Post Job Free
Sign in

Palo Alto Data Center

Location:
Posted:
May 14, 2025

Contact this candidate

Resume:

Prashanth Goud

+1-260-***-**** ********************@*****.***

LinkedIn: www.linkedin.com/in/prashanthnetworkengineer

Professional Summary:

Experience in networking and security, including Cisco, Juniper, Palo Alto, Checkpoint, and Fortinet.

Expertise in network design, deployment, and troubleshooting across data centers, SD-WAN (Viptela, Silver peak), and cloud environments (AWS, Azure).

Engineered high-availability architectures using F5 load balancers, implementing GSLB and disaster recovery solutions, ensuring seamless failover and traffic distribution across multiple data centers for uninterrupted services.

Hands-on experience with Arista CVP, Viptela SD-WAN, F5 LTM/GTM, DNAC, Cisco ACI, and Zscaler.

Skilled in automation using Ansible, Python, Terraform, and integrating ServiceNow ITSM for incident response and change management.

Strong background in wireless networking, including Cisco WLC, Aruba, Meraki, Ekahau, and ClearPass

Technical Skills:

Routing & Switching: OSPF, BGP, EIGRP, MPLS, VLANs, STP, LACP, VXLAN

Network Security: Palo Alto, Checkpoint, Fortinet, Cisco ASA, Zscaler, NAC (ISE, ClearPass)

Cloud & SDN: AWS, Azure, Cisco ACI, Viptela SD-WAN, VMware NSX, Google Cloud

Load Balancing: F5 LTM/GTM, Citrix NetScaler, A10 Networks

Network Monitoring: SolarWinds, Splunk, Wireshark, NetFlow, SNMP, ServiceNow

Wireless: Cisco WLC, Aruba, Meraki, Ekahau, Air Magnet, Airwave

Scripting & Automation: Python, Ansible, Terraform.

Certifications:

CCNA, JNCIA, PCNSE (Palo Alto)

Professional Experience:

Data Center Network Engineer

639 Solar Data Center & Cloud July 2024 – Present

Designed and deployed Arista, Juniper MX 240 MX480 MX 960, QFX10008 Aruba6400, and Cisco Nexus 5k/7k/9K switches, ASR 9k, ISR 3k,4k in high-availability environments.

Migrated firewall infrastructure from Cisco ASA to Palo Alto PA-5200, enhancing security and performance.

Configured high-availability configurations, VPNs, threat prevention, and intrusion detection/prevention systems (IDS/IPS) within Palo Alto firewalls for comprehensive network protection.

Configured High Availability (HA) and troubleshot on Panorama; performed firmware upgrades from PAN-OS 8.X to 10.X. Worked on T1/E1/T3 technologies and different LAN WAN/WLAN technologies

Deployed and managed PA-5250 firewalls in Active/Passive HA mode at the data center edge, securing east-west and north-south traffic between production, backup, and management zones.

Deployed Global Protect for secure remote access and integrating Palo Alto firewalls with SIEM tools like Splunk for enhanced threat visibility and response.

Designed, implemented, and maintained Juniper MX204 and QFX10002 routers in high-availability data center and WAN edge environments, ensuring resilient routing using BGP, OSPF, and IS-IS.

Configured and managed Juniper SRX firewalls for perimeter and internal segmentation, implementing security zones, address books, NAT, and UTM policies to enforce layered defense.

Developed and optimized firewall policies across Juniper, Fortinet, and Palo Alto platforms, aligning access controls with least-privilege principles and compliance standards (NIST, ISO 27001).

Designed and deployed Cisco ACI fabric using APIC controllers and a spine-leaf architecture to support multi-tenant data center environments.

Configured Application Network Profiles (ANPs), Endpoint Groups (EPGs), Bridge Domains, and Contracts to implement micro-segmentation and policy-based forwarding.

Integrated Cisco ACI with VMware vCenter and ServiceNow, enabling automated VM-to-network policy mapping and seamless service provisioning.

Implemented L3Out connectivity with BGP and OSPF for external routing and configured static paths and PBR for firewall service chaining.

Deployed and managed Cisco HyperFlex clusters (HX240, HX220) to support virtualized workloads across production, dev, and disaster recovery environments.

Configured HX Connect, vCenter integration, and Fabric Interconnects for end-to-end management of compute, storage, and networking.

Implemented data deduplication, compression, and replication policies within HyperFlex to optimize storage efficiency and support BCDR.

Performed upgrades and lifecycle management using HyperFlex Installer and UCS Manager, ensuring non-disruptive updates and cluster stability.

Automated HyperFlex provisioning and monitoring using PowerShell, Python, and Cisco Intersight APIs.

Automated ACI configuration and fabric health monitoring using Python scripts and ACI REST APIs.

Used ACI Multi-Pod architecture to extend data center fabric across multiple physical sites while maintaining centralized policy control.

Conducted proactive threat hunting and firewall rule audits across Juniper SRX devices to eliminate redundant rules and reduce attack surface.

Collaborated with security teams to implement Zero Trust principles, including east-west segmentation, continuous authentication, and policy-based access tied to identity and device posture.

Integrated visual dashboards and metric analytics using Grafana, Splunk, and ELK stack to visualize network health, capacity trends, and SLA compliance.

Built tools and automations for capacity planning, flow analysis, and proactive alerting to reduce downtime and optimize network performance.

Configured BGP, OSPF, IS-IS, MPLS, SD-WAN (Viptela), and VPNs across multi-site environments.

Implemented ServiceNow ITSM for network automation, ticketing, and change management.

Utilized Infoblox Grid for IP address allocation, subnet management, and automation of IP provisioning across multiple data centers.

Architected Zero Trust segmentation within the data center using App-ID, User-ID, and tag-based policy enforcement for sensitive workloads (databases, storage, virtual desktops).

Monitored DNS traffic using Infoblox Grid Manager, detecting query anomalies, latencies, and misconfigurations.

Developed network topology diagrams and deployment plans Client.

Verified rack layout, power requirements, and weight distribution before installation.

Documented rack elevations, power connections, and network topology for reference and future troubleshooting.

Created detailed documentation for switch/router configurations, firewall rules, and server setups.

Installed, mounted, and secured servers, switches, storage devices, and PDUs following industry best practices for weight distribution, airflow, and cable management.

Supported private cloud tenant onboarding by designing network configurations that align with L2/L3 segmentation, VRFs, and service-level policies.

Involved in Racking and Stacking, wire management, decommissioning the devices.

Senior Network Engineer

Sabic, TX JAN 2023 – Nov 2023

Migrated legacy networks to Cisco ACI, VXLAN, and SD-WAN (Cisco Meraki) for enhanced scalability.

Applied strong understanding of IPv6, OSPFv3, MP-BGP, L2VPN, L3VPN, MPLS (LDP, TDP), QoS/Traffic Engineering, and VRFs in the design and deployment of scalable routed networks.

Deployed and maintained PA-3220 firewalls at 25 regional distribution centers, acting as branch aggregation points with redundant uplinks to the core.

Configuration of Static Routes and BGP Routes on PAN-OS Virtual Routers using BFD with next-hop Cisco ASR 6500 Router for Layer 3 Routing.

Engineered zone-based firewall architecture using Juniper SRX to isolate sensitive workloads and control east-west traffic across trust boundaries, aligning with Zero Trust segmentation strategies.

Integrated Juniper SRX with SIEM (Microsoft Sentinel) and SkyATP for real-time threat detection, alerting, and correlation, enhancing network-wide threat visibility.

Configured dynamic security policies using Juniper’s App-ID and user-ID features, providing granular access control based on applications and identity rather than just IP.

Enabled Zero Trust enforcement in a hybrid environment by extending Juniper SRX policies to AWS/GCP workloads via IPsec tunnels and cloud NAT gateways.

Configured dynamic routing (BGP) over IPsec tunnels between each store site and cloud data centers using auto-VPN orchestration from Panorama.

Implemented policy-based forwarding (PBF) for critical POS transactions to ensure primary circuit preference with automatic failover.

Enabled zone protection profiles and DoS policies to safeguard retail infrastructure against volumetric attacks and scanner floods.

Deployed and managed Zscaler ZIA/ZPA, Palo Alto Panorama, and Fortinet firewalls for security enforcement.

Used Panorama device groups for regional policy segmentation, allowing tailored policies per geography and store type (flagship vs kiosk).

Managed templates for interface configs, logging profiles, SNMP traps, and integrated Panorama with NMS and ticketing systems.

Set up commit queues, configuration locks, and scheduled updates to enforce change control across 40+Palo Alto firewalls.

Designed multi-ISP BGP peering, MPLS, and EIGRP route optimization for improved performance.

Integrated VM-Series with AWS Transit Gateway and multiple VPCs, applying centralized security policies to inventory services, mobile app APIs, and ERP platforms.

Designed scalable hub-and-spoke architecture using Palo Alto Transit VPC pattern for secure inter-VPC communications.

Enabled elastic load balancing and auto-scaling triggers tied to firewall instance metrics for high availability and cost optimization.

Engineered AWS, Google Cloud, and Azure networking, configuring VPC, Route 53, VPNs, and NSGs.

Network Engineer

Aflac Mar 2021 – Aug 2022

Deployed and managed Cisco ISE, Palo Alto firewalls (PA- 850, PA-3220), and Checkpoint Smart Directory.

Configured extended ACLs, BGP traffic engineering, and MPLS VPNs.

Designed Zero Trust Network Access (ZTNA) with Zscaler and implemented Azure AD authentication

Deployed and managed PA-5250 firewalls in HA mode at the primary data center and PA-3220s at regional branches and DR sites for segmentation, threat inspection, and traffic control.

Integrated VM-Series firewalls in Azure to secure cloud-hosted insurance applications, customer portals, and API endpoints, supporting scalable hybrid deployments.

Configured zone-based security policies, application-based rules, and NAT translations across multi-tiered environments (customer, policy admin, claims).

Managed over 40 Palo Alto firewalls using Panorama, with structured device groups, templates, and tag-based policy deployment.

Implemented commit validation, role-based access, and admin approval workflows to align with change control policies.

Generated detailed reports on traffic logs, threat visibility, and user activity for quarterly reviews and SOC2 / SOX compliance.

Tuned WildFire, URL Filtering, Anti-Spyware, and File Blocking profiles to mitigate malware, phishing, and DLP violations across user and server zones.

Integrated with external dynamic block lists (EDLs) to defend against insurance-targeted threats like credential harvesters and ransomware C2 domains.

Worked on Cisco Meraki SD-WAN, Aruba Wireless, and Arista Cognitive Wi-Fi solutions.

Automated Palo Alto firewall provisioning and policy management using Panorama APIs and Ansible, reducing manual workload for change windows.

Created scheduled tasks for backup, config validation, and bulk updates to security profiles across firewall estate.

Administered IT service management (ITSM) processes for incident, problem, and change management.

Created and managed VPC peering and shared VPC configurations to enable secure IP communication across projects and service domains.

Monitored TCP/IP traffic and NAT translations using Cloud Monitoring, Cloud Logging, and Cloud NAT diagnostic tools.

Designed, developed, and tested scalable cloud-based solution architectures and infrastructure AWS and Azure Such as Route 53, ELB, Security group, VPC, VPN, NACL, NSG and VNET.

Technical Support Specialist

Wells Fargo Jan 2018 – Feb 2021

Troubleshot Cisco, Juniper, and Fortinet network issues in a multi-vendor enterprise environment.

Deployed and maintained PA-500 firewalls at branch sites and PA-7050 firewalls at regional hubs in Active/Passive HA mode to secure retail banking operations and internal financial applications.

Managed F5 load balancers, wireless controllers (Cisco, Aruba, Meraki), and VPN solutions. Engineered and maintained mission-critical wireless infrastructure for enterprise environments, ensuring high availability and optimal performance.

Designed and deployed wireless networks following IEEE 802.11 standards, including 802.1x authentication, RADIUS, EAP-TLS, and encryption protocols to enhance security.

Conducted LAN/WAN setups, VLAN segmentation, and WAN optimizations using Riverbed SteelHead.

Implemented ITIL incident and problem management processes for seamless operations.

Collaborated with the Load Balancing team to establish connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers.

Worked with F5 BIG-IP LTM 8900 and Citrix NetScaler, configuring profiles and ensuring high availability.

Automated ACI configuration and fabric health monitoring using Python scripts and ACI REST APIs.

Conducted performance tuning, load testing, and regular maintenance of F5 load balancers to optimize application delivery and mitigate potential performance bottlenecks.

Performed Linux server troubleshooting on AWS using tools like Zabbix, Nagios, and Splunk.

Supporting wide range of products from Cisco Systems, Troubleshooting of Routers and Switches.

Configuration and installation of Cisco Routers and Switches.

Configuring and working with Cisco and Juniper Routers and Switches using protocols like RIP, EIGRP, and OSPF.

Manage the Routing protocol and Encapsulation Protocol. Troubleshooting of WAN connectivity problems.

Configured STP for loop prevention and VTP for Inter-VLAN Routing.

Education:

Master of Information Systems Indiana Institute of Technology, USA.

Cgpa: 3.8/4

Bachelor of Technology in Electronics & Communication TKR Engineering College, India- Cgpa: 7/10



Contact this candidate