Senior Network Engineer - Fortinet & Cisco
Resume:
Prabhavati Rajnala
Senior Network Engineer
Professional Summary:
Network Engineer with troubleshooting, implementing, optimizing, and maintaining enterprise data network and service provider systems.
I have hands-on experience designing, setting up, and supporting large-scale data center networks, firewall environments, and platforms that integrate with the cloud.
Specialized in Fortinet technologies including FortiGate, Forti Manager, Forti Analyzer, Forti Switch, and SD-WAN, with proven expertise in managing Cisco Catalyst/Nexus switches, ASR/ISR routers, Meraki networks, and enterprise LAN/WAN architectures.
Extensive backgrounsd in data center migrations, production network operations, and multi-vendor integration across on-prem and virtualized ecosystems including VMware, Windows Server, and Linux.
Proven expertise in managing Cisco Nexus (2K–9K), Catalyst 9K series, ISR routers, ASA and Firepower firewalls, and Cisco UCS servers
I am a reliable team leader and subject matter expert in network security, infrastructure hardening, and performance tuning, with a strong history of successfully delivering complex projects for major clients like Dish Technologies, BlackRock, and The Huntington National Bank.
Adept at diagnosing and resolving critical service disruptions, implementing scalable network solutions, and collaborating with cross-functional teams to enhance operational efficiency and security posture. I am skilled in BGP, OSPF, STP, EtherChannel, 802.1x, AAA/TACACS+, and IP addressing design.
I am skilled in implementing network automation with Python, Ansible, and modern CI/CD pipelines to enhance operational efficiency and compliance.
Strong hands-on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, ASA Firewall (5505/5510), Load Balancers F5 LTM/GTM, Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA-2k, PA-3K and PA-5K).
Strong direct experiences Cisco Routers 4300, 4400, 4500, 2900, 3800, Switches 3850, 4500, 9300, 9400, 9500, 6500, 6800 series.
Extensive expertise in routing, switching, and firewall technologies, including configuration, deployment, and optimization across multi-vendor platforms (Cisco, Juniper, Arista, Fortinet, Palo Alto).
Hands-on experience with security policy management, firewall rule configurations, and ensuring network security compliance across various platforms.
Proficient in designing and deploying Layer 2/3 network infrastructures using Cisco, Juniper, Arista, and HP Aruba platforms. Hands-on experience with routing protocols (OSPF, BGP, EIGRP, IS-IS) and switching technologies (VLANs, STP, EtherChannel). Skilled in high availability, QoS, and traffic engineering for enterprise networks
Experienced Senior Network and Security Engineer with deep expertise in architecting and securing enterprise-grade networks across hybrid and multi-cloud environments. Specialized in next-generation firewalls (Palo Alto, Fortinet), Zero Trust security with Zscaler (ZIA, ZPA), SD-WAN (Prisma, Viptela), and cloud-native security (Azure Firewall, AWS Transit Gateway). Proficient in advanced routing and data center networking (BGP, OSPF, EVPN-VXLAN), infrastructure automation using Ansible and Python, and network observability with Cisco ThousandEyes, Splunk, and AppDynamics. Skilled in deploying high-availability designs using Cisco ACI, Arista CVP, and integrating SASE solutions with identity-aware access controls for scalable, resilient, and secure infrastructure. Specialized in Fortinet technologies including FortiGate, Forti Manager, Forti Analyzer, Forti Switch, and SD-WAN
Hands-on experience with network automation using Python, Ansible, REST APIs, and Terraform. Skilled in automating configuration management, compliance auditing, and network provisioning. Experience in developing automation workflows for Cisco, Palo Alto, and cloud network environments to reduce manual errors and improve operational efficiency.
Implemented 802.1X port-based authentication using Aruba ClearPass Policy Manager, integrated with Microsoft Active Directory and RADIUS to control user and device access dynamically.
Proficient in configuring Cisco ASA and Palo Alto Networks Panorama firewalls, managing IPsec VPNs and SSL VPNs for secure communications across corporate networks.
Managed VPN tunnels for business continuity plans (BCP) and disaster recovery between primary and secondary data centers.
Worked with compliance teams to ensure SOX and PCI-DSS alignment of firewall policies and audit logs.
Extensive hands-on experience utilizing Arista Cloud Vision Portal (CVP) for centralized network management, automated provisioning, and real-time network visibility.
Developed ClearPass enforcement policies and service rules to support MAC Authentication Bypass (MAB), guest access, and BYOD registration workflows.
I am skilled in network configuration and optimization techniques, including IPsec setups, routing protocols, firewall rules, load balancing, and policy management for scalable and secure network environments.
Routers
Cisco ISR, Fortinet FortiGate, VMware SD-WAN, Juniper Networks (Juniper SRX Series, vSRX (virtual SRX), and NFX Series), HPE/Aruba Networks Aruba EdgeConnect appliances, Silver Peak Unity EdgeConnect platform, VMware VeloCloud, Cisco Viptela SD-WAN, Aryaka, Cisco ISR 4000 Series, 1000 Series, 900 Series, 800 Series, Catalyst 8300 Series Edge Platforms, ASR 1000 Series, ASR 1013 Router, ASR 901 Series, ASR 9000 Series, 1013 Router. Juniper MX304, MX10008, MX10004, SDN-enabled MX10003, SDN-enabled MX2020
Routing Fundamentals and Protocols
Routed and Routing protocols RIP, EIGRP, IS-IS, OSPF, BGP, IPX; MPLS, IPv4, and IPv6 addressing, subnetting, VLSM, Static routing, ICMP, ARP, HSRP, VRRP, Route Filtering, Multicast, 802.11, Policy-Based Routing, Redistribution, Port forwarding.
Switch Platforms
Cisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000, 9000; CISCO Nexus series 2K, 5K, 3K, 7K, and 9K; Arista Cloud Switches 7500R, 7516R, 7308X, 7800R3.
Switching Fundamentals and Protocols
Ethernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, Multicast, RSTP, Multi-Layer Switching, 802.1Q, EtherChannel, PAGP, LACP, CDP, HDLC, RARP.
Firewall Platforms
Palo Alto Networks (PA series 2K, 3K, 5K, and 7K) with panorama 8.0, 9.0, 10.0 WAF Checkpoint (NGX R65, 3100, 5100, 5900, R81.20), Cisco Firewalls (ASA 5505, 5506-X, 5585, and Firepower (1000, 2100, 4100, 9300)),
Security Protocols
Standard and Extended ACLs, IPsec, VPN, Port-security, SSH, SSL, IKE, AAA, Prefix-lists, Zone-Based Firewalls, NAT/PAT, HIPAA standards, Ingress & Egress Firewall Design, Content Filtering, Load Balancing, IDS/IPS, URL Filtering, L2F, IDS, TCP Intercept, Router Security, SNMP trap.
Network Management and Monitoring
ServiceNow, Wireshark, Infoblox, Cisco Prime, Splunk, Security Device Manager (SDM), Cisco Works, TCP Dump and Sniffer, SolarWinds Net Flow Traffic Analyzer, NetScout, Network Performance Monitor (NPM), Network Configuration Manager (NCM), SAM, IP Address Manager, Additional Polling Engine.
Load Balancers
F5 (BIG-IP) LTM 2000, 3900Viprion, Cisco ACE, Citrix NetScaler
Other Networking Protocols and Fundamentals
DHCP and DNS server, Active Directory Management, NTP, NDP, TCP, UDP, FCP, Network Implementation, Troubleshooting techniques, NHRP, NetBIOS, NFS, FTP, TFTP, HTTP, PAP, PPTP, SIP Trunking, SNMP logging, SMTP, RADIUS and TACACS+, PBX servers, SDN, SAN.
Operating Systems
Windows 10/7/XP, MAC OS, Windows Server, Nexus OS, Cisco IOS XR, Linux, UNIX, Cumulus.
Wireless Technologies
Canopy Wireless Devices, D-Link Point-to-point Wireless, D-Link APs, CISCO 1200 series APs, Clear pass wireless and APs, Cisco Meraki, Linksys Wireless/Wi-Fi Routers, Prime Infrastructure, Ekahau, Air Magnet, AirWatch and WLC’s (8510, 5508, 5706), Cisco Aironet AP’s (2600, 3600, 3700), ISE, MSE, Aruba 225, Aruba 3000 controller & Airwave, Clear Pass 6.0,6.2,6.5
Scripting
Shell Scripting, Python, Node-Red, and Ansible
Education:
Masters in Computer Science University of central Missouri
Certifications:
CCNA - Cisco Certified Network Associate
PNCSE – Palo Alto Network Certified Security Engineer
CCNP- Cisco Certified Network Professional
Professional Experience:
Client: CenterPoint Energy, Remote July 2023 - Present
Role: Senior Cloud Network Engineer (Palo Alto, AWS, Azure, Arista)
Project Description: CenterPoint Energy, Inc. is an American electric and natural gas utility serving and lead the nation in delivering energy, service and value drives our strategy and performance. Handling and track record of SD-WAN deployment large-scale data center networks, with hands-on experience in routing and Firewalls.
Responsibilities:
Design, planning, and execution of the migration from Cisco Viptela SD-WAN to Cisco Meraki SD-WAN/SASE, ensuring a seamless transition with minimal downtime.
Automated Aviatrix Controller and Gateway deployments using Terraform and Python-based scripting, reducing setup time by 70%.
Configured Zscaler Private Access (ZPA) to enable zero-trust access to internal applications without a traditional VPN.
Integrated cloud firewalls, web gateways, CASB, and SD-WAN platforms with Prisma Access and Zscaler.
Designed, deployed, and optimized cloud networking solutions across AWS, GCP, and Azure, ensuring high availability, security, and performance.
Configured Aviatrix High-Performance Encryption (HPE) for secure data transfer with 2–5 Gbps per tunnel performance.
Configured and optimized Aviatrix Transit, Edge, and Spoke gateways across AWS, Azure, and GCP.
Developed scalable operational procedures for managing Aviatrix-based multi-cloud network environments.
Expertise in AWS networking services including VPC, Transit Gateway, Direct Connect, Route 53, Private Link, ELB/ALB/NLB, and Security Groups/NACLs.
Utilized Viptela vEdge routers to establish secure and scalable SD-WAN fabric, ensuring seamless connectivity across distributed sites and enhancing network resilience.
Performed risk evaluations and compliance audits to verify that ZTNA is in accordance with NIST, CIS, and Zero Trust security frameworks.
Utilized Aviatrix CoPilot and native cloud monitoring tools to analyze network performance, detect anomalies, and optimize traffic flows.
Maintained IaC pipelines with Terraform and Jenkins to automate the provisioning of cloud infrastructure across AWS and Azure.
Configured BGP on Cisco ASR 9000 Series routers to manage inter-domain routing with multiple ISPs, implementing route filtering, traffic engineering, and failover mechanisms to optimize path selection and ensure high availability.
Deployed and managed Fortinet SD-WAN across 30+ remote retail sites, improving application performance and reducing MPLS dependency.
Deployed Zscaler Internet Access (ZIA) for secure internet breakout and SSL inspection of user traffic.
Installed and configured ExtraHop Reveal(x) to monitor real-time L2–L7 traffic and detect lateral threats across the data center fabric.
Integrated ExtraHop with SPAN ports and TAPs on Cisco Nexus switches to ensure east-west traffic visibility.
Configured FortiGate firewalls with advanced NAT, policy-based routing, and web filtering for secure e-commerce and retail infrastructure.
Designed L2/L3 segmentation using VLANs, VRFs, and Port Channels, optimizing multi-tenant service delivery.
Provided hands-on support for Windows Server 2019 and Red Hat Linux systems hosted on UCS/VMware stacks.
Utilized NetFlow and SNMP tools to monitor bandwidth, latency, and traffic anomalies, resolving 95% of alerts proactively.
Established centralized SNMP logging and monitoring using PRTG and Forti Manager, supporting real-time visibility across 100+ locations.
Partnered with infrastructure, broadcast engineering, and cybersecurity teams to build resilient, compliant network designs tailored for OTT streaming and 5G edge requirements.
Used ExtraHop Reveal(x) to analyze real-time traffic patterns and support threat detection for streaming workloads.
Integrated ExtraHop into Dish’s edge data centers with support for multi-gig throughput and fabric visibility.
Integrated Zscaler with IdPs like Okta and Azure AD to enforce conditional access policies and MFA.
Designed and implemented FortiGate NGFW policies, including DMZ segmentation and multi-VDOMs for state and enterprise clients.
Leveraged CSPM tools (Prisma Cloud, Azure Defender, AWS Security Hub) to audit and enforce security baselines across cloud assets.
Implemented SAML/OAuth/OpenID authentication between cloud apps and IdPs to secure access with federated identity.
efforts related to cloud security breaches, utilizing tools like Cortex XDR, Zscaler, and native CSP logs.
Configured IPSec and SSL VPNs, NAT, and HA firewalls to maintain connectivity and business continuity.
Coordinated Change Control Board (CCB) meetings and presented change scripts and rollback plans for firewall rule updates.
Deployed and configured Palo Alto NGFWs (PAN-OS 11.x) with User-ID, App-ID, and integrated Prisma SD-WAN and Panorama.
Integrated ClearPass with Palo Alto Next-Gen Firewalls for role-based segmentation and user visibility via Syslog/SIEM.
Deployed Cisco FEX (N2K) and optimized Nexus leaf-spine architecture for scalable data center designs.
Configured VLANs, STP (RSTP/MST), HSRP, and port security across Cisco Catalyst 9300/9500 switches.
Designed and managed site-to-site IPSec VPNs, SSL remote access VPNs, and cloud connectivity tunnels.
Integrated Cisco Stealth watch for flow analytics, threat detection, and incident investigation.
Deployed and enforced Cisco ISE 3.x for 802.1X, posture validation, and TrustSec segmentation.
Monitored and optimized Juniper Mist wireless deployments, using AI-driven tools to resolve Wi-Fi issues.
Integrated Zscaler, Cisco Umbrella, and Cloud Onramp for SaaS with SD-WAN for secure cloud access.
Configured Cisco ISR/ASR routers, IOS-XE, and implemented QoS, ACLs, NAT, and policy-based routing.
Led firewall migrations and deployments (Cisco ASA, Palo Alto, FortiGate), managing ACLs, NAT, VPNs, and threat policies.
Managed management processes, including security policy updates, access configurations, and network adjustments to meet evolving organizational needs.
SolarWinds, PRTG, and Splunk used for network monitoring, alerting, and syslog analysis.
Client: Natixis North America LLC, New York, NY December 2022 – July 2023
Role: Senior Network Engineer
Project Description: Natixis Corporate & Investment institutional investors, insurers, banks, and public-sector organizations across the Americas. Configuration and management of Gateways, Groups, user accounts, access control policies, user accounts, threat prevention policies, VPN tunneling, and High Availability. Responsible for the implementation of Cisco Meraki wireless solutions and the deployment of wireless access points.
Responsibilities:
Designed and managed data center consolidation projects utilizing Cisco Nexus 7000/9000 Series switches and Palo Alto PA-3000/5000 Series firewalls, ensuring optimized infrastructure performance and enhanced security.
Spearheaded Nexus 5000/7000 deployment across two data centers for HA and disaster recovery design.
Implemented and maintained Fortinet firewall clusters with active-passive failover for critical banking applications.
Conducted firmware upgrades and hotfix rollouts on Cisco switching/routing platforms with zero unplanned downtime.
Created detailed Visio network diagrams, rack layouts, and IP address plans for data center facilities.
Developed secure connectivity for virtual desktop infrastructure (VDI) using ASA firewalls and remote access VPNs.
Installed Aruba 3810M & 2930F switches, configured VLAN trunking, private VLANs, and DHCP snooping for enhanced edge security.
Performed security hardening of voice and data VLANs using port security, BPDU guard, and MAC ACLs.
Collaborated with security teams to analyze packet-level traffic and evaluate NDR tools like ExtraHop and NetScout for enterprise deployment.
Integrated FortiGate with Azure AD SAML authentication for seamless secure access control.
Supported cross-functional teams in troubleshooting complex latency issues across VMware, UCS, and network stacks.
Designed branch LAN infrastructure using Cisco 3750x and Forti Switch, applying DACLs and 802.1Q trunking.
Worked with security teams to implement ClearPass with RADIUS authentication, enabling adaptive access policies based on user roles and device profiling.
Deployed FortiGate SD-WAN to reduce MPLS costs across 300+ bank branches with real-time failover and WAN optimization policies.
Enhanced remote branch uptime by deploying SD-WAN appliances with link health monitoring and FEC.
Configured and maintained Palo Alto Firewalls (PAN-OS 8.x/9.x) with Panorama, enabling centralized management, security policy enforcement, and unified threat protection.
Configured FortiClient EMS for endpoint security posture validation and integrated with FortiGate firewalls for dynamic policy enforcement.
Deployed DHCP relay and VRRP configurations for high-availability IP assignment across subnets.
Supported 24/7 call center networking operations by maintaining redundant WAN paths and QoS policies for VoIP traffic.
Implemented F5 BIG-IP LTM for Layer 4–7 load balancing, SSL offloading, and application acceleration across enterprise applications.
Partnered with the security team to patch vulnerabilities across Fortinet, Cisco, and Meraki infrastructures.
Deployed Cisco ACI (Application Centric Infrastructure) for software-defined networking in the data center, improving policy-based automation and scalability.
Applied AAA/TACACS+ authentication for all network device logins, with policy auditing and alerts via Forti Analyzer.
Client: Oncor, Dallas, TX September 2021 – November 2022
Role: Senior Network Engineer / F5 Load Balancer Engineer
Responsibilities:
Implemented, configured, and troubleshot various routing protocols including RIP v2, EIGRP, OSPFv2, and BGP (iBGP/eBGP) across enterprise and service provider networks.
Deployed high-performance FortiGate firewalls (600E) in active-active clusters across North America and APAC data centers.
Managed and configured Cisco routers (ISR 1900/2900) and switches (2950, 2960, 3750) for LAN/WAN environments, ensuring network reliability, uptime, and performance.
Managed complex Layer 3 routers with Cisco Nexus, FortiGate, and ASR 1001-X routers for BGP/MPLS backbones.
Monitored and optimized VMware ESXi network paths via UCS and Nexus uplinks, enhancing I/O efficiency.
Managed global trading platform backbone network built on Cisco Nexus 7000/9000, ensuring sub-millisecond latency.
Contributed to DR drills and failover testing involving UCS, VMware clusters, and Nexus data center infrastructure.
Designed NAC policies in ClearPass, integrating with global identity platforms and enforcing BYOD restrictions, remediation workflows, and MAC-based filtering.
Implemented advanced routing using BGP route reflectors and policy-based routing (PBR) for WAN traffic shaping.
Performed end-to-end firewall configuration reviews and upgrades for mission-critical production zones.
Oversaw Aruba switch upgrades during data center refreshes with BGP/OSPF redistribution, loop guard, and port ACLs for inter-tenant segmentation.
Configured Meraki MX series devices for guest networks and global VPN mesh deployment.
Led the migration from Cisco Aironet wireless to Aruba Wireless solutions, enhancing coverage, user capacity, and simplifying management with Airwave.
Developed and reviewed detailed SOPs for incident handling, change management, and security event escalation.
Conducted quarterly access reviews and privilege audits for Forti Manager/Forti Analyzer user roles.
Configured and implemented HSRP and VRRP for gateway redundancy, ensuring high availability and seamless failover.
Worked with Cisco Nexus 2K/5K/7K switches, deploying vPC, FEX, and managing data center interconnects.
Strong hands-on experience with Cisco 1921/K9, 1800 series routers, and 2950, 2960, 3750 switches, including VLANs, trunking, and STP configuration.
Client Syntel, Remote June 2018 - July 2021
Role Technical Support Engineer
Responsibilities:
Configured and maintained HSRP (Hot Standby Router Protocol) on Cisco 2600, 2800, and 3600 routers for gateway redundancy and high availability.
Provided Tier 2/3 support for FortiGate, Cisco ISR, and Meraki MX platforms in an MSP environment.
Implemented load balancing and failover techniques in routing and switching environments to improve application and service availability.
Designed and documented network topologies and device configurations using Visio, supporting clear infrastructure planning and change control.
Deployed FortiClient EMS for endpoint visibility and enforced network access policies based on compliance posture.
Participated in the rollout of Forti Switch and NAC integration across multi-client enterprise campuses.
Provided technical guidance and support to junior Network Engineers, assisting with router/switch configuration and troubleshooting tasks.
Created and updated comprehensive network documentation, including IP address management, routing protocols, and cabling schematics.
Configured and troubleshot RIP, EIGRP, and OSPF routing protocols across Cisco router platforms in enterprise LAN/WAN environments.
Configured RIP and EIGRP on Cisco 2600, 2900, and 3600 routers to enable dynamic routing and route summarization.
Contact this candidate