Pratik Patel
*****@********.***
Summary:
Over 7 years of experience in network security engineer with proficiency in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
Maintain and Configure Firewalls like Palo Alto (PA-3k, PA-5k), Cisco ASA 55XX, Checkpoints (R65/R77) Juniper SRX.
Expert in Monitoring Checkpoint Firewall traffic through Smart Dashboard and smart view Tracker Applications
Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL-VPN and Zone Protection.
Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
Worked on Cisco Nexus 9000 family of switches whose hardware is based on Cisco ACI.
Experience with working on latest cisco switches like Nexus 2000, 5000, 6000 and 7000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric Path.
Well versed in ACI technology, starting from Fabric discovery to end datacenter deployment.
Sound knowledge on Panorama, Wildfire, FireEye and its integration with Palo Alto Firewalls.
Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module (AIP-SSM).
Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
Extensive experience in dealing with vendors for MPLS/DSL installations.
Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks
Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
Deploying, implementing and providing support for Cisco, 3850, 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200, ASR 1K, 9K routers, Cisco 2900, 3500, 3700, 4000, 4500, 4900, 5000, 5800, 6500, 7600, Cisco Nexus and Catalyst 3850, Arista Switches Juniper, Vyatta, Vyatta E series, J series and M series. Juniper, Vyatta, Vyatta SRX & VPN, T -Series, MX-Series Routers. Checkpoint (NGX R65, R70 and R71), Juniper, Vyatta, Vyatta Firewalls (SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo alto, Blue Coat Networks Firewall models (5060, 7060), Fortinet firewalls
Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
Worked on connections handoff using Bridged Interface to an External Route. L3 - EPG configurations, AEP configurations and Expert in GUI of ACI.
Trained new employees on how to bring up the ACI fabric and Basic configurations of Tenants/BDs/EPGs Networking and OOB Management configurations of Leaf/Spine Switches.
Configured the tenets, VRF's and EPGs in ACI APIC cluster
Installed, configured, and maintained with vendors Cisco, Juniper, Vyatta, Alcatel-Lucent, Arista, Brocade, Riverbed, Enterasys, Fortinet networking and CISCO MERAKI WIFI 802.11 a/b/g/n/ac technologies and Protocol sniffers. WPA, WPS, IEEE802.11, 802.11n/ac
Experience on implementing route manipulation using Offset-list, route metrics.
Implemented redundancy protocols like HSRP, VRRP, and GLBP.
Implemented VSS along with VDC and VPC on Nexus 5K, 7K switches.
Worked on troubleshooting issues on F5 LTM related to network, objects and servers.
Experience in rectifying issues related to F5 LTMs using F5 support services
Managed all network and devices to include Cisco routers, switches, VPNs, SSL, Check point, Cisco PIX, Cisco ASA, Cisco FWSM as well as content delivery networks (CSS, Citrix Netscalar and F5 BigIP LTM and GTM 1600 and 3400 load balancers) enterprise environment.
Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, BGP ability to interpret and resolve complex route table problems.
Extensive knowledge about Amazon Cloud (AWS) and Cisco Meraki Dashboard/ Meraki MX64 Firewall and Cisco ACI.
Expert Level Knowledge about TCP/IP and OSI models.
Ability to interpret and resolve complex route table problems.
Experience in configuring router redistribution between routing protocols and troubleshooting them.
Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
Experience in testing Cisco, Arista routers and switches in laboratory scenarios and then deploy them on site for production.
Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
In-depth knowledge and hands-on experience on IP Addressing, Sub-netting, VLSM and ARP, RARP and Ping Concepts.
Profound knowledge of VPN (all types), NET APPS Filler FAS (2000, 3000, 6000 series models), NFS, CIFS Protocols in NET APPS Filler, SDLC, STLC, BLC, Cloud Computing, VMware, vSphere, FLEX POD (Product of VMware, NET APPS, CISCO) and CUCS (Cisco Unified Computing System.
Experience setting up 802.1x wired and wireless networks in NAM (Network Access Manager)
In-depth knowledge and hands-on experience on IP Addressing, Subnetting, VLSM and ARP, reverse & proxy ARP, DNS & DHCP, Ping and Traceroute concepts.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
Analyzed different types of attacks on Secure Socket Layer/ Transport Layer Security (SSL/TLS) which includes Crime, Beast, and Breach and Time attacks.
Experience in network troubleshooting and analysis using Wireshark.
Efficient at use of Microsoft VISIO/Office as technical document and presentation tools.
Expert level of knowledge about TCP/IP and OSI models.
Hands on with Upgrading Cisco OS, Jun OS using TFTP server.
TECHNICAL SKILLS:
Routers
Cisco 1700, 1800, 2600, 2800, 3700, 3800, 3900, 7200, 7600 series, ASR9k
Switches
Cisco 3550, 3750, 4500, 6500 series & nexus 7k, 5k, 2k, 1000v, 1010
Load Balancer
Cisco CSS, F5 Networks (BIG-IP)
WAN Optimization
Cisco WAAS, PPP Multilink
Routing
OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing
Switching
VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, Transparent Bridging
LAN
Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN, Emulation
WAN
Leased lines 64k - 155Mb (PPP / HDLC), Fiber Optic Circuits, Frame Relay, ISDN, MPLS, DMVPN
Voice
Cisco call manager 8.x, 7.x
IP Telephony
VOIP, ISDN, PRI, Unified Call Manager
Wireless
Cisco 4400 Wireless Controller (WLC) and 1100, 1200 series Access Points
Firewalls
Cisco PIX, ASA, Juniper Netscreen, Palo Alto, SRX, Checkpoint
Features & Services
IOS and Features, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management
Network Monitor Tool
MRTG, Netbrain & Solarwinds & Cisco Prime Infrastructure
Protocol Analyzer
Wireshark
Ticketing tool & Data Center Tool
BMC Remedy 8 & Nlyte
Security
Cisco ASA, Check point, Juniper SRX, Palo Alto
Operating System:
DOS, Windows (95, 98, NT/2000, XP, Vista/7/8/10), Cisco IOS, Pan-OS
Professional Certification:
CCNP: Cisco Certified Network Professional
CCNA: Cisco Certified Network Associate
Professional Experience:
Capital one, McLean, VA Oct 2018 - Present
Sr. Network Engineer
Responsibilities
Responsible for managing and maintaining Data-center, DR and network Infrastructure. Respond to outages, user problems by triaging and troubleshooting, plan for Device & OS upgrades.
Have implemented OSPF within the four areas I administer. Setup Data-center and DR in area 0 and other regions in different areas.
Worked with PAN migration tool to migrate from to Palo-Alto. Initially started with Like to like migration and then manually configured polices like used id, app id, URL filtering etc. to take complete advantages of PAN devices.
Configured PA-5020, and PA-5050 to meet organizational requirements and industry best practices.
Worked on Panorama to manage multiple Palo alto firewalls from one central location. Constantly ensured Software Upgrades and Content Updates are up to date on those devices.
Worked on configuration of Anti-Virus, Spyware, Wildfire, APP-ID, USER-ID, and Global Protect on Palo-Alto devices. Also enabled Security Policy, URL filtering, Threat Prevention etc.
Implemented VDC, VPC, VSS, VRF and OTV on the Nexus 5505, 6500 and 7009 switches. Deployed Fabric Extender (FEX) 2248 for access layer.
Made changes to data center environment, setup Nexus 7k and 5k hardware in a VPC topology
Administered Cisco catalyst (6500, 4500), Nexus (2k, 5k, 7k), and Juniper (EX2300 EX3400) switches, enabled all L2 critical configurations like 802.1Q encapsulation, Port channels, VTP, VLAN, inter VLAN routing, etc.
Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and configure 2k, 3k,7k series Routers.
Gained abilities to take preemptive measures to mitigate DDoS attacks on Cisco and Palo alto Firewalls.
Expertise on configuring and maintaining SSL VPN's on Palo alto and Cisco ASA firewalls
Involved in migration from Site-to-site GRE tunnels network to MPLS-based VPN for customer's WAN infrastructure.
Took initiative to block traffic from rouge nations, also worked in blocking traffic from malicious sites as per the Information Security Systems guidelines using bluecoat proxies.
Completely administered and maintained F5 Big-IP (LTM and GTM) and Brocade Load balancers.
Worked with Quality of service traffic. Involved in QoS issues related to Policing, Shaping and queuing towards access and distribution level L2 and L3 devices.
Configured Cisco 6500, 4500 & 3750 Catalyst Switches for Network access.
Worked on configuring BGP, OSPF, EIGRP protocols on Cisco (7200, 3800), Juniper (MX240, MX280) series Routers, also enabled HSRP and VRRP protocols for redundancy
Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
Installed, configured, and STIGed Juniper Netscreen /Junos firewalls, Arista switches,Juniper SA (Secure Access) Series SSL VPNs.
Hands on Experience on Installation, Configuration, Administration and Trouble Shooting of VMware ESX, ESXi, within VMware 3.5, vSphere 4 and vSphere 5.1 environments with Virtual Center management, Consolidated Backup, DRS, HA, DPM, vMotion and VMware Data Recovery, VMware Site Recovery Manager (SRM). Experience with VMware View desktop virtualization (VDI).
Created different application policies in the ACI including Tenants, Application Network Profile (ANP), End Point Group (EPG), Contracts, Filters & Labels.
Worked in for the NextGen Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K.
Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters.
Integrated of layer 4 - 7 services (ASA) with ACI.
Upgrade IOS and configure routers and switches according to documentation.
Deployed ACI Greenfield and Migrated from Legacy network.
Supporting and Troubleshooting ACI Micro-segmentation and Worked with Cisco ACI & Kubernetes/Docker integration.
Worked with Aruba 7200, 3600, series wireless controllers, Airwave Wireless Network Management System and clear pass servers. Setup ClearPass policy manager and ClearPass guest access manager to authenticate wireless users.
Set-up Tufin clusters in virtual environment, worked on monitoring tools like, SolarWinds & Splunk and Sniffing tools like WireShark
Worked with Infoblox IPAM and SolarWinds IPAM for IP address management
CVS Caremark, Scottsdale, AZ Oct 2017 – Sep 2018
Network Security Engineer
Responsibilities:
Installation, configuration and maintenance of Palo Alto Firewalls, Cisco ASA firewalls.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.
Experienced in handling Panorama firewall management tool to administer Palo firewalls
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Manages, maintains and support Checkpoint Firewalls, IPS/IDS, Endpoint Security products, PKI, and network Security Infrastructure.
Implementing and Managing VPN Networks of the Customer through Checkpoint R75 firewalls.
Real-time security events monitoring, maintain endpoint and network security controls and managing network IDS/IPS, firewalls, malware detection, review and respond to security events
Managed VPN, IPSec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Checkpoint Firewalls
Installed, configured and set security policies on cisco and checkpoint firewalls, VPN
Network security involves web filtering on internet sites (User's restriction) using checkpoint Firewalls.
Working experience on the Cisco Meraki cloud access points and Switches.
Experience handling tickets with less or no supervision in troubleshooting checkpoint 77.30.
access points.
Performed Switching Technology Administration including VLANs, inter-VLAN Routing, Trunking, STP, RSTP and Port Aggregation on Cisco Catalyst 3850 devices and Arista 7K.
Served a platform for other services that are required within the data center or cloud environment using Cisco ACI.
Worked extensively in configuring, Monitoring and Troubleshooting Check Point R77.XX security appliance, Failover DMZ zoning & configuring VLANs / Routing / NATing with the firewalls as per the design. Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls
Configuring DMVPN tunneling between the branches.
Responsibility is to design and deploy various Network Security & High Availability products like Check Point R 77.XX and other Security Products.
Designed, configured, implemented site-site VPN on cisco ASA 5500 firewall.
Configured Routing Protocols like BGP, OSPF, MPLS, multicast and L2 protocols in ASA to check it is passing through via Cisco ASA in customer deployments. Involved in setting up IP Sec VPN between ASA firewalls.
Implementation/verification of changes Citrix Netscaler, GSLB, VSERVER, SERVICES, SSL CERTS APPEXPERT.
Experience in P2V, V2V MIGRATION using VMware Converter / Plate Spin 6.8.x. Creating host and clientVM templates and cloning.
Performed basic security audit of perimeter routers, identifying missing ACL's, writing and applying ACL's Network security including NAT/PAT, ACL and Cisco ASA firewall.
Configuring of Cisco Routers such as 1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800 and 7200, 7609.
Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology.
Experience converting Cat OS to Cisco IOS on the Cisco 6500 Switches.
Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
Maintaining and operating Cisco Prime Infrastructure in a worldwide deployment.
Configured and Maintained over 1500 VoIP Phones throughout several sites.
Well experience in troubleshooting and optimizing performance in Cisco based routers and switches.
Cyber Net Solutions Jan 2016 – May 2017
Network Security Engineer
Responsibilities:
Maintain and track the status of device supplied to the client. Installation & Maintenance of Juniper switches, routers & firewalls. Implementing and maintaining WAN/LAN and WLAN networks in different diagrams.
Designed Security policies on Palo Alto Network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements.
Analyzed the Policy rules, monitor logs and documented the Network /Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
Provided daily Palo Alto Firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone-based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama.
Experience with working on Palo Alto Next-Generation firewalls Security profiles.
Provided Load Balancing towards Access layer from Core layer using F5 Network Load balancers.
Establishing the wireless network(Wi-fi) IEEE 802.11 a/b/g environment using security policies (Aruba)
Implemented various EX, SRX & J Series Juniper devices. Identified opportunities for implementation of Network best practices, particularly F5 load balancer implementations.
Utilized Aruba's Airwave server to manage and monitor the Network for issues. Involved in migration of F5 Local Traffic managers of LTM 5100 series to LTM 6800 series for higher.
Design and integration of Juniper SSG series firewalls, SA VPN Appliances, J series Routers and EX series switches. Implementing and configuring F5 Big-IP LTM-6400 load balancers.
Created and resolved Checkpoint, Palo Alto Customer orders and request orders. Configured ASA 5520 firewall to support Cisco VPN client on Windows 7/XP/Vista.
Deployed Palo Alto Networks PAN- 5050 designed and configured the commands for QoS and Access Lists for Nexus 7K and 5K.
Experience working with Nexus 7018/7010, 5020, 5548, 2148, 2248 devices.
Configured Routing Protocols like BGP, OSPF, MPLS, multicast and L2 protocols in ASA to check it is passing through via ASA in customer deployments. Involved in setting up IP Sec VPN between ASA firewalls.
Working as a Network SME for the NextGen Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K.
Practical work experience in Installing, Maintaining, Monitoring, Troubleshooting and Managing Blade Center server, Configuring and Zoning Storage Area Networks and SAN Switches and VMware ESX Server Administration
Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters.
Configured ACI integration with VMware
Configured and performed software upgrades on Cisco Wireless LAN Controllers for Wireless Network Access Control integration with Cisco ISE.
Experience with implementing Cisco 6500 VSS on the User Distribution Switches and upgraded IOS on the ASA 5550, 5585, 5520 firewalls.
Performed basic Security audit of perimeter routers, identifying missing ACL's, writing and applying ACL's Network Security including NAT/PAT, ACL and ASA firewalls.
Re-design enterprise PCI Internal and External (PCI ASV) program to meet intent of PCI DSS requirements and ensuring coverage of PCI assets. Implemented site to site VPN in Juniper SRX as per customer.
Configure wireless routers on enterprise network with certificates and policies
Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers. Optimizing and monitoring the performance of a WLAN, LAN, WAN and user's segments.
Configuring RIP, OSPF and Static configuration on Juniper Series Routers. Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
Environment: Juniper EX/SRX Switches, E, J Series Routers, Nexus 5k/7k Switches, Cisco ASA 5500 series, Juniper SRX, Palo Alto, Checkpoint, Firewalls, F5 BIGIP LTM, GTM, NetScaler, L3 VPN, OSPF, BGP, MPLS, EIGRP, LAN, WAN, RSTP, STP, BPDU, HSRP, VRRP, QOS, IDS/IPS.
Prokarma Softech Pvt Ltd Aug 2013 – Dec 2015
Network Administrator
Responsibilities:
Experience in Cisco 7200, 7600 routers, Cisco 2800 3700 series switches: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, IGRPRIPv2, EIGRP, Static and default route.
As a part of new site implementation configure Cisco devices with different routing protocol like BGP, OSPF, EIGRP based upon client requirement and as per company standards
Experience with Information Technology Infrastructure Library (ITIL) processes, especially change management and configuration management.
Experience in using Putty, Win SCP, Active Directory, VoIP, WebSphere Application Server, Apache, Eclipse, Databases (DB2, Oracle, SQL Server)
Performed switching related tasks such as implementing VLANS, VTP, RSTP and Port security.
Implemented security measures using ACL and configured NAT according to the connectivity requirement.
We will make sure all Cisco routers are running with SNMP, SSH, Syslog, AAA, IPFlow and latest Cisco IOS
As pa part of new site deployment, we will configure WAAS box to enable network (TCP) optimization
Troubleshooting DOCSIS cable modems using terminal emulator to determine RF signal related problems
Support for Aruba wireless access points
Implementing HSRP, VRRP, GLBP redundancy on layer2 and Layer 3 level
Port-channel implementation on Nexus 7k, 5k, Catalyst 6500, 4500 series for servers to get high bandwidth
Product testing and support for a wide range of products like routers, Layer2/layer3 switches, 802.11 wireless access points (Aruba - 105, 125) etc.
New Cisco Switches configuration with VLAN's, VTP and syslog, SMP server and other security features
Configuring Cisco BAC (Broadband access center) along with DOCSIS cable modems.
Nexus 7k, 5k, 2k Configuring with FEX, FHRP, VPC, VDC based on design which we are going to implement
New Switches configuration with VLAN's, VTP and syslog, SMP server and other security features
Symbioun Software Pvt. Ltd May 2012 – Jul 2013
Jr. Network Engineer
Responsibilities:
Designing private network and maintaining the hardware, software installation & configuration.
Designing and implementation of routing policy for customer internet route with link utilization.
Configuring the routes like default, static routing and dynamic routing in the devices.
Involved in Local Area Network design, troubleshooting and maintenance as per requirement.
Creating and Maintaining the Network stability on VLAN, LAN and WAN.
Troubleshooting issues related to VLAN, VLAN- Trunking, and STP.
Involved in implementation of Trunking Encapsulation IEEE 802.1Q and ISL on Cisco catalyst switches L2, L3
Designing the VLAN along with INTER- VLAN routing.
Configuring Cisco routers 26xx series using OSPF and EIGRP.
Configuration to different applications with RSTP, VTP, VTP Pruning.
Redistributing from OSPF to RIP and vice versa by implementing hub and spoke topology with a Frame Relay Switch in between.
Participated as a subject matter expert in a 2-person team that replaced 96 DOCSIS 2.0 CMTS with 60 DOCSIS 3.0 CMTS
Manage the integrated DOCSIS cable modem software portion of Cisco outdoor wireless access point
Troubleshooting TCP/IP problems troubleshoot connectivity issues in multiprotocol Ethernet.
Configuring static Nat, dynamic Nat and Nat pooling.
Designed the network with sustainable IP using SUBNETTING like FLSM, VLSM.