- Around 5 years of experienced professional in IP networking, implementing, maintaining, routing protocols, optimizing and maintaining enterprise data network.
- Cisco Certified Network Professional (CCNP - CSCO13059673) Routing and Switching.
- Palo Alto Networks Certified Network Security Engineer- PCNSE -(JX6Z7CEK224Q1E35).
- AlgoSec Security Administrator (CASA)- AAFADM02L0KOH180124.
- Excellent in troubleshooting connectivity and hardware issues on Cisco Switches, Routers, firewalls.
- Experienced working and configuring Cisco routers and L2/L3 Switches and good understanding of IP Sub netting.
- Knowledge in maintaining, configuring servers and implementing security protocols.
- Expertise in configuring switches and routers with protocols such as OSPF, EIGRP, BGP, HSRP, GLBP, STP, TRUNKING, VPN, VDC.
- Experience working with Bluecoat Proxy, IPS/ IDS.
- Configured and maintained Cisco Catalyst Switches 6500,4500,3500,2900 series, Cisco Nexus Switches 7K/5K.
- Proficient in LAN/WAN routing, switching, application load balancing and wireless.
- Creating VLAN's to isolate different departments.
- Policy development, planning, programming on IT security, Network administration and providing support.
- Responsible for Cisco ASA Firewall, Cisco Sourcefire Administration.
- Installing, Configuring, Maintaining, Administration of Cisco, Checkpoint R75 Firewall.
- Provided Excellent IT security by building Cisco ASA firewalls.
- Experience in Load Balancing with F5 LTM and GTM products.
- Knowledge about configuring various network services like DNS, DHCP and NAT Implementations with Cisco devices.
- Maintained BGP, DNS, OSPF, LACP, 802.1Q, 802.1x, NAC, MPLS, TCP/IP, IPv4, Ethernet, WAN technologies, VPN tunneling.
- Set up and troubleshoot secured wireless access points (WAP) and wireless LAN controller (WLC) across the Corporate Network.
- Configuration of Aruba WAP’s which includes AP-225, AP335, Aruba WLC 7200 and 7210 series.
- Implementing and Configuring Ether channels with LACP and PAGP.
- Experience in maintaining Disaster recovery and backups of configurations for quickly resolving issues.
- DNS, DHCP, NAT configurations on Cisco Devices.
- Experience about L2/L3 switching, L2/L3 QOS, IPSec, MPLS, Ethernet, Voice and data integration.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Providing flexible off hour support especially during upgrades and maintenance.
- Administrating windows server’s infrastructure which include Domain Controllers, File Transfer etc.
Operating systems: Windows XP/7/8, LINUX, UNIX.
Routers and Switches: Cisco 2800/ 3600/ 4400/ 3700/ 3800/ 3900/ 7600 , ASR 9K, XRJuniper M320. Cisco Catalyst 1440/ 6513/ 6509/ 4900/ 2960/ 3500/ 4500. HPE
Firewalls and Security: Checkpoint, Cisco ASA, PA-2k, PA-3k, PA-5k, FortiGate, NAT, ACL. Juniper SRX.
Networking Protocols: EIGRP, OSPF, BGP, MPLS, RIP, HSRP, GLBP, STP, RSTP, PVSTP, VTP, ARP, VLAN, DNS, SMTP, SNMP, FTP, LDP/TDP, WLAN 802.11/802.11 e, CDMA, WEP.
LAN/WAN technologies: Ethernet, Fast Ethernet, Gigabit, STP, RSTP, PVST, Workgroup, Domain, HSRP, Frame Relay, ISDN, PPP, PAP, CHAP, HDLCATM, MPLS, Leased Lines, Cable modem.
Network Tools: Solar Winds, Lancope, Wireshark, Microsoft SSCM, Opnet, Nmap, MS office, MS Visio, Ethereal, Packet Tracer, PRTG Packet Sniffer, VirusTotal, IP void, Sucuricheck.
Wi-Fi and Wireless: Aruba, CISCO 1532e/ 2 / 2702/ 1200 series Access Points, Canopy Wireless Device (point to point/multi point), Linksys Wi-Fi/ Wireless Router.
Load Balancers: F5 BIG-IP LTM/GTM 1600,3900,4200,8950,6900 Series.
Additional Skills: CSU/DSU Troubleshooting, Private Line, ATM, IP addressing, IP subnetting, CCNA, PAT, SevOne, NetExpert, IPSec Based VPN, IPSec over GRE Tunnels, VoIP, DNS, ADS, McAfee Web gateway, Packet level troubleshooting using sniffer tools, Infoblox, NetQoS, Websense, Fortigate, HP OpenView.
Confidential, Los Angeles, CA
- Regular work includes LAN refreshments, Data center visits, troubleshooting connectivity issues, RMA network devices, Multiple projects which include migrations, inventory, decommissioning network devices.
- Configured and updated Route-map’s, Prefix-lists and added them to respective VRF as per requirement.
- Configured IPTV Multicasting, VRF’s, Routes on cisco switches and Palo Alto firewalls at multicasting site.
- Code upgrade on Cisco 2980, 3850, 9300, 9500 stack switches.
- Replaced legacy Cisco switches with latest models for high performance as part of LAN refreshments.
- Added IP SLA configurations on Cisco core switches to route traffic to redundant VPN link from MPLS.
- Updated configurations on Cisco and HPE switches to provide only local admin access as part of site handover.
- Configured switchports, VLAN’s, VRF’s, BGP for newly established Point-to-Point link between two data centers for Postproduction works on Arista Switches.
- Prepared updated switchports and firewalls for new ISP circuit deployments.
- Injected routes into existing BGP configuration as per requirement.
- Updated SNMP V2, V3 on multiple devices and added them to ScienceLogic monitoring tool.
- Configured Bridge-aggregation on HPE switches for server deployments.
- Upgraded Internet circuits for higher bandwidth at respective offices by configuring core switches and firewalls.
- Configured switches to provide internet connectivity to users as part of events hosted at studios.
- Updated port-security on respective switchports to restrict access to specific devices as requested.
- Migrated vendor IPSec VPN tunnels from existing Juniper SRX firewall to Palo Alto firewalls as part migration projects.
- Added routes and updated interface configurations on Juniper SRX firewalls as required.
- Updated policies, NAT rules, Zones on Palo Alto firewalls and pushed through Panorama.
- Configured and deployed new pair of Palo Alto firewalls for new office sites as required.
- Troubleshooted issues related to Palo Alto firewall and Panorama connectivity.
- Added new Palo Alto firewalls to Panorama with separate Device group created and pushed respective templates to new devices.
- Updated BGP export/import rules to advertise subnets between two different environments as required.
- Configured IPSec tunnels from remotes sites to Internet firewalls by creating respective IKE gateways, IPSec Crypto, IKE Cryptos.
- Created Templates and updated global policies based on sites and pushed to respective pair of palo alto firewalls
- Performed code upgrades on Palo Alto firewalls whenever newer version is released.
- Configured pair of Palo Alto firewalls for Game supports and deployed them with Kits used for game support.
- Configured Cisco Switches and Palo Alto firewall for remote VPN sites.
- Replaced faulty Enterprise Manager and scheduled it to take auto backups of all F5 LTM/GTM which are in existing environment.
- Upgraded code on Enterprise Manager to latest version with hotfix.
- Applied TCPDUMP on F5 LTM’s to capture client IP’s which hits respective VIP’s.
- Updated Cipher suites on F5 LTM SSL profiles as part of security vulnerability projects.
- PrepareinventoryforallexistingF5LTM/GTMenvironmentincluding software/hardware versions, physical connectivity.
- Created Route Domains, Nodes, Pools, SSL profiles, Virtual Server’s, Health Monitors in F5 LTM as required.
- Deleted unused VIP configuration from F5 LTM’s as requested by respective application teams.
- Configured Riverbed devices to optimize in and out traffic based on respective service ports by updating rules.
- Effectively worked on Riverbed’s as part of legacy Riverbed decommission projects at respective sites.
- Added new Riverbed appliance to Riverbed CMC for newly established site.
- Configured AP (Access Point) groups with respective attributes on Aruba controllers based on Geo locations.
- Added new networks for monitoring and pulled reports for Clients, Access points through Aruba Airwave at requested sites.
- Generated heatmaps on Aruba Airwave for respective sites which helps to deploy new Access Points.
- Configured new Access Points and added them to respective AP groups for sites as requested.
- Created new containers and subnets in Infoblox IPAM whenever a new site has been established.
- Reserved IP’s for respective servers and created host records, PTR records, NS records as required.
- Created new Device Groups, Authentication Methods, User Role Mappings on Aruba ClearPass as required.
- Monitored and Troubleshooted authentication issues through Aruba ClearPass.
- Created respective User Profiles on ClearPass to provide respective privilege level access based on roles.
- Added new devices to SolarWinds Orion as required based on Geographical location.
Environment: Cisco: Catalyst 3850 stack, 3750 stack, 3860X, 2921, 2960, 4948, 4331 ISR router, Cat9300, ASR 1002 router, Nexus 2K, 5K 5548, 7K 7004, ASA-5545. Arista DCS-7020TR, DCS- 7280SR. HP 5500, 5900, 3810, 2530. Aruba 650-US, 7005, 7210. Juniper SRS 220, 240, 6501400, 3600, 5800, 5GT, NetScreen 50, SSG140. Palo Alto 500, 2020, 3020, 3060, 5050, 50605200, PAN M100. F5 LTM BIGIP 1600, 2000, VPR C2400, 3600, 3900, 6900. GTM-BIGIP 2000EM 4000. ClearPass Policy Manager C2000V. Riverbed 550H, CX5055H, 5520, 5050M, CX3070H, EX1260H, 5050H, EX1160H. CMC model 1000.
Confidential, Littleton, CO
- Day-to-Day activities include working on issues related to Firewalls, F5 Load balancers, Routing and Switching and involving in Service Improvement Plan's (SIP's) to make stable environment.
- Excellent troubleshooting skills on issues related to Palo Alto, Checkpoint, Fortigate, Cisco ASA firewalls, Cisco Routers and Switches, F5 LTM and GTM.
- Setting up Enterprise Manager for automatically backing up configurations from F5 LTM's.
- Configuring Virtual servers, Pools, Nodes as requested.
- Hands on experience on working with SSL off-loading on F5 LTM's. Updating certificate bundles as requested.
- Upgrading F5 load balancers to new standard code level TMOS 11.6.1 HF2 to mitigate security vulnerabilities.
- Configuring iRules on F5 LTM's as requested to divert URL, URI traffic to respective pools.
- Modifying HA group configurations and setting up priority group activation on pools and nodes.
- Upgrading Checkpoint code from R7 .30 to comply with the support contract with Checkpoint. This will also resolve some security vulnerabilities and bugs known with R75.40.
- Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
- Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Exposure to wildfire feature of Palo Alto.
- Activating DMVPN tunnels on Cisco routers to provide required connectivity to new office setup at different locations at APAC, EMEA and AMER regions.
- Installing certificates on Cisco ASA firewalls for PKI infrastructure for 2 factor authentications.
- Setting up new Checkpoint firewalls physically and Patching of firewall interfaces to core switch (Cisco 4500) with configuring VRF on Cisco Switches.
- Upgrading NX-OS Code (Nexus 5596) to new standard code which are used as core switches at one of datacenters.
- Configuring Firewall rules on Checkpoint firewalls to make necessary websites publicly available through internet.
- Hands on experience in upgrading Fortigate Firmware versions from 5.0.14(OS) 323(build) to 5.2.8(OS).
- Updating Fortigate firewall rules and enable URL filtering, Web filter profiles to provide access to only specific websites as FortiGate’s are used as browsing firewalls at all offices at different locations.
- 24/7 On call production support to resolve issues related to different data centers and offices ASAP.
- Configuring A records, PTR records, C records and DNS related requests on IPAM.
- Excellent skills in configuring VSS in data center environment Cisco 4500 switches.
Environment: F5: LTM (6900, 1600, 3900, 4200), GTM, Enterprise Manager, PA-2k, PA-3k, PA- 5k,CheckpointR77.30,R75.40,R65 (3077, 5077, 4400, 1073, 12600), Fortigate 100D's, 1500D's, 3950B's, 600C's, 80C's. Cisco Nexus 5596, 3048, Cisco Switches: 3750, 4500, 38506509, 2950, 4507, 4948. Cisco-ASA: 5510, 5520, 5525. Infoblox DNS:1420, IPAM.
- Complete LAN and WAN development which include IP addressing, planning, designing, implementing, configuring, testing, troubleshooting, maintenance etc.
- Working on Cisco 3750/ 3850 switches and Cisco 3900, Cisco ASR 1000 routers to new sites and implementing wireless access points.
- Experience in configuring Cisco switches 4500, 6500 used in multi VLAN environments with the use of HSRP, Ether Channel.
- Involved in Switching Technology Administration including creating and managing VLAN's, Port security, Trunking, STP.
- Configured BPDU Guard, uplink fast, port-fast and other STP features.
- Excellent hands-on experience in Profiling, creating policy sets and monitoring on Cisco ISE 3395.
- Existing Switches replaced with 2960 switches for on demand users.
- As per Data Center fabric remediation/refresh project, deployed Cisco Nexus switches and implemented features like FEX Links, VPC and VDC.
- Experience with the Firewall Administration, Rule Analysis and Modification.
- Responsible for Cisco ASA 5500 firewall administration across our global networks.
- Configuring and maintaining Access lists (ACL) on Cisco ASA firewall for proper network routing.
- Troubleshooting user connectivity issues and clustering issues by using CLI utilities.
- Implementing the firewall rules using Juniper Netscreen Manager (NSM).
- Configuring VLAN's, Routing, NATing with firewalls as per the requirement in design.
- Experience in managing and supporting various teams to add new routers, switches, firewalls to DMZs.
- Troubleshoot the network issues onsite and remotely depending on the issues which are raised in remedy tool.