Siva S
Sr. Palo Alto Network Engineer
Email id: ****.*********@*****.***
Ph No: 908-***-****
Professional Summary:
7+ years of professional experience in Network Planning, Implementing, Configuring, Troubleshooting and Testing of networking system on both Cisco and Juniper Networks.
Experience with the escalation problems for Routing, Switching and WAN connectivity issues using ticketing system remedy.
Experience of routing protocols like EIGRP, OSPF, RIP, and BGP. Worked on Cisco 7200, 3800, 3600, 2800, 2600, 1800 series Routers and Cisco 2900, 3500,3550, pix 515-525, 4500, 5500 series switches.
Extensive hands-on experience with complex routed LAN and WAN networks, routers and switches.
Hands-on experience and configuration in setting up Cisco routers to perform functions at the Access, Distribution, and Core layers.
Experience with BIG-IP F5 load balancers, version 9.x, 10.x, 11.x, Citrix NetScaler and Web Accelerators. Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
Worked on Load Balancer F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability. Experience working on Palo Alto Firewalls.
Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, IPSEC, SSL, VPN, IPS/IDS. Network monitoring and debugging tools: SevOne, NetScout, and Wireshark.
Good understanding of NAT & Firewall on Aruba Controllers. Worked on various network projects involving Cisco Routers- ASR 1000/9000, Switches-Nexus 7K/5K/2K.
Enhanced level of experience with OSPF, BGP and TCP/IP. Hands-on experience in using network monitoring tool SolarWinds Orion. Build UCS manager policy-based provisioning, automation and management to high density, high performance computing.
Worked extensively on Juniper MX Series Routers and EX series Switches. Strong knowledge in HSRP, VRRP redundancy Protocols. Strong experience on Juniper SSG series Firewalls and Checkpoint R75, R76 Firewalls.
Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center. Access control server configuration for RADIUS & TACAS+.
Knowledge of Experience with 802.11x wireless technology and Juniper SRX 240 Firewalls. Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Lab & Production Environments.
Hands-on Experience with CISCO Nexus 9000, Nexus 7000, Nexus 5000, and Nexus 2000 platforms. Experience with configuring Nexus 2000 Fabric Extender (FEX), which acts as a remote line card (module) for the Nexus 5000.
Technical Skills:
Cisco Platforms
Nexus 9K,7K, 5K, 2K & 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series),
Juniper Platforms
SRX, MX, EX Series Routers and Switches
Networking Concepts
Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi
Firewall
Cisco ASA Firewall (5505/5510), Checkpoint, Cisco ASA, Palo Alto, Juniper SRX
Network Tools
Solar Winds, SNMP, Cisco Works, Wireshark
Load Balancers
Cisco CSM, F5 Networks (Big-IP), LTM and GTM.
WAN technologies
Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit, Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q
Security Protocols
IKE, IPSEC, SSL-VPN
Networking Protocols
RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6
Operating System
Windows 7/XP, Windows Server 2008/2003, Linux, Unix
Professional Experience:
Principal Financial Group, Des Moines, IA Feb’16 – Present
Sr. Network Engineer
Responsibilities:
Configured Static IGRP, EIGRP and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project.
Submit tickets to Security and Network teams for remediation through ServiceNow. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall and Executed changes on various Firewalls proxies and scripts over entire network infrastructure using Service Now ticketing tool.
Integrated Panaroma with Palo Alto firewalls, for managing multiple Palo Alto firewalls with single tool. Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and Checkpoint.
Experience with working on Palo Alto centralized management GUI PANORAMA. Configuration of policies, objects and applying NAT & Web Filtering on firewalls like Checkpoint, Palo Alto.
Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls. Reviewing & creating the FW rules and monitoring the logs as per the security standards in Palo Alto Firewalls.
Configured SNMP on Palo Alto firewalls 3060, 5060, 7050 for receiving incident alerts and notification and wrote SSL decryption policies for decryption of traffic to provide Anti-virus, Malware protection.
Migrating the access policies from Cisco ASA to Palo alto firewalls. Configuration and Administration of Palo Alto Networks Fire wall to manage large scale Firewall deployments.
Palo Alto design and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN. Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
Policy Reviewing, Audit and cleanup of the un-used rule on the Firewall using Tufin and Splunk. Configuration and troubleshooting of EIGRP, OSPF, BGP, CSM, integration with ASA devices.
Supervised the site surveys of wireless calibrations, analyzed floor blueprints, scaling signaling imbalance, data packet capturing with protocol analyzers. Upgraded load balancers from Redware to F5 BigIP which improved the functionality and scalability in the enterprise. Proficient with F5 LTM and Cisco CSM load balancer in between the servers inside the server farm and DMZ.
Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet.
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls. IPS/IDS, VPN Support and Configuration of Fortinet and SonicWall.
Worked on VPN’s firewall, Fortinet and have used the security controls through group policies. Rebuilding data centers and redundant sites for failover, F5 load balancers. Maintaining the SSL certificates for various applications hosted on the F5s and servers on the hardware.
Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment. Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, NetScreen devices for easier management and common configurations.
Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher. Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG'.
Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.
Extensive use of NSM (Network and Security Manager) and CSM (Cisco Security Manager) for adding or modifying firewall policies for the firewalls in use.
Responsible for checkpoint firewall management and operations across global networks. Adding and removing Checkpoint firewall policies based on service request from different users. Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0. Design and configuration of Cisco security platforms specifically ACS, ISE and ASA. Building the VPN tunnel and VPN encryption.
Environment: Cisco2948/3560/4500/3560/3750/3550/3500/2960/6500, Nexus2k/5k/7k/9K Switches and Cisco 3640/1200/7200/3845/3600/2800 routers, VMware, ASA, Palo Alto, Checkpoint, Citrix NetScaler, Cisco ISE, F5 BIGIP LTM, Viprion, RIP, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP.
Waddell and Reed, Shawnee, KS Oct’14 – Feb’16
Sr. Network Engineer
Responsibilities:
Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices. Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Mutual redistribution of OSPF and BGP routes using route maps. Configured rules and Maintaining Palo Alto & Analysis of firewall logs using various tools.
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (40+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series, PA5000. Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama. Provides updates and upgrades to the Palo Alto Firewall and Panorama devices. Involved in upgrade of Panorama to version 7.1.5.
Monitoring Traffic and Connections in Palo Alto and ASA Firewall. Backup and restore of Palo Alto and Cisco ASA Firewall policies and Installed, configured and set security policies on cisco and Palo Alto firewalls, VPN.
Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN. Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500. Implemented and troubleshooting the Virtual firewalls solutions in ASA. Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies. Implemented Site to Site connections for third party connectivity using Cisco ASA firewalls.
Administration of ASA firewalls in the DMZ and FWSM in the Server Farm to provide security and controlled/restricted access. Involved in the redistribution into OSPF on the core ASA firewall.
Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection.
Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
Recommend and design equipment configurations for LAN/WAN/VOIP deployment on Adtran, F5, Radware and Bluecoat. Adding Websites to blocked list on the bluecoat proxies based upon business requirements.
Performs support for the enterprise network and solves escalated ticket issues to include Bluecoat proxy rule additions and Cisco firewall issues. Designed and implemented a secure instant messaging system in Python providing Perfect Forward Secrecy, End Identity Hiding, protection against DoS attack & weak passwords
Experience in Layer 3 routing - Cisco Routers: 2500, 2600, 3600, 3800, 3900, 7200 series, ASR 1001/2,9000, 9001, 9006 series. Server administration and maintain system infrastructure by managing DNS, IPAM, Active Directory, DHCP lease and reservations, certificate management
Migrated, created, and managed pools and clusters in F5 BigIP GTM 3DNS load balancers across multiple Datacenters.
In-depth knowledge of Cisco ASA and Juniper NetScreen Firewall security, spanning-tree, Vlan’s, TCP/IP, RIP, OSPF, QOS, VRRP and VPN technologies. Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
Racking, Stacking, configuring Nexus 5K, 7K and 9K. Static pinning fabric interface connection, Port Channel fabric interface connection, configuring a Fabric Port Channel Created Build-Outs of new Safe Zone in Palo Alto Panorama VLANS, VIP, IP, VRF, BGP.
Installing, Maintaining and troubleshooting VMware. Configuring Static, IGRP, EIGRP and OSPF Routing Protocols on Cisco ASR 9000, 9001, 9006, 6500 series Routers. Experience in Citrix NetScaler application delivery controller.
Created and resolved Palo Alto and Checkpoint Firewall Rules, Routing, Pushed Policy. Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Configuration and troubleshooting on HSRP, VRRP, GLBP, RSTP, MST related issues coming in network environment. Expert in troubleshooting F5 software modules, including BIG-IP LTM, ASM, APM and iRules.
Implementation and configuration of GLBP/HSRP on multilayer switches for first hop redundancy. Configuring new hardware, installing and updating software packages such as Cisco UCS configuration and monitoring, and VMWare VSphere monitoring and VM creation.
Hands on Experience testing iRules using Browser (IE), HTTP watch on f5 load balancers. Designs and implement the security appliance ASA and SonicWall for the Site to Site, AnyConnect, SSL and Remote access VPN of many clients.
Managed F5 Big IP LTM appliances to load balance server traffic in critical serval access silos. Planning/Implementation of the Cisco VPN clients to Cisco AnyConnect. IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols. Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls. Install, configure, manage, and troubleshoot Cisco FirePower IPS appliances and Defense Center. Managed 4 data centers security equipment and Deployed SRX 3600 and 5800 chassis.
Configuration and extension of VLAN from one network segment to their segment between different vendor switches (Cisco, Juniper). Substantial lab testing & validation prior to implementation of Nexus 9K, 7K, 5K & 2K connecting to blade servers.
Convert Campus WAN links from point to point to MPLS and to convert encryption from IPSec/GRE to GET VPN. Handles different networking platforms such as Cisco ASA firewall, ASR routers, Cisco Catalyst switches and routers, Bluecoat Packet Shaper, Cisco WSA.
Utilizing Aruba's built in analytical, management and security features to troubleshoot wireless issues. Install and configure Aruba Wireless Controller APS. Troubleshooting and installing of CRS, ISR, GSR, ASR9000 and Nexus devices.
Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports and setting the user ports to non-Trunking, deployed port security when possible for user ports.
Responsible for Cisco ASA firewall administration across our global networks. Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF & BGP.
Involved in the redistribution into OSPF on the core ASA firewall. Served as single point of contact for vendors, employees and clients to answer questions about PCI Compliance and internal security policies.
Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol. Involved in the modification and removal of BGP from the MPLS routers. Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
Environment: Cisco2500/2600/3600/38000/39000/7200/ASR1004/ASR9000Series Routers and Nexus 2k/5k/7k Switches, Cisco ASA 5500,5512X,5515X series, Juniper SRX, Palo Alto, Checkpoint, Firewalls, F5 BIGIP LTM, NetScaler, APM, ASM Load Balancers, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP, VRRP, QOS, IDS/IPS.
MasterCard, O’Fallon, MO Apr’13 – Sep’14
Network Engineer
Responsibilities:
Maintain and track the status of device supplied to the client. Installation & Maintenance of Juniper switches, routers &firewalls. Implementing and maintaining WAN/LAN and WLAN networks in different diagrams.
Implemented various EX, SRX & J series Juniper devices. Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Monitor performance of network appliances and WAN utilizing using network analyzer like Wireshark. Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, NetScreen devices for easier management and common configurations.
Utilized Aruba's Airwave server to manage and monitor the network for issues. Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher. BIGIP ASM Positive and Negative Policy Reinforcement, iRule, Full proxy for HTTP, Server Performance Anomaly Detection.
Design and integration of Juniper SSG series firewalls, SA VPN Appliances, J series Routers, and EX series switches. Implementing and configuring F5 Big-IP LTM-6400 load balancers.
Created and resolved Checkpoint, Palo Alto Customer Orders and Request Orders. Implemented Positive Enforcement Model with the help of Palo Alto Networks. Configured ASA 5520 Firewall to support Cisco VPN Client on Windows 7/XP/Vista.
Deployed Palo Alto Networks PAN-5050 designed and configured the commands for QoS and Access Lists for Nexus 7K and 5K. Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices. Configuration of Fabric path and connectivity between Nexus 7K and Nexus 5K and installation of Nexus 5K.
Configured Routing protocols like BGP, OSPF, MPLS, multicast and L2 protocols in ASA to check it is passing through via ASA in customer deployments. Involved in setting up IP sec VPN between ASA firewalls. Experience with implementing Cisco 6500 VSS on the User distribution switches. Upgraded IOS on the ASA 555*-****-**** firewalls.
Performed basic security audit of perimeter routers, identifying missing ACL’s, writing and applying ACL’s. Network security including NAT/PAT, ACL, and ASA Firewalls.
Managed all project work related to F5 development (code, content, and marketing). Maintenance and trouble-shooting of LAN, WAN, IP Routing, Multi-Layer Switching. Performed interconnection of customer sites using IPSec VPN. Perform Packet Shaper Bluecoat 75000 OS upgrade, maintenance and configurations.
Re-design enterprise PCI Internal and External (PCI ASV) Program to meet intent of PCI DSS Requirements and ensuring coverage of PCI Assets. Implemented site to site VPN in Juniper SRX as per customer.
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers. Optimizing and monitoring the performance of a WLAN, LAN, WAN and user's segments. Update data related to network configuration, setup and implementation of Juniper Topology.
Configuring RIP, OSPF and Static routing on Juniper Series Routers. Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
Maintain connectivity for approximately 300 switches and routers in a 500+ node network. Implemented cluster and configuration of SRX-100 & 110 Juniper firewalls. Working with MPLS Designs from the PE to CE.
Design and deployment of MPLS QOS, MPLS Multicasting per company standards. Implemented Virtual chassis of Juniper EX series switches as per client requirement.
Environment: Juniper EX/SRX Switches, E, J Series Routers, Nexus 5k/7k Switches, Cisco ASA 5500 series, Juniper SRX, Palo Alto, Checkpoint, Firewalls, F5 BIGIP LTM, GTM, NetScaler, L3 VPN, OSPF, BGP, MPLS, EIGRP, LAN, WAN, RSTP, STP, BPDU, HSRP, VRRP, QOS, IDS/IPS.
IBM, India Jul’11 – Mar’13
Network Engineer
Responsibilities:
Actively participated and completed many projects based on MPLS VPN, Internet Solutions for corporate customers Backbone.
Hands on experience working on Cisco 7600, 12K, ASR routers & Juniper MX series.
Worked on wireless upgrade project for Allegheny Health network and their EPIC roll out.
Verifying Dynamic Host Configuration Protocol for IPv6 (DHCPv6) and DNSv6 options.
Performed wireless network design, site surveys as well as Troubleshooting and repairing any issues that occurred on site.
Configuration and troubleshooting of many link types i.e. SONET Controllers for sub E1/T1, E3/T3 and POS controllers for STM1 links.
Worked on Checkpoint Platform including Provider Smart Domain Manager and on configuring, managing and supporting Checkpoint Gateways.
Migrated Vlans from ASA (perimeter firewalls) to FWSM’s for better security management.
Environment: Cisco 7600 /ASR Routers, Juniper MX/EX Switches, IPv4/IPv6, ASA/Checkpoint/DNS, MPLS VPN, BGP, OSPF.
iGATE, India May’10– Jun’11
Network Engineer
Responsibilities:
Supported development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
Configured the Cisco router as IP Firewall and for NATTING. Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
Installed new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
Working on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path, and Community, MED.
Providing technical support to LAN & WAN systems.
Installing and maintaining Windows NT Workstations and Windows NT Server.
Monitor performance of network and servers to identify potential problems and bottleneck.
Monitoring Memory/CPU on various low-end routers in a network.
Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.
Provided technical support on hardware and software related issues to remote production sites.
Performed administrative support for RIP, OSPF routing protocol.
Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
Environment: Cisco 2600/2800/3600 Routers, VLANS/NAT/RADIUS/TACACS/WINDOWS NT SERVER/LAN, WAN, RIPv2, EIGRP, OSPF, BGP, MPLS VPN.