Hands-On Network Engineering
Resume:
Rehmatullah Zazai
*****************@*****.*** 571-***-**** GC
Professional Summary
Over 10+ years of hands-on experience in Network engineering, designing, integrating, deploying, maintaining, and supporting broad range of communication systems.
Expertise with Installation, configuration and troubleshooting of Cisco Routers (760ef0, 7200, 3800, 3600, 2800, 2600, 1800 series). and Juniper Routers (MX, PTX, ACX, CTP, T4000-series)
Expertise with Installation, configuration, and maintenance of Cisco Switches (6500, 4500, 4900, 3400ME, 3750, 3560, 2960, 1900 series); Nexus 2000, 5000 and 7000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric Path and Juniper EX Switches (2200, 2300, 3300, 4200,4300, 4550, 9200), QFX Switches (5100,5200,10000), OCX1100 series.
Hands on experience in configuration and troubleshooting of Layer 3 protocols (OSPF, EIGRP, BGP and RIP) and Layer 2 features (VLAN, PORT SECURITY [802.1X], STP, RSTP, MST, VTP, Port Security, HSRP, VRRP, GLBP and IGMP).
Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and configure 2k, 3k,7k series Routers.
Strong hands-on experience on Cisco Routing, Switching and Security with Cisco hardware/software.
In-depth knowledge and experience on IP Addressing, Subnetting, VLSM, and ARP, Ping concept. Working knowledge on OSI model, TCP/IP, 802.1q.
Hands on experience with packet sniffer, TCP DUMP and Wire shark for packet monitoring.
Having good experience on Tufin, Firemon and Algosec for firewall optimization purpose
Experience in monitoring, debugging, and resolving Cisco infrastructure issues like routing, Network Hardware/Software failure, configuration, WAN outages, and performance issues.
Sound knowledge of Multicasting (IGMP, PIM), QOS (Queuing, Marking) and MPLS (LDP, L3VPN) and virtual port channel configuration.
Network System Engineer wif experience in Cisco Identity Services Engine (ISE) and DNAC (DNA Center).
Experience in Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480).
Expertise in installing configuring and troubleshooting Juniper Routers (E, J, M and T-series).
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
Knowledge of JUNOS platform and worked with JUNOS upgrade of Juniper devices.
Used multiple network monitoring tools Cisco works, solar winds, Cisco ACS, Cisco NCS, Firemon to troubleshoot network issues for end-users
Expertise in network protocols, Firewalls and Communication Network design.
Hands on experience wif all next generation firewalls Cisco FMC, FTD, Panorama, Palo Alto Firewalls
Advanced knowledge, design, installation, configuration, maintenance and administration of Juniper SRX Firewall, Juniper EX and Juniper MX devices.
Strong troubleshooting skills using Packet capture in Cisco devices and FW monitor and TCP dump in Checkpoint devices and analyzing them in Wire shark.
Working experience with SD-WAN Velo cloud and cisco Viptela Gateways, Orchestrator, and edge devices.
Configuring Velo Devices-SDWAN, tunnels, profiles, routing, Link steering, Business Policy.
Customer migration from traditional MPLS WAN network to SD-WAN velo cloud.
Configured High availability, User ID on Palo Alto firewall.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
Demonstrated experience in developing, implementing, auditing Checkpoint firewall (R77.30) configurations and analyzing, optimizing rule sets.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo Alto rules.
Extensive experience with Check Point and CISCO Security Firewall Configurations and network configurations
Strong TCP/IP understanding. Knowledge of debugging Check Point Firewall.
Installed, Configured and currently maintaining Check Point Firewalls (R76 Gaia, R75.40, R75 and R70) in a Distributed Deployment and High Availability Redundancy Scenario
Implementation and administration of Check Point Firewalls & network Management.
Experience in risk analysis, security policy, rules creation and modification of Cisco ASA networks.
Designed, configured, implemented site-site VPN on Cisco ASA 5500 firewall.
Experience in risk analysis, security policy, rules creation and modification of Cisco ASA networks.
Experience in configuring and Troubleshooting BIG-IP F5 load balancer LTM & GTM.
Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
Certifications
Cisco Certified Entry Networking Technician
Cisco Certified Network Associate
Cisco Certified Network Associate: Routing and Switching
Cisco Certified Specialist - Enterprise Core
EDUCATION
Bachelors in Computer Science, Maiwand Institute of Higher Education, Afghanistan (2014)
TECHNICAL SKILLS
Cisco Catalyst Switches: 2960, 3750, 4500, and 6500 and Nexus 2232, 2248, 5548, 6001, 7018 series
Cisco Routers: Cisco L2 & L3 Switches (1700, 1800, 2500, 2600, 3600, 3800, 7200, and 7600), (2900, 3560, 3750, 4500, 4900, 6500,6800)
LAN Technologies: Ethernet Standards, VLAN, Inter-VLAN, VTP, STP, RSTP, SMTP, Ether Channel, Port Fast, ACL, Lightweight access points
WAN Technologies: Frame relay, (E1/T1/E3/T3) lines, PPP, HDLC.
Routing Protocols: RIP V1/V2, EIGRP, OSPF, BGP, Static Routing, Summarization
Gateway Redundancy: HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP)
Network Security: Cisco ASA, IPSEC, Palo Alto, Fortinet
Network Management Tools: SolarWinds, VPM, Sourcefire, Wireshark, NetFlow Analyzer, Cisco Works, Ethereal Web Proxy/ Socks Proxy: Bluecoat, Infoblox, F5, Tufin, Kerberos, UTM
Applications: MS Office, MS Visio 2010
Operating Systems: Windows (98, 2000, XP, 7)
Load Balancers: Cisco CSM, F5 Networks
Security Server Protocols: TACACS+, RADIUS, DLP, IPS
Virtualization: VMware ESX Cos and Visor, Cisco Nexus 1000v, Hyper-V
Professional Experience
Carnival Cruise- VA July 2024 - Present
Sr. Network Engineer
Responsibilities:
Installing and configuration and troubleshooting of various Cisco switches like 2900 series, 2950 series, 3550 series, Nexus 5000, 7000 & 9000 series.
Worked as a team with other engineers to design, install, implement, and configure ASR 9K Network for interconnectivity, and egress redundancy.
Worked on the Cisco ASR 9010 and Cisco ASR 9912 Routers at CORE level.
Deploying and decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K and its downstream devices and also configure 2k, 3k,7k series Routers.
Routing related tasks included providing Cisco router configuration and change management, providing technical support for Cisco Router configurations and installation for Customer.
Configuring IP RIP, EIGRP, OSPF and BGP. Configuring routing policy for BGP.
Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
Cisco ACS to ISE TACACS migration and access control policies. User access/addition and administration.
Configured & Deployed Cisco ASA firewalls, Next-Gen Firepower Threat Defence (FTD), Firepower Chassis Manager (FCM), Firepower Management Center (FMC), Cisco Security Manager.
Supported wireless networking team with Cisco wireless AP additions and TACACS user migration from Cisco ACS to ISE.
Working with BGP, OSPF protocols in MPLS Cloud.
Experience with partners on installation and configuration problems and issues related to SDN-NFE, DNAC.
Extensively worked on TUFIN secure track to add/import more than 2000 network devices for monitoring.
Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
Establishing VPN Tunnels using IPsec encryption standards and also configuring and implementing site-to-site VPN.
VPN Configuration for Remote client login with IPsec Implementation.
Experienced in monitoring network traffic with Qradar and Firemon tools
Configuring access servers to perform reverse telnet and configuring AAA.
Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
Deployed a highly available Cisco infrastructure based on Cisco DNAC, Cisco ISE, switches, routers, and access points.
Experience in troubleshooting VLAN, STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.
Deployed Sourcefire and FTD and managed them Firesight management center.
Utilized TUFIN firewall reporting tool to remediate idle firewall policies that were leaving the network open to unnecessary vulnerabilities.
Designed VLAN’s and VTP topology, troubleshooting IP addressing issues and Updating IOS images.
Design and implementation of security infrastructure for clients focusing on Firepower and FTD suite of products.
Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
Configuring GLBP, VLAN TRUNKING 802.1Q, STP, Port security on Catalyst 6500 switches.
Involved in L2/L3 Switching technology administration including creating and maintaining VLANs, Port security, TRUNKING, STP, Inter VLAN Routing, LAN security.
Recognized for performance excellence and contributions to success in network design projects. Strength in Cisco ISE and DNAC backed by extensive training in routing/switching.
Performed multiple firewall changes on the PIX, ASA, and Palo Alto firewall based on the requirements and monitored firewall changes using firemon Tool.
Conducted periodic reviews of Checkpoint firewall policies rule base for rules consolidation and cleanup in coordination with stakeholders using Firemon tool.
Created detailed network documentation for LAN, WAN and Wireless environments.
Use Tools such as Tufin secure track for Firewall Policy optimization and rule base Clean up.
Troubleshot various tickets associated to tier 3 LAN, WAN and Wireless issues.
Responsible for wireless configuration, implementation of wireless solutions, and remote troubleshooting
Hands on Experience with Cisco Wireless Controllers 5500's and 2500's and coming to access points, worked on 3700's, 3500's and 1142 access points.
Assistance provided with initial installation and configuration for SDA (ISE, DNAC+Assurance, Stealth watch, APIC-EM and programmability) Assessment for the newly implementing customers.
Working experience with SD-WAN Velo cloud, cisco Viptela, SASE, Gateways, Orchestrator, and edge devices.
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
Configured High availability, User ID on Palo Alto firewall.
Editing and Changing Palo Alto Polices and Monitoring threats on firewalls.
Analyzed traffic pattern and implemented URL filtering using the Palo Alto Firewall
Experience with deployment of Palo Alto firewalls for different NAT, video conferencing traffic
Troubleshooting and configuring Palo Alto FW's 3060 & 5060
Goldman Sachs- CO Apr 2021- June 2024
Sr. Network Engineer
Responsibilities:
Design and implement complete network and device required to connect different networks.
Design, configure, and administer Juniper MX routers, SRX Firewalls, Cisco routers & switches.
Design and configuring of OSPF, BGP on Juniper Router and SRX Firewalls
Configuration and management of network routers (Cisco 6500, 7K; Juniper MX) and switches (Cisco 3850, 3750X, 3750, 3550; Juniper EX).
Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGPV4
Worked on the Cisco ASR 9010 and Cisco ASR 9912 Routers at CORE level.
Managed VPN, IPsec, Endpoint-Security, status policy, and Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning and DLP using ASA Firewalls.
Provide remote support for partners on installation and configuration problems and issues related to SDA, DNAC.
Enabling context-based controls and the ability to filter web content using source fire.
Install and configure Tufin orchestration suite and manage the Tufin tool.
Experience in Cisco switches and routers: IP addressing, WAN configurations, LAN cabling in compliance with CAT6 standards.
Configuration and troubleshooting link state protocols like OSPF in multiple areas.
Configured HSRP and VLAN trunking 802.1Q, VLAN Routing on Catalyst 6500 switches.
Experience in troubleshooting STP (Spanning tree protocol), & Switch Trunk and IP subnet issues.
Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and BGP.
Involved incomplete LAN, WAN, Extranet redesign (including IP address planning, designing, installation, pre configuration of network equipment, testing, and maintenance) in both Campus and Branch networks.
Experience in set up, configuration and management of Cisco ASA Firewall in various domain such as Internet, DMZ, Business-Partner and Remote-Access VPN etc.
Experience with Cisco DNAC, Cloud Networking, SDN, SD-WAN, vManage
Troubleshooting included usage of Fiddler & Wireshark to monitor network and URL traffic. Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
Responsible for Cisco ASA firewall administration, rule analysis & modification
Configured VPN, ACL, and NAT in the Cisco ASA 5550 firewall to allow only authorized users to access the servers of the internal network.
Global wide IOS upgrades for different platforms using Cisco DNAC SWIM.
Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
Involved in the redistribution into OSPF on the core ASA firewall.
Implemented Access Control List (ACL) on inside and outside interfaces of Firewall.
Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
State of Illinois – IL Aug 2017 - March 2021
Network Engineer
Responsibilities:
Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
Hand on experience the configuration and implementation of various Cisco Routers and L2 Switches.
Assisted in troubleshooting LAN connectivity and hardware issues in the network of 500 hosts.
Studied and analyzed client requirements to provide solutions for network design, configuration, administration, and security.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Built site-to-site IPsec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.
Analyzed customer application and bandwidth requirements, ordered hardware and circuits, and built cost effective network solutions to accommodate customer requirements and project scope.
Involved in troubleshooting IP addressing issues and Updating IOS images using TFTP.
Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
Created a backup and recovery policy for software application and verified peripherals are working properly.
Possess good experience in configuring and troubleshooting WAN technologies like MPLS, T1, T3, DS3 and ISDN.
Responsible for implementing QOS parameter on switching configuration.
Involved in Design and Implementation of complex networks related to extranet clients.
Troubleshooting the Network Routing protocols (BGP, EIGRP and OSPF) during the Migrations and new client connections.
Manage operational monitoring of equipment capacity/utilization and evaluate the need for upgrades; develop methods for gathering data needed to monitor hardware, software, and communications network performance.
Troubleshoot problems on a day-to-day basis & provide solution that would fix the problems within their Network.
Monitor performance of network and servers to identify potential problems and bottleneck.
Performed RIP & OSPF routing protocol administration.
Interacted with support services to reduce the downtime on leased lines.
Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000 & 6000 series.
Configured routers and coordinated with LD Carriers and LECs to turn-up new WAN circuits. Configuring, Maintaining the Routers and Switches and Implementation of RIP, EIGRP, OSPF, BGP routing protocols and trouble shooting.
Maintenance and troubleshooting of connectivity problems using Ping, Trace route.
Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issue other responsibilities included documentation and support other teams
Worked towards the key areas of the project to meet SLA’s and to ensure business continuity. Involved in meetings with engineering teams to prepare the configurations according to the requirement.
Creating change tickets according to the scheduled network changes and implementing the changes.
ANT Tech-Afghanistan May 2015 - June 2017
Network Analyst
Responsibilities:
Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
Commissioning and Decommissioning of the MPLS circuits for various field offices.
Preparing feasibility report for various upgrades and installations.
Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS, BGP, EIGRP, OSPF protocols) technical issues.
Providing support to networks containing more than 2000 Cisco devices.
Performing troubleshooting for IOS related bugs by analyzing past history and related notes.
Carrying out documentation for tracking network issue symptoms and large-scale technical escalations.
Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trucking, STP, Inter-Vlan routing, LAN security.
Worked on the security levels with RADIUS, TACACS+.
Configured switches with port security and 802.1 xs for enhancing customer’s security.
Monitored network for optimum traffic distribution and load balancing using Solar winds.
Handled installation of Windows NT Server and Windows NT Workstations.
Handled Tech Support as it relates to LAN & WAN systems.
Configuring and troubleshooting multi-customer network environment.
Involved in network monitoring, alarm notification and acknowledgement.
Implementing new/changing existing data networks for various projects as per the requirement.
Installed and maintained local printer as well as network printers.
Completed service requests (i.e. – IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
Identify, design and implement flexible, responsive, and secure technology services.
Contact this candidate