Santosh T Email and Phone Number

Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NATrules and policies.design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy). Configured andmaintained IPSEC and SSL VPNs onFirewalls. Successfully installed PA-5000 series firewalls in Data Center asperimeter Firewalls.Experience working on Cisco ASR 9K, Nexus 7k & 9K. Configured and designed OSPF, EIGRP and BGP at Distributionand Core layers. Configured OTV layer 2 connection between Data centers on Nexus.• Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH and Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routingprotocols.•• Managed AD Domain Controller, Servers and configurations.• Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users,802.1X, EAP, PEAP etc.• Juniper ••• Provides expert level security & networking knowledge in the planning, researching, designing, and testing of new technologiesfor perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS, DMZ, and Internet Security in support of established Info Security program initiatives for the next 3 years.• Configured, troubleshot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, software, or hardware problems.• Implemented Citrix Access Gateway & Advance Access Control, web interface into Microsoft Share point portal.• Use Aruba Software to manage and Monitor multi sites wireless networking.• Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solar windsIPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers.

• Installed and maintained production servers for client services (web, DNS, DHCP, mail).• Experienced in working with Palo Alto Next Generation firewall with security, networking, and management features such asURL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.• This includes dual, separate provider Internet access points, and HA configurations of Fortinet Firewalls that utilize Site to SiteVPN technologies for remote access to the core networks at each remote location.• Managed syslog, Solarwinds on various network equipment to monitor, alert, and save network configurations.• Worked with the Network planning team on IP allocation scheme for the routers, switches, workstations, phones, APs andvarious other devices. Used Infoblox, Net MRI, Solarwinds IP monitor and various tools.• Designed perimeter security policy, Implemented Firewall ACL's, allowed access to specified services, Configured Client VPNtechnologies including Cisco's VPN client via IPSEC.• Worked on Autopilot, an Automation tool used for code upgrades & configuring new devices at data centers.• Migration of Palo Alto PA-500, PA-3060, PA-5060, PA-7050, PA-7080 from Cisco PIX and ASA.• Worked on BGP routing protocol, configuring BGP sessions and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960routers and cisco ASR routers.• The systems I am responsible for and are proficient in include: Citrix XenApp 4 to 7.13, Xen desk top 5.6 to 7.x, Xen server 6, Citrix Net scaler VPX200 & 8500 pair, VMware 5.5, Server 2008 & 2012, DNS, DHCP, SNMP, routing protocols(BGP&OSPF), Fortinet Firewalls configuration, trouble shooting and all SSL& IPsec VPN tunnels, FortiClient server, Forti Analyzer 1000D and Multiple Forti manager servers to manage 140 firewalls across 3 states. Other applications include Microsoft AD 2003/2008, Exchange 2010, Microsoft SQL 2005/2008, Cisco switches/routers, also ADP PC Payroll system support.

Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tastefulreplication of traffic between active and standby member.• Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh).• Implementing security solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75,R77.20 Gaia and Provider-1/MDM.• I have developed a seamless failover solution for our remote offices with the Fortinet firewalls for a fraction of the cost of usingCisco. This was at the request of our board, especially after a few rough and stormy years here in the northeast.• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA• Configured & maintained IPSEC and SSL VPN's, implemented Zone Based Firewall and Security Rules on the Palo AltoFirewall. Exposure to wildfire is a feature of Palo Alto.• Administered Cisco AMP endpoint security infrastructure and monitored endpoints for threats.• Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 firewalls.• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000appliances serving as firewalls and URL and application inspection.• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama• Monitoring Traffic and Connections in Checkpoint and ASA Firewall. Provided tier 3 support for Check Point and Cisco ASAFirewalls to support customers, Backup and restore Firewall policies.• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls.• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, ITreference material, and interpret regulations.• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response. Configure and MonitorCisco Sourcefire IPS for alerts.

Create private VLANs, prevent VLAN hopping attacks, mitigate spoofing with snooping & IP source guard.• Installed & configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN.• Worked on Cisco routers 7200, 3700 and Cisco switches 4900, 2900.• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include configuring firewall logging,DMZs, related security policies, monitoring, documentation and change control.• Enabled STP enhancements to speed up network convergence using Port-fast, Uplink-fast and backbone-fast.• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software clientand PIX firewall. Documenting and Log analyzing the Cisco PIX series firewall.• Troubleshooting of DNS, DHCP and other IP conflict problems. Used various sniffing tools like Wire-shark.• Hands on experience working with security issues like applying ACL’s, configuring NAT and VPN.• Troubleshoot problems on a day-to-day basis & provide solution for problems within their Network.• Configured SITE-TO-SITE VPN on Cisco routers between headquarters and branch locations.• Implemented the security architecture for highly complex transport & application architectures addressing well knownvulnerabilities and using access control lists on their core & failover firewalls.• Part of Network Operation Center NOC offshore support team from India supporting HP Data Center 24x7. L2 supportsCisco PIX and ASA Firewalls.• Selected and deployed enterprise UTM firewall (Fortinet) for two primary sites and 20 remote sites.• Perform daily maintenance, troubleshooting, configuration, and installation of all network components.• Assisted in troubleshooting LAN connectivity and hardware issues in the network of 100 hosts.• Troubleshoot and support Cisco Core, Distribution and Access layer routers and switches.• Managed the IP address space using subnets and variable length subnet masks (VLSM).