Jaydeep Patel
**********@*****.***
Summary
7+ yrs. of experience as a Network Security Administrator specializing Network security, Firewalls.
Experience in the areas of Technical Implementation/Support, Project Management, System Administration, Networking and end-to-end Infrastructure Management.
Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Palo Alto, Imperva Web App Firewall support and deployment.
Good Understanding of Multiple Contexts in ASA firewalls and implemented different failover mechanisms among ASA firewalls
Experience in installing, configuring and troubleshooting of Checkpoint Firewall.
Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
Experience in Configuring Checkpoint Clusters with Nokia IPSO and GAIA OS
Experience in Deployed Check Point Provider-1 NGX and configured CMAs
Hands on experience on inspection, data loss prevention, content caching and bandwidth management using Bluecoat proxy.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
Migrating existed Bluecoat Proxy infrastructure with McAfee Web Gateway using Parent/Child architecture across multiple Data Centers using F5's LTM load balancer
Experience in Cisco ACS 4.x and 5.x, CSM, ACE and F5 GSLB load balancers.
Worked on T1/E1/T3 technologies and different LAN & WAN technologies.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
Experienced in CUCM with software version 7.x, 8.x and 9.x
In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 Sonnet POS OCX / GigE circuits, Firewalls.
Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
Expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
Highly experienced in VPN Implementation IPsec VPN and SSL VPN Server-to-Server and Client- to-Server.
Experienced in DHCP DNS, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management, and system troubleshooting skills.
Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
Expertise in IP sub netting and worked on various designing and allocation various classes of IP
Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security policies including NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists
Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc.
Technical Skills
Firewalls: Palo Alto, Checkpoint R65/R70/R75/R76/R77, Cisco PIX, Cisco ASA, Juniper & SPLAT
Routers: Cisco 2811, Cisco 6509-E (Multi-layer Switch), Cisco7200, Cisco3800, Cisco 3640, and Cisco 3745
Switches: Cisco Multi-layer Switch 6500, Catalyst 4500, Catalyst3750, Catalyst2900 and Catalyst 3500XL
LAN/WAN Technologies: T1, DS3, OC3, SONNET, MPLS, DSU/CSU Network Monitoring: Cisco Works 2000, Wire Shark
Protocols: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, TACACS+, RADIUS, OSPF, BGP, TFTP, FTP, SMTP, NTP & LDAP
Operating Systems: Windows XP, Vista, Windows 7 & 8, UNIX, SPLAT (Secure Platform), Linux, RedHat
Programming Language: C
Professional Experience
GE, Chicago, (December 2015 – Till Date)
Sr. Network and Security Engineer
Security Device – Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine
(ISE), VPN
Configured Firewall and updated rules(Palo Alto/Cisco ASA)
Managed, operated and analyzed results from Sourcefire detection systems
Experience setting up PCI zone(PCI compliance project)
Configured and performed troubleshooting routers and switches.
Updated routes and ACL(Access Control List)
Configured ACLs in Cisco 5540 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT.
Experience with network based F5 Load balancers with software module GTM & Checkpoint
Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
Experience with GTM F5 component to provide high availability with providing services across data centers.
Working experience on tools and devices like Gigamon, SourceFire, Fireeye, Aruba, Cisco ASA, Cisco ISE
Experience with FireEye Network Security (NX) products.
Configuring, Administering and troubleshooting MPLS, Solaris and ASA firewall
Experience with Using LTM F5 component to provide 24“7 access to applications
Troubleshoot network routes and ACLs (Cisco, Juniper)
Configuring BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of MPLS, DHCP and VPN networks
Technically supported in configuring, troubleshooting and analysis of customers networks related to Cisco Identity Services Engine (ISE)
Monitored and Optimized network performance
Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Exposure to wild fire feature of Palo Alto.
Build Site to Site IPsec based VPN Tunnels between various client and business partner sites
Manage over 40 checkpoint Firewalls split through multiple CMA's and administer using provider-1.
Administer and support Juniper Firewalls Using NSM (Net screen and ISG firewalls).
Troubleshooting connectivity issues with in the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
Implement Cisco Secure Access Control Server (ACS) for TACACS+. UPS Paramus, NJ, (November 2014 – November 2015)
Firewall Security Engineer
Implementing and troubleshooting Firewall rules in Palo alto Pa-5000 series using Panorama, Checkpoint VSX, R75.40, R76 and R77.20 as per Business Requirements
Researched, designed, and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
Palo Alto design and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
Worked on checkpoint R77.20 on GAIA and SPLAT, Cisco ASA.
Successfully replaced Checkpoint R65 Provider1 to R77.20 & Migrated more than 500 firewalls from R65 to R77.20 Gaia across the globe it includes Checkpoint Appliance, HP, Dell & Nokia firewalls.
50 Firewalls software upgrade from R65 to R77.20 Gaia.
Planning & implementing information security guidelines as per the security standards on the firewalls.
Creating user accounts, administrators, defining user groups and authentication in Provider- 1/MDM/MDS.
Configuring and troubleshooting complex NAT rules based on the client requirements.
Changing rule configuration from IP based authentication to client-based authentication.
Documented serial numbers, IP's model number of all the devices in the data center managed by the security team.
Attended meeting with the Access IT group, a provider of IT Security and Infrastructure technologies in regards with the Checkpoint license renewal and also discussed about checkpoint latest product R80.
Configured Static routes on the firewalls using the Network Voyager, GUI on the firewall and also in Clish mode.
Experience with Intrusion Prevention Systems (Cisco/SourceFire, Sophos)
Involved in Big-IP F5 load balancing for internet traffic across web servers using I-rules.
Managed network connectivity and network security, between Head offices and Branch office
Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
Creating accounts for new users and password resets on Bomgar, tool that allows support technicians to remotely connect to end-user systems through firewalls from their computer.
Exposed and trained in Cisco IronPort Proxies, Analyzing the .PAC files which define the traffic flow.
Designed and Implemented Cisco UCS pods in Nexus 7000 and Cisco 6500 Platform.
Worked on Cisco routers 7200, 3800, 2800 and Cisco switches 4900, 2900.
Troubleshooting the network for the network connectivity issues and network performance issues.
Liberty Mutual Lebanon, NH, (January 2014 – October 2014) Firewall Administrator
Designed, installed, configured & commissioned Palo Alto, Cisco Network
Security Device – Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, VPN
Prepared presentations and Visio diagrams
Configured and Administered Cisco ASA 5585 firewalls which includes setting up the different zones
Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls
Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400 series) in all the Datacenters.
Monitored the MPLS network and coordinated new circuit installations
Application Load Balancing with F5 BigIP, Cisco ACE, and Cisco CSS appliances.
Exposed to best practice design & Implementation methodology
Identified, isolated and resolved network security problems
Work on different networking concepts and routing protocols like BGP, EIGRP, OSPF, VRFS, Tunnels, L2TP, and VPLS and other LAN/WAN technologies.
Managed remote access Palo Alto, Cisco VPN, webvpn and AnyConnect
Performed intrusion detection and intrusion prevention using Cisco Sourcefire IDS/IPS
Experience with Problem and Change Management processes and applications
Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smartview monitor etc.
Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
Actively responsible for PIX 7.x/8.x, ASA 8.x and Cisco FWSM 2.x/3.x upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ/ASZ Implementation and Troubleshooting.
Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN
Documenting and Log analyzing the Cisco PIX series firewall
Configured BGP for CE to PE route advertisement inside the lab environment
Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues.
Cobham - Concord, CA, (October 2012 – December 2013) Network Security Engineer
Provide initial fault isolation, proactive maintenance and monitoring of Company's Network Equipment.
Perform monitoring and support of internal network security.
Provide support to internal users and external clients on various hardware and software issues.
Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800 Router/Microsoft VPN Server in order to access certain limited network resources from customer locations.
Configuring and Implementation of VPN-Sites to Site and Remote access using Cisco ASA, Juniper firewall (SRX) and Checkpoint firewall.
Monitored, troubleshoot, configured, and deployed LAN/WAN solution.
Installation and configuration Cisco router IOS 12.x, CatOS 12.x, Nexus NX-OS 6.x
Configured BGP, Frame-Relay, IPsec-VPN, SSL VPN, and routing protocols (OSPF, EIGRP, RIP, BGP, eBGP & iBGP).
Implemented rules on Juniper SRX 550 at the server farm.
Configuring Virtual Chassis for Juniper switches EX 4200, Firewalls SRX-210.
Creating and provisioning Juniper SRX firewall policies.
Configured and maintained IPSEC and SSL VPN's on Checkpoint.
PC/LAN support in an Ethernet based TCP/IP (DCHP & STATIC IP allocation).
Responsible for network architecture design and system engineering support in the following areas: Gateway services, Routing implementations & configurations, IP subnets, QoS policies, Network security implementations, Firewall implementation and Network management.
Provided staff augmentation support for BGP, EIGRP, OSPF and Multicast enabled enterprise network using Cisco equipment including 6509s with FWSMs, 3750 Stack wise switches, PIX & ASA firewalls.
Analyze distinct impact risks to provide documented guidance to developers that define solutions into mitigating high-priority vulnerabilities in order to ensure PCI compliance.
Performed 24*7 on-call rotation schedule over network monitoring tool interface and configures Loopback connectivity for enterprise network. Fair Solutions, (August 2008-September 2012)
Network Support Executive
Prepared a variety of documents including sales proposals, letters and emails in draft and final form utilizing software programs such as Microsoft PowerPoint, Visio, Word and Excel.
Configured Routing protocols such as OSPF and policy based routing.
Installing and implementation of Cisco Security Applications, as Identity Services Engine (ISE) and Access Control Server (ACS).
Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security.
Installed and configured workstations for IP based LAN's.
Installed and configured DHCP Client/Server.
Upgrade Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations.
Upgrading IOS, troubleshooting network outages.
Worked on Cisco Routers, Active /Passive Hubs, Switches.
Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues.
Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required.
Conduct through analysis, problem solving, and infrastructure planning.
Provide assistance to Network Manager and serve as Secondary Network support.
Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors.
Created & documented wiring and network diagram using MS- Visio.