP attributes such as Local Preference, MED, and Extended Communities.
• Configured and maintained EIGRP, OSPF and redistribution between these Routing Protocols in LAN/WAN infrastructure.
• Enabled Route Filtering and Metric Manipulation in EIGRP.
• Experienced in Configuring and troubleshooting areas, stubby areas in OSPF implementation.
• Configured security policies including NAT/PAT, Route-maps, Prefix lists and Access Control Lists.
• Configured redundancy protocols like HSRP, VRRP and GLBP.
• Configured Switching tasks such as VTP, VLANs, ISL/802.1q Trunking, Ether Channel, STP and RSTP.
• Implemented advanced STP security features such as BPDU Guard/BPDU Filter with Port Fast enabled on edge ports.
• Configured 802.1x port based authentication on Cisco Switch to TACACS+ server communication.
• Analysed packets using NMAP and Wireshark.
• Worked on Linux and Windows Platforms and involved in planning of Network Maintenance.
• Implemented and configured SNMP, Syslog and traps on Cisco routers for network management.
• Worked in upgrading of the IOS Version of the Routers & Switches using the TFTP Server.
• Co-ordinated with other team members to implement and maintain network solutions and design documentation.