Paul Roosevelt Gollapally
Sr. Network Engineer
Over 8 years of experience as a Network/Network security Engineer worked in Global environments in Switching, Routing, Firewalls, Proxies, Application Delivery Controllers, Wireless, WAN Circuits and software Defined Networks. Very Passionate to learn new trends in technology and come up with ideas to enhance Infrastructure availability.
Experience in Deployments, Design, Operations in small, Mid-size and Large Enterprise environments that includes Financial, Healthcare, Insurance and Product Based Companies.
Experience in configuring Virtual Local Area Network (VLAN), Multiple flavors of spanning tree protocol (STP), VLAN Trunking Protocol (VTP), Dynamic Trunking Protocol (DTP), LACP, Multi-vendor MLAG implementation in Campus and Data center environments and 802.1x authentication in access layer switches for Wireless and Wired users.
Experience in configuration and troubleshooting Layer 3 Routing Protocol configurations in RIP, OSPF, BGP, EIGRP, RIP and IS-IS.
Experience in maintaining Hub and Spoke multi campus connectivity over MPLS, ISP circuits for wireless, VOIP and Wired hosts connectivity. Configuration of redundant ISP circuits for Data centers.
Switching in Campus and Data center environments using Cisco, Juniper, HP, Dell, Arista and Extreme networks Routing experience on Cisco, Juniper and Arista routers in Distribution, Core, WAN and Internet connectivity.
Experience working on Cisco Catalyst Series3750, 3560, 3850, cat 9300, 2960, 4500X, 6500; Nexus 2000, 5K, 7K and 9K series switches. Cisco 7200, 2800 and ASR series routers.
Experience with Juniper EX2300, 4650, QFX 5100, 5200, J series, M series and MX routers for Core, Distribution and WAN connectivity.
Experience with Cisco ASA, Fire power, Palo Alto 5000 series, Checkpoint 15400, R75, R70 series, FortiGate and Juniper SRX firewalls. Experience with firewalls and security gateway appliances in Branch offices, Data centers, and small to Mid-Size environments for internet, extranet, VPN access.
Experience with IDS/IPS sensors, McAfee gateways, Bluecoat Proxies, Migration from Iron-port to Zscaler Proxies. Implementation of Proxies, PAC files, DLP.
Experience in SD-WAN technologies that include Versa and Viptella. Implementation of Resiliency, Network Load balancing, Security, path Selection, Traffic Management and visibility using SD-WAN solutions.
Experience in Application Delivery controllers with Cisco ACE migrations, F5 LTM, GTM, APM, ASM, BIGIP and VIPRION chassis, Citrix NetScaler’s and A10 Load balancers. Expert with iRule Scripting.
Experience with Wireless LAN controllers from Aruba 7200 series and Cisco 5508 series. Experience with wireless design and configuration in multi campus environments, BYOD policies, 802.1x authentication policies, RF parameters etc. Experience with Cisco Prime and Aruba Airwave. Experience with RADIUS and TACACS protocols. Worked and deployed Cisco ISE, Migration from Cisco ACS. Experience with Aruba Clearpass for Wired and Wireless users. Experience with 802.1X, EAP/PEAP protocols, Certificate based Authentication, MAB.
Experience in WAN connectivity using MPLS circuits, configuration of QOS, Policing and shaping policies, Customer Edge configurations, MP-BGP configurations, ISP circuits, Internet Peering.
Operational experience with Cisco ACI and Arista Cloud Vision, Spine Leaf Architecture, VXLAN, Bridge Domains, VTEPS, VNI, BGP route Attributes, Route Targets, Route Distinguishers for MAC address learning. Experience with Cisco Meraki.
Beginner in Python and Ansible scripting for Network Automation and API integrations.
Worked on On-call rotations, included in Budget quotes for the equipment, Evaluation and Proof of concept for various vendor equipment and technologies, Design and Deployment.
Experience with DNS and DHCP servers. Worked on Windows DNS and DHCP, Infoblox DNS and DHCP in IPAM, DNS and DHCP modules. Experience with Delegations, Pointer records, A records, conditional forwarding, DHCP scopes, Options.
Worked on Monitoring tools that include SolarWinds, Netcool, Sevone. Experience with SNMPV2 and V3, Access-lists for SNMP access, configuring Alerts, configuration backups, Network Maps.
Familiar to Log collectors like Splunk, Archsight, for logging sensitive traffic flows, Configuration changes.
Experience with multiple ticketing tools that includes Service-now, Remedy. Familiar with CAB procedures, Change control process, Incidents and Request Management.
Nexus 7K, 5K, 2K & 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series), CSR/ASR, IOS-XR
SRX, EX, QFX, J, M, MX, Series Routers and Switches
Cisco, Aruba Wireless LAN, 802.11 a, b,g,n and ac. 802.1X Auth, 2.4 and 5 GHZ, EAP/PEAP.
ASA Firewall (5505/5510), Checkpoint, Cisco ASA, Firepower Palo Alto, FortiGate
Network Monitoring Tools
Solar Winds, Netcool, SevOne, EMC Smarts
Cisco CSM, F5 Networks (Big-IP), Citrix NetScaler’s, Cisco ACE and A10.
Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet,40 & 100 GBE, Port- channel, VLANS, VTP, STP, RSTP, MST,802.1Q
IKE, IPSEC, SSL-VPN, ACL, NAT, PAT, URL filtering, SSL forward proxy, Blocklists
RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, SNMP, VPC, VDC, MLAG,
CAT IOS, IOS XE, XR, NX-OS, Junos, PANOS, F5 BIGIP OS, Linux, Windows,
Campus and Data center Refresh. Enterprise mergers.
Load balancer refresh and implementation WAF, Authentications for apps.
Deployment of Versa SD-WAN solution. POC on Viptella and Versa
Migration from ASA to Palo Alto, ASA to Check point. POC on Firepower and Checkpoint
Deployment of ISE, and Cisco Wireless. Aruba Wireless and Cisco Meraki.
Supported Deployment of Zscalers and Bluecoat from scartch.
Deployment of Cisco ACI.
Cisco Certified Network Associate (CCNA):
Cisco Certified Network Professional (CCNP
Palo Alto Certified Engineer
F5 101 and 201: TMOS Administrator
Barclays PLC, Wilmington, Delaware Jun 2017- present
Sr Network engineer,
Worked in the deployment team to perform various installations, migrations and also any troubleshooting during the implementations and Post production.
Migrated from 6500 series to Nexus 5k and 2K in FEX mode for access layer connectivity for various hosts in 10gig in Data centers.
Migration from Cisco ACE to F5 LTM. Configuration of Virtual servers, Pools, Profiles, TCP and Http header manipulations, redirects, SSL offloading and bridging, iRule scripting, Persistence, Monitors in F5 LTM module.
Performed Global Load balancing using F5 GTM module. Configured WideIP’s, Listener IP, DNS Zones, DNSSec, Topology Based Load Balancing, Global Availability, Delegations, Aliases etc.
Worked on configuration of security policies on F5 ASM, Zscaler Proxies for application level security and internet traffic security respectively.
Worked on Versa SD-Wan solution to configure rules and policies for path selection, monitoring different application traffic and load balancing among multiple ISP circuits, single pane of Management, templates, role bases access, multi-tenancy.
Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
Installation and Configuration of Cisco Catalyst switches 4500X, 3850, 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches
Migrated to Juniper EX series switches from Cisco 3500 series and 6500 series switches in some of the branch locations.
Switching tasks include VTP, ISL/ 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trucking, Port Security, STP and RSTP.
Experience with setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer.
Experience with configuring Cisco 6500, 6800, 4500 VSS in Distribution layer of the Data center network.
Configure and troubleshoot Juniper EX/SRX series switches.
Network security including NAT/PAT, ACL, and ASA/SRX/Palo Alto/Fortinet Firewalls. Migrated from legacy ASA to Palo Alto 5000 series and was included in migrating policies, implementing URL filtering, SSL proxy on PA Perimeter Firewalls.
Install, manage and monitored Large scale Palo Alto Firewalls through Panorama.
Assisted with migration from Iron port proxies to Zscalers with local Pzens and Cloud Pzens. Configured whitelists, policies, blocklists in DMZ Pzens.
Configuration of firewall rules, Switching and Load balancing for any application in DMZ.
Good knowledge with the technologies Site to Site VPN, DMVPN, SSL VPN, WLAN and Multicast.
Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
Experience with communicating with different customers, IT teams in gathering the details for the project
Experience in installing and configuring Infoblox DNS, DHCP servers. Updates on IP address management in IPAM.
Migration from Cisco ACS to ISE. Configuration of Authentication roles for Cisco wireless users on ISE. BYOD Policies.
Python Scripting for Automation of configuration templates for switches, routers, F5 and Integration with service-now.
Convert WAN links from TDM circuits to MPLS and to convert encryption from IP Sec/GRE to Get VPN.
Worked with Palo Alto firewalls PA250, 5000, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
Worked on ASA Firewalls, Palo Alto Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
Implemented Zone Based Firewalls and Security Rules on the Palo Alto Firewall. Exposure to wildfire feature of Palo Alto. Supported Zscaler Proxy in explicit mode for users trying to access Internet from Corp Network.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
Ultimate Software, Weston, FL Jan 2016- May 2017
Sr Network Engineer,
Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way that there are no failures in network in case of any device or link failure.
Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches to perform functions at the Access, Distribution, and Core layers.
Installing, Maintaining and Troubleshooting of Cisco ASR 1K, 7200, 7750,7950, 3925E and 2951E Routers and Cisco 6500, 4510, 4500-X, 4948, 3560X, 3750X and 2960S Switches for deployment on production.
Responsibilities include software upgrade, license activation, configuring/installing new GSR router 7000,12000, Nexus switch 9000, 5000,3000, 9504, 9300, 3200, 2308, F5-5050 and maintaining network documentation.
Troubleshooting Layer 2 issues, Spanning Tree protocol, RSTP, MST, VTP, VLAN on Cisco – 6500 series switches.
Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.
Worked in the Datacenters and performed tasks such as Racking, stacking, device testing, faulty management various network devices.
Experience installing and administering firewall and IDS/IPS, Bluecoat proxies’ systems in enterprise networks including in Datacenter.
Design and Implement checkpoint 3100 and 3200 Firewall Service Module for various remote LAN’s.
Worked on POC on Cisco ASA 5585 Firepower and Checkpoint next gen firewall solutions.
Setup high availability Cisco ASA pair with Firepower.
Experience with convert Cisco ASA rules over to the Checkpoint VPN solution. Coordination with remote sites during the VPN migration.
Configuring, Monitoring and Troubleshooting Cisco ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/NAT with the firewalls as per the design.
Experience in Adding Rules and Monitoring Checkpoint Firewall traffic through smart dashboard and smart view Tracker applications.
Experienced on working with Checkpoint firewalls R75/R77 such as installing/deleting and troubleshooting the networks.
Writing i-Rules and i-Apps on the F5 load Balancer and Renewing the Certificates.
Implementation of F5 includes configuration/creation of Network Element, Pool, pool members and virtual servers.
Experience in Deploying and decommissioning Cisco switches, Cisco Meraki Products and their respective software upgrades.
Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400.
Worked with network services like DNS, DHCP, DDNS, IP4, IP6, IPSec, VPN etc.
Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS AAA (TACACS+ & RADIUS).
Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions.
Coordinating with Vendors for creating and modifying firewall and NAT rules and Maintaining Site to Site and SSL VPN.
Worked with Automation script with Python module like Chef & Ansible.
Developed and implemented a web crawler program in Python that gathers data from social networking site.
Network Address Translation (NAT) and Smart Dashboard Configurations.
Improve scalability and ease of deployments of the Open stack underlay network by migrating from Standalone Nexus to Cisco ACI platform.
Focused on working with Cisco Channel partners to build practices around Cisco ACI.
Implemented Cisco Application Centric Infrastructure (Cisco ACI) as a solution for data centers using a Spine and Leaf architecture
Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS).
Implemented F5 APM module for various applications for Multi-Factor Authentication purposes. Applications include Microsoft Exchange, office 365, Internal applications, SharePoint etc.
Performed site refreshes on Cisco switching and Aruba wireless infrastructure.
Troubleshoot and resolved many VOIP related issues with respect to QOS, Call Managers and VOIP phones.
Experience with Virtualization technologies like installing, configuring, VMWare vSphere. Creation, management, administration and maintenance of virtual servers and clients.
Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment.
LAN Cabling in compliance of CAT6 standards infrastructure like Racking and Stacking.
Designed and installed Aruba Wi-Fi on 7200 controllers’ network to supply wireless connectivity to both employees and guests using segregated VLANs. Configuration of AP groups, Provisioning AP225, 325, RAP3, RAP5, Authentication roles,
Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.
Experience in white listing webpages and blocking webpages with Blue Coat Proxy SG and Blue Coat reporter.
Infoblox to provide DNS, DHCP, IPAM, administration services.
Aetna Inc, Hartford, CT Dec 2013 -Nov 2015
Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies.
Designed and configured the commands for QoS and Access Lists for Nexus 7K and 5K.
IOS upgrade in Nexus 7010 through ISSU (In service software upgrade)
Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
Experience working with High performance data center switch like nexus 9000, 7000 series.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
Experience with configuring Cisco 6500 VSS in Distribution layer of the Data center network.
Upgraded Showtime content network with Arista switches.
Configuration and implementation of Arista 7504 & 7280 in Spine-leaf architecture.
Configured HSRP and VLAN trunking 802.1Q, VLAN routing on catalyst 6500 switches.
Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX650, SRX240 and Juniper J series j230, M 320 and MX960 routers. Worked on Juniper EX4200 & EX4550 switches.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 daily, using SPACE as well as CLI when needed.
Implemented cluster and configuration of SRX-100 & 110 Juniper firewalls.
Network security involves web filtering on internet sites (User's restriction) using Palo Alto and checkpoint Firewalls.
Successfully Design and installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/ switches/ firewalls.
Experience with working on Palo Alto Next-Generation firewalls security profiles.
Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama.
Experience on Panorama firewall management tool which provides centralized monitoring and management of multiple Palo Alto devices from single window.
Installing and Configuring Palo Alto PA-500 series and Pa-2000 series firewalls using Panorama.
Experience with Firewall Administration, Rule Analysis, Rule Modification.
Responsible for configuration of A10 load balancer for application load balancing in internal and DMZ.
Configured and troubleshooting Aruba Wireless products like Access Points and Mobility Access.
Hands on experience in Aruba S2500 switches, Aruba 7200, 3600 series wireless controllers.
Migrated from Cisco 3650 switches to Aruba 3810 series switches.
Design Cisco, Meraki, and Aruba WLAN/WiFi infrastructures for SD-WAN.
Installed Solar Winds Network Performance Monitor with traffic analysis, application & virtualization management, configuration management.
Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
Experience on designing and troubleshooting of complex BGP and OSPF routing problems.
Perform root cause analysis on the problems coming across Project execution.
Maintained a BGP/MPLS infrastructure.
Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
Involved in the modification and removal (wherever necessary) of BGP from the MPLS routers.
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed
Experience in configuring vdc, fex pinning, fex port-channel, port-channel, peer keep alive, peer link.
Experience in working and designing configurations for vPC, vPC domian, vpc peer-gateway, vPC peer-switch, auto-discovery, and vPC single sided, vPC double sided, NX-OS, VFR, Otv, fabric path.
Debugged, Configured, and Tested Routers at Access Points and WLAN Stations
Involved in configuring IP Quality of service (QoS)
Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment
Involved in designing and implementing QOS and policy map to 2800 series routers for all the branches
Experience with migrating the Partner IPSEC VPN tunnels from one data center to another data center.
Experience with deploying the Layer 3 MPLS VPN in all the Branches and Campus locations.
Replace Campus Cisco 6509 End of Life hardware with new 4507/4510 devices.
Implemented LAN, WLAN environments, including configuration development based on router designs
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX
Security appliance, Failover, DMZ zoning, &Configuring VLANs/routing/NATing with the firewalls as per the design.
Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works).
Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
Designed, validated and implemented LAN, WLAN & WAN solution to suite client’s needs.
Maintenance and trouble-shooting of LAN, WAN, IP Routing, Multi-Layer Switching.
Worked on Riverbed devices for WAN bandwidth Optimization in the data centers for the sensitive.
Experience with Project documentation tools & implementing and maintaining network monitoring systems and experience with developing network design documentation and presentations using VISIO.
Boston Medical Center, Boston MA Nov 2012- Dec 2013
Network Operations Engineer
Configuring and troubleshooting multi-customer network environment.
Involved in network monitoring, alarm notification and acknowledgement.
Implementing new/changing existing data networks for various projects as per the requirement.
Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS, BGP, EIGRP, OSPF protocols) technical issues.
Providing support to networks containing more than 2000 Cisco devices.
Performing troubleshooting for IOS related bugs by analyzing past history and related notes.
Carrying out documentation for tracking network issue symptoms and large-scale technical escalations.
Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
Commissioning and Decommissioning of the MPLS circuits for various field offices.
Preparing feasibility report for various upgrades and installations.
Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
Worked on the security levels with RADIUS, TACACS+.
Completed service requests (i.e. – IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
Identify, design and implement flexible, responsive, and secure technology services
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Configured switches with port security and 802.1 xs for enhancing customer’s security.
Monitored network for optimum traffic distribution and load balancing using Solar winds.
Validate existing infrastructure and recommend new network designs.
Created scripts to monitor CPU/Memory on various low-end routers in the network.
Handled installation of Windows NT Server and Windows NT Workstations.
Handled Tech Support as it relates to LAN & WAN systems
syntell, Hyderabad, India Jan 2011 - July 2012
Provided technical support for expansion of the existing network architecture to incorporate new users.
Network layer tasks included configuration of IP Addressing using FLSM, VLSM for all applications and servers throughout the company
Configured STP for loop prevention on Cisco Catalyst Switches
Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.
Worked in setting up inter-vlan routing, redistribution, access-lists and dynamic routing.
Involved in configuring and implementing of Composite Network models consists of Cisco 2620 and, 1900 series routers and Cisco 2950, 3500 Series switches.
Implemented various Switch Port Security features as per the company’s policy
Configured VLANS to isolate different departments.
Configured IPSEC VPN on SRX series firewalls
Designing and hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
Involved in implementation of trunking using Dot1Q, and ISL on Cisco Catalyst Switches
Worked with snipping tools like Ethereal (Wireshark) to analyze the network problems.
Maintenance and troubleshooting of network connectivity problems using PING, Trace Route.
Performed scheduled Virus Checks & Updates on all Servers & Desktops.
Implementing Routing and Switching using the following protocols; OSPF, BGP on Juniper M series routers.
Involved in Local Area Network (LAN) implementation, troubleshooting, and maintenance as per company’s requirements.