- 7 years’ experience as a Senior Network/Security Engineer responsible for designing, integration, implementation and support of LAN, WAN, F5 and Citrix load balancers, Cisco and Aruba Wireless, ACS, NAC, ISE, Call manager VOIP, SDN, SD - WAN, ASAs, Palo Alto Firewalls, Cisco Firepower and Network Security, Designing, implementing and operating of enterprise data networks as Network Security Administrator.
- Involved in switching tasks include VTP, ISL/ 802.1q, IP sec and, VLANs, Ether channel, trunking, GRE tunneling, Port security, STP and RSTP.
- Hands on experience with BIG-IP environment utilizing two or more of the following: GTM, LTM, APM or ASM.
- Wide understanding of Voice Telephony Platforms from PBX, ACD to VOIP, Contact Center Environment.
- Practiced 51 different ASA and Firepower Next Generation Firepower Threat Defence with IPS, IDS, AMP and URL filtering such as 5508-X,5516-X,5525-X,5545-X, 2100 and 4100 series as well in FMC.
- Engaged in designing and building SDN Data Center environment, including Cisco ACI.
- Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
- Trained with Cisco Meraki wireless managed network infrastructure.
- Vast knowledge in routing protocols like EIGRP, OSPF, RIP, BGP and MPLS/VPN.
- Familiar with AWS integration to on premise datacenter utilizing VPN.
- Worked on Cisco 6500, 7200VXR, 12000 series Router and Cisco 4500, 6509, 7613 series switches.
- Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
- Experienced in troubleshooting both connectivity issues and hardware problems on Cisco based networks.
- Master in Wireless LAN Controller's, Cisco Meraki, Cisco AP's, Standalone AP's and Mesh AP's.
- Experience with server hardware like Cisco: UCS B-series, C-series, M-series, UCS Mini, and Fiber interconnects.
- Expertise in the Cisco DNA Voucher Operations Program as a DNA Mentor to provide mentoring service to sales eligible Cisco Partners.
- Performed TUFIN and Firemon for pushing firewall policies and monitoring the logs.
- Experience with AWS and Azure Security Architecture.
- Participated in configuring, monitoring and troubleshooting Cisco's PIX, firewall, ASA, routers and switches.
- Configured HSRP on Nexus7K's and C6500 series switches.
- Wide experience with QoS, OSPF, BGP, ATM, T1-T3 and Frame-Relay.
- Appropriate knowledge of OS such as Microsoft XP/Vista/7, UNIX, & Linux.
- Network analysis and capacity planning experience using tools like Sniffer, Wireshark, Nmap, MRTG, BandwidthD, Cacti, Nagios etc.
- Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
- Hands on F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.
- Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
- Appropriate knowledge of Python language.
- Hands on Experience with Fortigate 1000C, 3600C, 1000D, 3800D Firewalls and Fortimanager4000 E, Fortimanager 3900E, Fortimanager 3000C & Fortimanager 1000D.
- Engaged in all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
- Hands on experience in configuring and supporting site-to-site and remote access server, IPSec, VPN solutions using ASA/PIX firewalls, Cisco and VPN client.
- Experience in site to site VPN configurations using Cisco ASA 5500 series firewalls
- Huge knowledge of Checkpoint and Cisco ASA firewall administration across global networks.
- Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
- Involved in implementation traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
- Adventured BlueCoat Proxy SG for Content filtering and URL filtering.
- Hands on network topological and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, and Switches.
- Expertise in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
- Master in configuring, implementing and troubleshooting F5 load balancer in the enterprise network
- Effective customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
PROTOCOLS: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, TACACS+, RADIUS, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, Kerberos, L2F, L2TP, PPP, Frame Relay, SD-WAN, ATM, Sonnet, Fast/Gig Ethernet, HSRP, Token Ring, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL),VRRP, HSRP, DNS (BIND, DJBDNS, Infoblox), CARP, SNMP, (BGP, OSPF, EIGRP, IGRP, IGMP, RIP), Routed Protocol TCP/IP, Multicasting (PIM).
NETWORK MONITORING Tools: HP OpenView, Netscout, Ethereal, Riverbed, Netcat, Sniffer, Snort& Snortsnarf, MRTG.
OPerating Systems: Microsoft XP/Vista/7, UNIX, & Linux.
SSL Security Technologies: Cisco FWSM/PIX/ASDM, Nokia Checkpoint NG, Juniper SRX, 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200.
ROUTERS: Cisco GSR 12416, 12418, 7200vxr, 3640,3600, Linux, UNIX, DOS, Windows XP/2007/8, Windows 2003 server and Windows 2008 server
SWITCHES: Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500, 2900, 3500, 4000, 4500, 5000, 5800, 6500, Nexus 2k, 3k, 5kand 7k, MSFC, MSFC2.
VOIP: SIP H.323, MGCP, TDM, SS7, Avaya Voice gateways.
LAN/WAN TECHNOLOGIES: T1, DS3, OC3, SONNET, MPLS, DSU/CSU, Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3, MPLS
NETWORK EQUIPMENT: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation)
VPN Technologies: GRE Tunneling, Site-to-Site VPN, SSL VPN
HARDWARE PLATFORM: Cisco Routers, Ethernet Switches, F5 LTM, GTM
- Configure IPsec and SSL VPN with Palo-alto, Cisco ASA, Fortinet, Checkpoint and Router.
- Served as the PKI administrator for machine-based certificates including SSL server.
- Configure, Manage, Analyze, and Optimize Network Performance, Traffic, SD-WAN, VPNs, Security, Firewalls, & Policies.
- Configured AAA server (Radius and TACACS+) for authentication and authorization for all remote VPN users.
- Monitored the network logs using FIREMON and TUFIN.
- Experience in integrating identity federation with Cloud (SaaS) SAML based applications using F5 APM.
- Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM and ASM. Worked on software versions including 9.2, 11.4.1, 11.5.3.
- Created automated scripts using Python language and manual testing to enhance hardware performance.
- Experience in Cisco Routing and Switching using 3600, 3700, 3800, 5300, 6500, 7200, 7600Nexus 7k, Nexus 5k, Nexus 2k& ASR 9000, 1000 series routers, Meraki products.
- Following up the transmission project solution (Servers DB Hitless protection solution, BB IPMPLS, Ethernet Traffic protection)
- Support over two hundred Cisco Firewalls Cisco ASA 5500, Series 5500 - X, and Cisco Next-Generation Firepower 4100 Series security appliances in standalone and high availability configurations.
- Trouble shooting skills and experience in handling Confidential PBX switches. Racking and stacking of the network equipment like switches and cabling them.
- Built the Cisco UCS hardware with 8 Blades on each Chassis with 5 different environments in 2 Data Centers with Active & Active configurations.
- Replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production.
- IPT migration from PBX to VOIP.
- Managing the monitoring, maintenance, repair, service and MAC activities for PBX and voice processing systems.
- Understand customer requirements for wireless networks and explain how Cisco Meraki will integrate with current infrastructure, as well as service future needs.
- Expertise in Cisco ACI, NX-OS and IOS, other SDN products Tiered Domains, QoS, Data center network design, cloud infrastructure design and management, OSPF, BGP,EIGRP VLAN Trunking.
- Technology Used: Routing, Switching, Firewalls, VPN Tunnels, GRE, STP, HSRP, SNMP, VLANS, & BGP.
- Implemented new networks and changes to existing networks on the AvayaS8700/G650 Gateways.
- Continually upgraded Meraki security devices as all store locations and kept current firmware, verified Meraki was upgraded, both circuits were functioning through the Meraki and wireless clients were using the Meraki appliances.
- Designed and configured the UCS profiles and templates for multiple environments.
- Features, Placing, Transferring, Conferencing & voice messaging services.
- Designed, implemented and integration of Cisco Firepower firewall for perimeter connectivity.
- Designed and delivered secure cloud solutions for some of the Major organizations on AWS Cloud.
- Performed VOIP CER/CUC/CUCM Base Configurations; Pre-Migration tasks including IOS Upgrades prior to UC 8.6 to 10.5 upgrades.
- Implementation of Firepower management center in the Datacenter and integrating client firewalls.
- Accessing Avaya IP Office Switch Extracting Call Routing, Dial Plan, Incoming/Outgoing Trunks, etc. in preparation for the migration.
- Troubleshooting firewall rules in Cisco ASA, Checkpoint, Zscaler.
- Worked in for the NextGen Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K .
- Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
- Experience with Cisco DNA solutions ISE, NGFW, Prime, ESA, WSA, VPN and CWS implementations
- Building networking racks and installing equipment in accordance with given schematics, such as HP switches, frontier firewalls, rack safes, PDU's, etc.
- Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions.
- Installed, configured IOS voice gateways running SIP, MGCP, H323 protocols.
- Strong production experience in managing F5 BIG-IP APM and LTM.
- Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
- Supporting Cisco UCS partners, Nexus data center cloud computing platforms and virtualized environments.
- Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor). Analyze Logs and make necessary network reports using Smart Reporter console application.
- Using Algosec for the audit of the rules on the firewall and Enhance existing change management system with intelligent network and security automation.
- Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4
- DNS net names and IP management using Men and Mice.
- Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
- Join troubleshooting calls to provide visibility to the traffic or data flow.
- Worked with the DCM security team to review list of IP addresses in-scope for migration and record findings.
- Performed Site surveys, Contact Center audits, VOIP readiness assessments for customer deployments.
- Cisco Customer Voice Portal CVP Scripting.
- Executed training / Bootcamps to Cisco partners for the design, installation, configuration, and successful demo of Cisco DNA solutions that include SD-Access (SDA) (which includes Identity Services Engine (ISE)), DNA Center (DNAC), Network Data Platform (NDP) or Assurance.
- Analysis of Offenses created based on vulnerability management tools such as: Rapid7
- Assisted with providing requirements for implementing SD-WAN across an enterprise.
- Created systems architecture diagrams to implement SD-WAN.
- Researched SD-WAN technology and coordinated meetings with all qualified SD-WAN vendors.
- Conducted POCs from start to finish on several Fortinet platforms including Fortinet's Secure
- Fostered partner relationships to strengthen Fortinet's foothold as a premier network security vendor in the market.
- Function as part of a Firewall and Security team in support of Checkpoint Firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP, and Active Directory.
- Consult with Customer’s to assess network readiness for VOIP.
- Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
- Supported a Large F5 application delivery (LTM, GTM, ASM, APM) infrastructure of about one hundred nodes.
- Using Smart Update, User Management and Authentication in Checkpoint Firewall.
- Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
- Worked on Cisco DNA Center and Cisco ISE.
- Configured and Deployed 18 Firepower Threat defense with IPS, IDS, AMP and URL filtering and integrated with Firepower Management Center FMC for 5516-X,5545-X,2100 and 4100 series.
- Advanced call manager to the standard version and updated system to support the VOIP enforcement.
- Designed physical layouts and configuration of network components that are connected to the existing Avaya system.
- Worked extensively with multiple wireless hardware vendors including Cisco, Cisco Meraki.
- Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies.
- Meraki sites implementation with Cisco ISE, manual profile policy.
- Hands on experience on all software blades of checkpoint firewall.
- Completed project to evaluate Cisco Next-Generation Firepower 4100 Series security appliances for both the virtual Firepower Threat Detection and the Virtual ASA modules to increase security in a production environment.
- Configuring PBX on Confidential ASA and adding coverage paths and more features like EC500 as requested by the users.
- Working Routing Requests from Business Units updating changes to the Call Routing Vectors, VDNs and Announcements database in Avaya Switch.
- Migrated remote offices from legacy PBX’s to Cisco VoIP telephone system.
- Configuring and troubleshooting issues on Voice gateways and VXML Gateways.
- Administrate NetScaler 9.5/10.5/11.0/11.1 for Access Gateway along with SSLVPN, Gateway load balancing, SSL certificates Management and GSLB Configuration.
- Palo Alto firewall troubleshooting and configuring policy based on change request, allowing/denying communication between different segments of the network based on requested ports.
- Optimize Meraki setup and troubleshoot, tier 2 and tier 3, redesign and implementation.
- Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access thru Zscaler.
- Supporting deployment of SD-WAN MPLS implementation via Viptela vEdge devices.
- Generating the FireFlow tickets for the rules for which Connection ID already provided and RISK rating the rules.
- Worked with Cisco, Palo Alto, Juniper, Splunk, Force point, Nessus, Stealth watch, Checkpoint, Zscaler and other vendors to provide a stable, high-speed, secure network.
- Handled SRST, Voice Routing Protocols, QoS and Voice Gateways and even maintained network engineering framework.
- Worked with TUFIN and Firemon for pushing firewall policies and monitoring the logs.
- Experience with F5 BIG-IP local traffic manager for performing load balancing across servers in a single data center
- Fortinet, Palo - alto, Cisco ASA, F5 (LTM).
- Implemented Positive Enforcement Model with the help of Palo Alto Networks.
- Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform during new data center migration from Citrix NetScaler 9.3 and Cisco ACE 4100x/4700; including implementing, configuring, and integrating F5 BIG IP GTM, LTM, APM, ASM, iRules, DNS-SEC, DNS ANYCAST, IPv6, SSL, LTS 1.2, and HA vCMP provisioning.
- Migrate, Upgrade and Patch Management of Cisco ASA, Checkpoint, Palo Alto and Fortinet Firewalls.
- Worked with Nexus 9k (standalone and ACI) ASRs, N5K/2k, N7K, ASAs, UCS, ACS, ACI, VMware.
- Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
- Knowledge and experience BGP, OSPF, ISIS, IPMPLS, QoS, IPv6, Multicast related areas.
- Knowledge of Juniper environment including SRX/Junos Space.
- Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's
- Engineered traffic management solutions, including designing, low level engineering for F5 LTM, GTM, ASM, APM environment.
- Configured Cisco Unified Communications Manager media resources, features and voicemail integration.
- Performed F5 appliance (LTM, GTM, APM, and ASM) maintenance and system upgrades including hot fixes and security configurations.
- Reviewed and demoed all qualified SD-WAN solutions in a lab environment.
- Wrote a test plans for the selected SD-WAN solutions.
- Worked on configuration of policies on Zscaler Proxy servers. Worked on configuring Pzens in Cloud and in internet DMZ in each data center.
- Provided a proof of concept/pilot for selected SD-WAN solutions.
- Engineering lead for ITB/TSTU SDN research and development initiative.
- Provided research for implementing zero touch provisioning, configuration management, and cloud orchestration tools.
- Provided lab testing and proof of concepts for SDN products.
- Maintaining Users and Groups as well as Creation of new Users and Policies. Deployed and manage security controls such as DLP, IPS/HIPS, web content filtering.
- Advanced knowledge in TCP/IP suite, security architecture and routing protocols: OSPF, BGP, & EIGRP, IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
- Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
- Provided technical support for voice recording and CVP applications.
- Investigation of internal alerts & Performed payload analysis of packets using Wireshark.
- Analyzed the flow of packets for LAN and Wi-Fi interface on the computer using Wireshark. Analyzed DHCP, DNS, and ICMPv6 and TCP protocol packets.
- Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
- Hands on experience in creating the policies (vulnerability, anti-virus, wildfire etc.) database revision controls, upgrade export and import, snapshot procedure on regular basis.
- Successfully installed Palo Alto PA-3060 firewalls to protects Data Centre and provided L3 support for routers/switches/firewalls
- Good knowledge on Juniper SRX240, SRX220 and SRX550 series Firewalls.
- Responsible for designing and implementation of customer’s network and Security infrastructure.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
- Configuring routers, switches, WLC, Access Points, BlueCoat Proxy Server, Cisco ASAs, etc.
- Configured Routing protocols such as RIP, OSPF, EIGRP, MPLS static routing and policy base routing.
- Log analysis using Checkpoint Smart view tracker and SPLUNK.
- Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
- Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
- Involved in Troubleshooting of DHCP and other IP conflict problems.
- Performed Switching Technology Administration including VLANs, inter-VLAN Routing, Trunking, STP, RSTP and Port Aggregation & Link Negotiation.
- Assist in redesigning the campus LAN, routing protocol, IP telephony, enterprise edge, IP addressing scheme for client.
- Lead the installation and configuration of corporate wide rollout of the Cisco Catalyst 3550, 3560, 3750, switches including VLAN configuration, VTP, 802.1q Trunking, Spanning-Tree protocol, Ether Channel, & FHRPs such as HSRP & GLBP.
- Provide technical expertise in troubleshooting of IP routing protocols including OSPF, EIGRP, BGP, & route redistribution.
- Install, configure, maintain, & manage network security processes of ASA 5505 Firewalls from the CLI.
- Monitor device activities & LAN/WAN (Frame Relay &MPLS) utilizing Cisco Works, SNMP; coordinate new circuit installations.
- Diagnose & resolve complex layer 1, 2 & 3 connectivity using Wireshark analyzer & recommend solution for better performance.
- Document troubleshooting progress, configuration changes, problem resolution, and the physical & logical topology to support future troubleshooting tasks.
- Develop standard operating procedure (SOP) documentation.
- Upgrade Cisco Routers and Switches IOS using TFTP.
- Configured and supported multiple remote site installations.
- Migrated network from full mesh frame relay to Point-Point T1 on larger sites and implemented IPsec VPN on smaller sites.
- Analyze expanding network, ran fiber, and implemented wireless communication.
- Ensure thorough network documentation, including maintaining each account's network matrix, backup configurations and network diagrams.
- VPN (Cisco Universal Remote Access) troubleshooting Support and provisioning.
- Deploy multilink PPP over two T1s for simple, reliable service for remote branch office.
- Administer and maintain Windows 2008 Active Directory Forest (files services, directory structures, group policies, and security).
- Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
- Configured Mail Server, DNS Server, Web Server, Bandwidth Manager etc.
- Worked on the design and architecture team with creating network design, IP space allocation, procuring PO's for devices associated with the network infrastructure performed virtual lab-based testing of network before deployment and implementation.
- Developed ACI (Cisco Application Centric Infrastructure) based Cisco Validated Designs for Enterprises and Service Providers to transform Traditional 3 Layer Architecture to ACI based (Spine, Leaf and APIC) Architecture
- Configure switch ports connecting to the WAN and LAN networks with separate subnets and VLAN's
- Configure the Static IP routes
- Checkpoint, Cisco ASA, Fortinet and Palo Alto installation, upgrade, Monitoring and patch management.
- Experience with Cloud Networks and migration projects in AWS and Azure Automation using Ansible.
- Good knowledge of Tunneling Protocols (IPSEC/GRE).
- Installation, deployment, Analysis and troubleshooting of Firewall Technologies i.e. Checkpoint,
- Troubleshooting with field technicians on access points, Small cell switches issues and backhaul connectivity issues with ISP.
- Configuring AAA for Cisco Routers and Switches using TACACS+.
- Used Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption.
- Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
- Negotiate VPN tunnels using IPsec encryption standards and configured and implemented site to site VPN and remote VPN.
- Configured policy-based routing for specific traffic, route filtering with route maps and route redistribution.
- Configured and troubleshoot default route and implemented DNS, DHCP, SNMP and FTP.
- Responsible for service request tickets generated by the helpdesk in all phase such as troubleshooting, maintenance, upgrades, patches, fixes.