Network Engineer Data Center
Resume:
Name: Gaurav Ambari
Phone Number: 334-***-****
Email id: **********@*****.***
LinkedIn: linkedin.com/in/gaurav-ambari-065992196
PROFESSIONAL SUMMARY:
Overall, 8 years of Experienced Telecommunications and Network Professional worked on medium to large scale environments, enterprise, and Data center networks. Expert in Switching, routing, Network Security, Application Delivery, Wireless, VOIP, Virtualization and SDN.
Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional, Experience in Networking and Security domain which includes Deployment and providing network support, installation, and Operation for a broad range of LAN / WAN Environment.
Experience in installing, configuring, and maintaining Cisco Switches (3850, 6500, 6800, 9200, 9300, 9400, 9500, 9600 series) in enterprise Environment and Nexus 3k, 5k, 7k and 9k in Data Center Environment.
Expertise in installing, configuring and troubleshooting Juniper EX Switches (EX9200, Juniper EX4600, Juniper EX4400, Juniper EX4300, Juniper EX4100, Juniper EX3400, Juniper EX9250 Series).
Experience in VPC, and VDC technologies. Experience working on Gateway redundant protocols HSRP, VRRP, and GLBP. Experience with Access, Distribution and Core Layer Architecture in Datacenter. Experience in Spine Leaf Architecture.
Experience in installing, configuring and managing AAA Authentication servers RADIUS & TACACS+, DNS and DHCP servers and management by means of Infoblox and Active Directory Database.
Experience working in large-scale environments on high priority troubleshooting issues, several Proof of concepts for installations and Migrations to different vendor Equipment or implementing a new technology. IDF and MDF architecture, Datacenter Architecture and support roles, IOS upgrades, downtime procedures, Migration projects to different vendor equipment.
Experience with Next Gen Firewalls PA-5420, PA-5420, PA-800 series, PA- 3200 series and VM series firewalls for both Internet and internal traffic filtering. Experience with Panorama M100 series and maintaining up to 75 firewalls in large networks. Experience in SSL forward Proxy, URL filtering and Policies on PA Firewalls.
Experience on Fortinet FortiGate Appliances including 3200D, 1500D, 1200D running Latest 5.2 FortiOS.
Experience with Zscaler Internet security and Zscaler private access. Worked on ZIA for internet web traffic security. Migrated from Ironports to Zscaler ZIA.
Proficient in monitoring and managing networks using SolarWinds NetFlow Traffic Analyzer, Network Performance Monitor (NPM), Network Configuration Manager (NCM); Cisco Prime, Security Device Manager (SDM), Cisco Works; Infoblox, HP OpenView and Wireshark.
Expertise in installing, configuring, and troubleshooting of Routers Cisco ASR 1000, Cisco ASR 9000, Cisco ISR 4000 Series and Cisco ISR 1000 Series.
Experience on SCIM provisioning from Azure AD to Zscaler ZIA for users and groups sync.
Experience with cisco ACI and Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Data center. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP etc.
Experience and high-level technical knowledge in OSPF, EIGRP, RIP and BGP routing protocols. L1/L2 troubleshooting skills in Routing in complex environments. Worked with MPLS over BGP. Worked on upgrading Edge routers, failing over ISP circuits for maintenance.
Hands on experience on Azure cloud – migrated number of applications from CIS private cloud to Azure.
Experienced in network and applications diagnostic and reporting tools such as Wireshark, TCPDump, SSLDump, firewall session logs, Splunk, etc.
Configured F5 LTM, series10000 & 20000 series for the corporate applications and high availability. Implemented LTM and GTM in DMZ and Internal network. Worked on software versions up to 12.1.2. Experience with upgrading software and hotfix.
Proficient and high-level expertise using the F5 based profiles, monitors, VIP’s, pools, SNAT, SSL offload, iRules, virtual Servers, iAPPs. Migration experience from ACE to F5/ old F5 to New F5. Expert in TMSH.
Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
Extensive Knowledge of the implementation of Cisco ASA 5500X series - 5505, 5510, 5512-X firewalls with Firepower module. Palo Alto firewall policies, panorama and Checkpoint firewalls NG, NGX. Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
Experience with McAfee Web Gateways and Bluecoat Proxies for the internet traffic. Expert in IPS sensors in DMZ and inside network and device level proxy configuration for Internet traffic. Experience in WCCP.
Experience working with Aruba and Cisco Wireless LAN controllers, Configuring and Provisioning AP’s, Virtual AP’s, RTLS, Wireless SSID’s, remote and campus AP’s, upgrading WLC, worked in Active/Active local Controllers and Master controller. Worked on RAP3 for remote access.
Involved in troubleshooting network traffic and its diagnosis using tools like ping, trace route, Gigamon, Wireshark, TCP dump and Linux operating system servers.
EDUCATION:
Bachelor’s in electrical and electronics engineering, 2015 – Hyderabad, Telangana, India.
TECHNICAL SKILLS:
Networking Technologies
LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, WAAS.
Networking Hardware
Cisco Switches, Cisco Routers, ASA/Pix/Palo Alto/Fortinet/Juniper firewalls.
Routing Protocols
OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting.
Security Technologies
PAP, CHAP, Cisco PIX, Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint.
Network Monitoring
SolarWinds, Wireshark, HRping, Whatsupgold, Infoblox.
Operating Systems
Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR, IOS-XE, NX-OS.
Routers
2800, 2900, 3900, 3800, 3845, 4300,4500, 8300, 8500 ASR 1000X, 7206VXR, Juniper M & T Series.
Load Balancers
F5 Networks (BIG-IP), Netscaler (Citrix).
Capacity & performance
Cascade Riverbed (Flow Monitor), WAN Killer.
Switches
CISCO 3850, 4600, 6500, CAT 9200, CAT 9300, CAT9400, CAT 9500, CAT 9600, 6800 Nexus 9k, 7k, 5k.
Programming Languages
C, C++, Perl, Power Shell, Python.
Simulation Tools
GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence.
Firewalls
Juniper Net Screen (500/5200), Juniper SRX300, SRX320, SRX340, SRX345, SRX5600, SRX5800, ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls.
AAA Architecture
TACACS+, RADIUS, Cisco ISE.
Wireless
Cisco Meraki wireless Access points (MR36, MR46, MR56, MR57), Aruba Access points 200, 207,300,320, Wireless controllers 7280, 7240, Cisco Wireless controller 5508 and Cisco Aironet 3700 series.
Features & Services
IOS and Features, HSRP, GLBP, VRRP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR’s, HLD and LLD documents, Dell equal logics.
PROFESSIONAL EXPERIENCE:
Client: Walmart. Aug 2021 – Till Date.
Location: Atlanta, GA.
Role: Network Engineer.
Responsibilities:
Performed Configuration on ASR 9K .
Pairs includes HSRP, Bundle Ethernet Configuration, Assigning DHCP profiles.
Experienced in configuring Cisco Nexus 9K, 7K, and 5K series switches, specializing in VPC, VDC, and FCOE setups. Proficient with ASR 9000 series routers using IOS-XR and adept at AWS and Azure security, including RBAC, Azure Security Center, and Azure Monitor.
Skilled in Azure Automation with Runbooks and Terraform scripts.
Strong understanding of SD-WAN, routing technologies, and Nexus 3000 Fabric Extender (FEX) configuration.
Expertise extends to security protocols like RADIUS and TACACS+, and deploying Cisco ISR 800, 1000, and ASR 1000 series routers.
Experience configuring and troubleshooting on Citrix NetScaler Load Balancer.
Resolved Customers request to create firewall policies for Cisco ASA, juniper SRX, Fortinet and NX-OS.
ConfiguredVPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 7010/7018.
Created documents for various platforms including Nexus 7k, ASR9k, and ASR1k enabling successful deployment of new devices on the network.
Installated and Configured Cisco Catalyst switches 6500, 3850 & 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches.
Worked on moving data center from one location to another location, from 6500 based data centers to Nexus based data center.
Worked on the automation framework using Python scripting.
Worked with Azure Resource Manager API, Azure CLI, and PowerShell for configuring and managing assets in Azure.
Well Experienced with Azure networks and integration with on-premises infrastructure.
Deployed and Maintained SDWAN solution, routers and Switches, Cisco ASR, Juniper SRX and Fortinet firewalls.
Worked as a customer facing engineer to Deploy new hardware, Upgraded IOS, troubleshooted ongoing issues with Routing, Security, SDWAN and coordinate with support and professional services.
Worked in multi-Datacenter environment for LAN and WAN connectivity.
Switching tasks include VTP, 802.1q, IP Sec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.
Worked with VM segmentation (VMware NSX, Illumio, vArmour, GuardiCore), Firewall management and auditing (FireMon, Tufin, AlgoSec, RedSeal, Skybox, etc.) Sandboxing and Analytics (FireEye, Damballa, Check Point, Fortinet, Palo Alto) Network packet brokers (Gigamon, IXIA, NetScout).
Performed virtualization and deployed various VMs using VMware ESXI 6.5.
Worked with Nexus 9k (standalone and ACI) ASRs, N5K/2k, N7K, ASAs, UCS, ACS, ACI, VMware.
Implemented changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineer’s instructions and troubleshooting any related issues.
Configured Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000 to connect servers and storage devices.
Worked on setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customer.
Configured Cisco 6500, 6800, 4500 VSS in Distribution layer of the Data center network.
Network security including NAT/PAT, ACL, and ASA/SRX/Palo Alto/Fortinet Firewalls.
Good knowledge with the technologies Site to Site VPN, DMVPN, SSL VPN, WLAN and Multicast.
Well Experienced in configuring protocols HSRP, GLBP, PPP, PAP, CHAP, and SNMP.
Worked with Palo Alto firewalls PA-5420, PA-5420, PA-800 series, PA- 3200 series using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
Implemented and managed cloud security controls including identity and access management (IAM), encryption, network security groups (NSGs), and security information and event management (SIEM) integration.
Hands on experience with Aviatrix by integrating with AWS to provide advanced network capabilities to enhance security features, network segmentation and global transit networking.
Expert in configuring FortiNAC for precise network access control and micro-segmentation in NSX-t and NSX-v environments.
Proficient with Azure technologies including Web Apps, Service Bus, and Azure Functions.
Skilled in Juniper MIST for secure resource access and proactive root-cause identification.
Experienced with Cisco 6500 VSS in data center distribution layers and switching technology administration on Cisco Catalyst and Arista 7K devices. Capable of executing security posture assessments using Tufin, Splunk, and FortiNAC.
Upgraded the data center network environment from Cisco ASA 5520 to Checkpoint R80 & R81.x firewalls.
Implementing and Managing VPN Networks of the Customer through Checkpoint R80 firewalls.
Dealt with Aruba wireless access points 200,300 series supporting 802.11 ac.
Fortinet Firewall administration configuration of FortiGate 3000, 3815 series as per network diagram
Setting Aruba Access to link distribution switch system and then to WLAN controller.
Installed and configured Meraki (MX80, MX60) Appliance via Meraki MX400 Cloud.
Troubleshooted Fortinet Firewall, issues, edited policies and created rules.
Fortinet Firewall administration configuration of FortiGate 3000, 3815 series as per network diagram.
Installed and configured Cisco Meraki (MR36, MR46, MR56) wireless Access points in the warehouses.
Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, prevention where needed.
Client: Prime pack solution. May 2019 – July 2021.
Location: Farmington,MI.
Role: Network Engineer.
Working with Network Design and implementation teams on various projects across North America and South America.
Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
Experience with design and implementation of Data center migration.
Experienced and configured firewall administration including Bluecoat, F5, Checkpoint, Citrix NetScaler App and Fortinet.
Deploying and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
Responsible for designing and engineering of a virtual network infrastructure which included Cisco ACI support technologies.
Worked on SD-WAN technologies (Viptela, Meraki, Velo cloud and Silver Peak).
Master in Wireless LAN Controller's, Cisco Meraki, Cisco AP's, Standalone AP's and Mesh AP's.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
Extensively used Infoblox for IP address management. Created and added IPv4 Network, Reserved IP addresses for various devices, Defined DHCP Scope as per the requirements, Created DHCP scopeoptions for setting up Voice VLANs and PXE Clients etc.
Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to GetVPN.
Experience in troubleshooting NAT configurations, Access-Lists (ACL), and DNS/DHCP related issues within LAN Network.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Configured and involved in Citrix NetScaler responder policy configuration and Citrix NetScaler Access gateway configurations.
Secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
Troubleshoot and assist customers with DNS hosting.
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Having experience in network monitor tools Cacti, Nagios, Infoblox IP address management and PAPI console.
Experience on dealing with CISCO Application Centric Infrastructure (ACI) by integration hardware and software products as per network layout.
Configured and troubleshooting River bed WAN optimization software to improve the network acceleration at the user end.
Assisted solutions test team for virtualization, SDN/NFV, WAN, VPN, MPLS, BGP and WAN optimization.
Involved in migration of network from cisco catalyst switches/ASA firewalls to palo alto.
Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-200, PA-500
Configuration of Silver Peak WAN optimization software.
Design and build the core converged datacenter infrastructure using VBlock and VMWare services to support the environment.
Installed Riverbed WAN optimizer software to run applications via WANs to multiple branches across east coast.
Experience in troubleshooting SAN related issues and firmware upgradations of SANs in VMware and different environments.
Implementation of Juniper Firewall, SSG Series, Net Screen Series ISG 1000, SRX Series.
Experience on cisco wireless management systems which includes cisco 8540 Wireless controller, cisco 5520 Wireless LAN controller, and virtual wireless controllers.
Configured and troubleshooting Aruba Wireless products like Access Points and Mobility Access Switches.
Hands on experience on Cisco ISE and various network security concepts like SSH, IPsec, firewall polices and 802.1x.
Configured Cisco ISE secure Network Server 3595 which supports 20,000 endpoints in an ISE deployment.
Created design and implementation of Cisco DNAC managed networks utilizing industry best practices and Cisco hardware, overseeing new and existing equipment as well as hardware and software upgrades.
Worked on dealing with Cisco Collaboration system 10.x Solution Reference Network Design (SRND) considering the network layout.
Configuring and Troubleshooting the Juniper SRX100 and 110 series, Juniper Net Screen routers.
Deploying and decommissioning Cisco switches, Cisco Meraki Products and their respective software upgrades.
Worked extensively on Cisco ASA 5500(5510/5540) Series, Nexus 7000 Series experience in converting PIX rules over to the Cisco ASA solution.
Supporting EIGRP and BGP based on the network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
Involved in Configuration of Access lists (ACL) on ASA firewall for the proper network routing for the B2Bnetwork connectivity.
Provided proactive threat defense with ASA that stops attacks before they spread through the network.
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
Experience in Configuring, upgrading and verifying the NX-OS operation system.
Worked on python scripting language.
Client: Aspire Nxt Pvt Ltd. Sep 2016 – Dec 2018.
Location: Hyderabad, India.
Role: Network Engineer.
Assisted in troubleshooting LAN connectivity and hardware issues in the network of more than 1000 hosts.
Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
Monitor performance of network and servers to identify potential problems and bottleneck.
Performed RIP & OSPF routing protocol administration.
Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
Troubleshooted Cisco ISR 4000 Series, Cisco ASR 1000 Series, ASR9k, CRS, GSR 12k Series routers
Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.
Configured BGP features such as as-override, Local pre, EBGP load sharing on client connections.
Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
Worked with Fortinet Firewall to create policy, HA and monitored malicious traffic.
Provided daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
Configured HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
Configured GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 6500 switches.
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
Hand on experience the configuration and implementation of various Cisco Routers and L2 Switches.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Built site-to-site IPSec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.
Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and trouble shooting.
Worked on the Infoblox DNS Traffic control, DHCP, and IPAM for the Network control; Worked on the implementation of Domain Name Service.
Experienced in deploying SD-WAN module (CloudGenix) in the production network environment.
Worked with setting up AWS direct connect to amazon S3, Amazon EC2, Amazon VPC.
Upgraded 3x data centers’ network and Optical fiber infrastructures with an Arista spine-leaf.
Worked on NSX VMware, AWS, Azure Etc.
Worked with Load balancing device like F5 Big-IP local traffic manager (LTM) 1600
Worked on setting up tunnels from f5 devices to Zscaler cloud.
Worked on Infoblox to update the DNS host and A records to assist the part of the migration.
Worked on upgrading Palo Alto Firewalls, Cisco Routers, Nexus Switches, and Bluecoat proxy devices.
Functioned as part of a Firewall and Security team in support of Checkpoint Firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP, and Active Directory.
Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access thru Zscaler.
Replaced Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production.
Troubleshooted BMS components (Like DDC, Actuators, DPT, AFMS etc.).
Knowledge and experience on 802.11 a/b/g/n Ethernet standard for wireless Technology.
Troubleshooted Cisco routers, APs, Switches, Fortinet Devices and Meraki appliances.
Created change tickets according to the scheduled network changes and implementing the changes.
Employer: Shell Networks and Solutions ltd. Jul 2015– Aug 2016.
Location: Hyderabad, India.
Role: Security Engineer.
Provided technical support for expansion of the existing network architecture to incorporate new users.
Network layer tasks included configuration of IP Addressing using FLSM, VLSM for all applications and servers throughout the company.
Configured STP for loop prevention on Cisco Catalyst Switches.
Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.
Worked in setting up inter-vlan routing, redistribution, access-lists and dynamic routing.
Involved in configuring and implementing Composite Network models consists of Cisco 2620 and, 1900 series ISR 4000 series, routers and Cisco 6500 & 9300 Series switches.
Implemented various Switch Port Security features as per the company’s policy
Installed and troubleshooted networks with hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
Involved in implementation of trunking using Dot1Q, and ISL on Cisco Catalyst Switches
Worked with snipping tools like Ethereal (Wireshark) to analyze the network problems.
Trouble shooting of BMS components (Like DDC, Actuators, DPT, AFMS etc.)
Security configuration on Wireless LAN using protocols PEAP, EAP-FAST.
Extensive implementation, and operational experience with Cisco Wireless LAN Controllers, wireless access points, and management systems
Created policies, realms, rules, and responses to protect the applications and configure them to work under the SSO environment.
Assigned RADIUS and TACACS for new deployments in production environment. AAA for users to implement changes on production devices.
Configured Net Brain for Event-triggered automation helps isolate and mitigate threats before they become a disaster.
Worked, configured, and troubleshoot Cisco ACI, Layer 2/Layer 3-out, BGP and OSFP.
Great exposure to SDN and network virtualization technologies like Cisco ACI.
Deployed VMs from Templates and customized the necessary configurations.
Good Knowledge on Application Load Balancer (ALB) for routing traffic to targets (EC2 instances, Lambda functions, IP addresses) based on the content of the requests.
Implemented, and maintained network security controls such as firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation.
Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
Contact this candidate