Summary
Overview
Work History
Education
Skills
Websites
Accomplishments
Certification
Languages
Software
Affiliations
Muhammad Sarfraz
References
Timeline
Generic
Muhammad Sarfraz

Muhammad Sarfraz

Fremont,CA

Summary

Over 7 years’ experience in LAN/WAN, Layer2, layer 3, Firewalls routing, switching technologies, systems design, administration and troubleshooting. Very strong experience specialized in network & Wireless Engineer working on Wireless routers, Switches, Palo Alto Firewall, and FortiNet Firewalls

Overview

8
8
years of professional experience
1
1
Certification

Work History

  • Routers: 1700, 1800, 2500, 2600, 2800
  • CISCO High End, 3600, 3800, 7200, 12010
  • CISCO Switches: 1900, 2950, 2960
  • CISCO Campus switches 3550XL, 3548, 4984 Core Catalyst 4503, 4507 RE, Catalyst F5 load balancer, Juniper ISG/SRX
  • Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, FortiGATE, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, PF Sense, Palo Alto
  • Layer 2 technology: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST
  • Layer 3 Switching: CEF, MLS, Ether Channel
  • FortiManager
  • FortiAnalyzer
  • Improved network efficiency by designing and implementing optimal routing configurations.

Sr. Network and Wireless Engineer/Admin

MUFG
02.2022 - 09.2022
  • Document, maintain, and implement standards, policies, and procedures within security disciplines that may include vulnerability management, forensics, host and network-based intrusion detection, anti-virus/malware management, or data loss prevention
  • Managed and troubleshoot Aruba access points wireless devices
  • Aruba VPN, customer public and private wireless networks
  • Configured VMware NSX and administration
  • Implementing edge routers, Access policy on the distributed networks
  • Conduct analysis, and correlation across a wide variety of source data to identify and prevent compromise of SiTime networks, host systems, and data
  • Drive Avaya Legacy/IP Office CTI Integration with Avaya Customer Relationship Mgmt
  • CRM and Avaya Dialer
  • Integrating Screen Pop, Softphone, desk top phone, Video Conferencing IM, and Lync
  • Accessing Avaya IP Office Switch Extracting Call Routing, Dial Plan, Incoming/Outgoing Trunks, etc
  • In preparation for the migration
  • Revitalized, established, maintained and ensured adherence to security, and remote access policies (CISCO ASA, Fortinet Firewall)
  • Fortinet Firewall administration, configuration of FortiGate 3000, 3815 series as per network diagram
  • Configured Group Policy Mappings from Firewall Groups to Active Directory Groups on Fortinet and Meraki Firewalls
  • Creating Security policies and rules in Fortinet firewalls used as egress filtering firewall in the enterprise network environment
  • Deployed and managed Microsoft based PKI solution that can issue
  • Worked closely with management for the enforcement of network security plan in order to provide confidentiality, integrity and availability of data and information systems in accordance with security policy
  • Designed, configured, and troubleshoot computer hardware, networking software and operating system software
  • Installed, configured and troubleshoot 3800 series Router, WLC, IPS, switches, VPN concentrator 3000, VoIP and Cisco 1100 series access points
  • I have been inspecting the configuration of the firewalls to ensure they are configured correctly to enforce their corporate policies and the Agile framework
  • Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet
  • In-depth knowledge on Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, NTP, DHCP, DNS
  • Planning and Implementation of Subnetting, VLSM to conserve IP addresses
  • Support of enterprise level multi-instance Sonicwall firewalls worldwide consisting of Confidential, JunOS and Checkpoint firewalls and routers
  • Responsibilities for security policy design, switching, routing
  • Augmenting the Avaya VoIP infrastructure to accommodate a new Cisco Suite
  • SOC on-call integration and automation with cyber security tools of F5 WAF, Cloudflare WAF, PaloAlto firewall, Splunk SIEM, Dark Trace, InsightUBA, Reliaquest, Carbon Black, ProofPoint, ESET, PRTG, VictorOps, and JIRA
  • Performed moves, adds and changes for Avaya phone systems, patch panels and data racks, Trouble shoot T-1 s and phone systems installations
  • Deployed leaf and spine network on CISCO and Arista Switches
  • Designing and implementing services using Cisco, Arista, Dell and Fortigate equipment (HA, VPN, firewalls, EVPN etc.)
  • Design and Implements and Troubleshoot h323 Point to Point trunking between CUCM Clusters and Avaya IP Office Contact Center with an outside vendor
  • Worked on setting up the Network of the Great Big Story office 5TH floor at 104 5TH Ave which involved configuration of Confidential and Arista switches, Routers and wireless access points
  • Worked on setting up the Network for Bleacher Report office which involved configuration of Confidential router, switches, wireless access points and Firewall rules
  • Managed and maintained various web content filtering solutions including Web Sense and Blue Coat
  • Responsible for testing, fielding, integration, and demonstration of Air Traffic Control Systems for FAA WJHTC and the National Aerospace System En-Route Centers
  • Analyze network traffic and host data to identify anomalous activity and potential threats to SiTime resources
  • Establish alerting thresholds/triggers, analyze alerts from various sources within the company, and determine possible causes and effects on SiTime systems and data
  • Validate intrusion detection system (IDS) alerts against network traffic and host data sources using to root out false positives
  • Configure Cisco Meraki switches and help set it as core switches for new SiTime offices in Europe and Asia locations after shipping them
  • Configured WAN connections with Meraki and Palo Alto SD-WAN
  • Work on Palo Alto Prisma Access and Prisma Cloud deployments
  • Provisioned Prisma Cloud
  • Good Experience in performing wireless site surveys using Air Magnet software

Sr. Network Admin/Engineer

Verizon
08.2019 - 02.2022
  • Experienced on Juniper (JunOS & NetscreenOS) to Cisco Firewalls migrations/Rule conversion
  • Palo Alto user-identification implementation with KIWI servers user Palo Alto user-id agents
  • Palo Alto integration with VMware Virtual Desktop infrastructure
  • Palo Alto upgradation and degradation
  • This includes implementation of all IT related requirements for new Client process and manage existing client processes
  • Planning and migration of application servers from Physical environment to Hyper-V infrastructure
  • Lead the efforts for troubleshooting and resolving any Server, OS, applications related issues
  • Manage the IBM Blade center enclosures, Cisco UCS servers, Dell PowerEdge servers, Hyper-V infrastructure
  • Manage all the infrastructure Servers including AD, DNS, DHCP, File and print, Antivirus, WSUS, Application servers, etc
  • Administer Active directory, GPOs with Windows Admin Tools, RSAT, etc
  • Responsible for addressing all issues on core nodes (MSS, MGW, SGSN, MME, CPG, MSPand IMS) related to performance, capacity and QOS and provide sustainable technical solutions through engineering and/or tools for AT&T
  • Envision and drove Cisco's SD-WAN (IWAN) and VPN for Enterprise and MSP networks
  • Provide support for Server hardware and to keep over 99% uptime for critical servers
  • Responsible for providing installation (racking) services for all network and servers hardware at the data centers per established standards
  • Work with different internal offshore IT teams to support the IT operations that run 24X7 basis
  • Work with Clients’ IT teams for all ongoing requirements and implementations
  • Involved in migration of on-premise servers to AWS EC2 cloud servers
  • Utilized AWS: EC2, Glacier, S3, Route 53, IAM, VPC and Cloud Watch
  • Creating & Maintaining EC2 Instances, EBS volume
  • Creating customized AMI with specific packages, Backup Management, Security Groups Management, AWS Storage Management (S3, EBS, and Glacier)
  • Auditing and review of the rules in security policies in multi-vendor firewall environment like Checkpoint, Fortinet and Palo Alto
  • Corporate firewall management and support including site-to-site IPsec VPN and remote SSL VPN architecture design and implementation on Fortinet systems
  • Revitalized, established, maintained and ensured adherence to security, and remote access policies (CISCO ASA, Fortinet Firewall)
  • Working with Network Architects in setting up network as requested by business
  • Participate in IT audits for ISO 27001, 9001 compliances
  • Vulnerability Assessment & Implementing Security Policies
  • Disaster recovery planning and implementation
  • F5 configuration, installation and monitoring with F5 APM
  • Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama
  • Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
  • Configured 2960, 3560, 3750 and 4507 switches to add VLANs for wireless project, and QoS protocols for MPLS
  • Accessed Cisco Prime NCS/WCS and 5508 series Wireless Controller to manage wireless networks
  • Deployed Arista network equipment's like 7508, 7304, spine switches 7280, VXLAN, LANZ
  • Tested/Integrated different protocols - VoIP, TDM (H.323/SIP/ISDN); Network Services
  • SME (subject matter expert) with Palo Firewalls, Panorama management software, and networks that attached to them to give advice to the network and security teams on different procedures with this documentation being put into a repository
  • Configured routing with EIGRP, static routes and switching with VLANs, VTP, and STP
  • Troubleshooting for Layer 2 LAN technologies but not limited to Ethernet (Switched, FastE, GigE), STP, RSTP, VLANs, Cables, Bridges, VTP, and Trunking (802.1q), port security, routing protocols and Aruba Wireless platform
  • Configuration, troubleshooting of network connectivity and network issues, PuTTy, Infoblox, Switches, Routers, EIRGP, MPLS, LAN, WAN, BGP, UCCE, CUCM, CUC, VoIP Gateway, SIP, H323, Genesys experience
  • Worked on Blue Coat Proxy SG to safeguard web applications (Blacklisting and Whitelisting of web URL) in extremely untrusted environments such as guest Wi-Fi zones
  • Responsible for Branch servers Farms, over 1200 Workstations Windows7, Windows vista, Windows XP, DC, ADC, Active Directory, Group Policies, DNS, DHCP with NAP Policies, WSUS, WDS, SCOM, SSL, IIS 7.0, FTPS, RAID, iSCSI, Disaster Recovery, Backups, and SUSI Linux Application servers and Virtualization
  • Creating DNS Records CNAME, HOST, MX, PTR, SRV and SOA and primary, secondary, DDNS and ZONES, Replication, Configuring Dynamic updates for DNS, Forwards
  • Configuring & managing Network & Security Devices that includes Cisco Routers & Switches, Nexus Switches, Juniper and Palo Alto Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
  • Responsible for all Juniper SRX Sonicwall firewalls consisting of SRX 3560, 1400, 550
  • Using CLI and/or JunOS Space Security Director for management
  • Install, upgrade, troubleshoot, design, etc
  • Implemented l4/l7 services and network Micro segmentation using ASA, Palo alto virtual firewalls and integration with ACI fabric and Arista VXLAN fabric
  • Configuring rules and Maintaining Palo Alto Sonicwall Firewalls & Analysis of firewall logs using various tools
  • Configured Cisco Wireless Access Points 1100, 3600 through Cisco NCS Prime
  • Imported diagrams to create campuses, buildings and to map wireless AP's location
  • Team Lead for Wireless Project
  • Responsible for assigning team members to specified sites
  • Responsible for verifying Change Records, router, switch and DHCP configurations before applying
  • Helped to coordinate cable contractors and wireless team members during installation of cabling, AP installations and calibrations
  • Implementing checkpoint policies with multiple gateways in clusters
  • Configured VLAN trunks with Palo Alto interface
  • Migration from R75.40 to R77.20 to support a large multitude of HP Enterprise Services Corporate Customers
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
  • Provide security consultation as needed for product development and industry marketing solutions
  • Investigate security incidents and recommend actions needed to resolve situations
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
  • Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls
  • Implementing and configuring F5 LTM's for VIP's and Virtual servers as per business needs
  • Responsible for troubleshooting and resolving Firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint, Juniper, Cisco ASA firewalls
  • Experience with troubleshooting WiFi connection issues with Wireshark packet analyzer
  • Skilled knowledge of RIP, EIGRP, BGP and OSPF
  • Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Palo Alto, Checkpoint, IDS/IPS and Juniper Net screen firewalls
  • Configured/ administered/ deployed several Cisco 12000, 10000 and 6500 series
  • Performed Checkpoint Firewall upgrade of 50 Firewalls from R55 to R65
  • Administered Juniper 50, 200, 500, and SSG 520 firewalls
  • ManagingF5 Big IP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
  • Configured F5 Big IP to provide Load Balancing for server farm
  • Implemented and managed SSL VPN using Radius server (Cisco any connect) on ASA 5550
  • Experience working with Cisco 3750, 4948, 2811, 2600, 7200, 6500, 12000, 10000 series switches and routers
  • F5 BIG-IP GTM/LTM, Bluecoat (ProxySG and CAS), Riverbed Steelhead CX/EX/CMC
  • Responsible for Checkpoint and Checkpoint Firewall administration across global networks
  • Implemented ADC F5 LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes
  • Experience with architecture of Symantec DLP Platforms
  • Managed Cisco 5500 Series controller
  • Deployed APs as necessary
  • Configured Cisco 1242 wireless bridges with line-of-site antennas
  • Configured/ administered/ deployed several Cisco 6500 series switches
  • Installing and configuring Citrix NetScaler, F5 LTM and GTM load balancer in Active-Standby mode and Creating Virtual Servers, VIP's and server pools based upon application requirements.

Network Engineer

Orange Business Services Mauritius Ltd
03.2015 - 07.2019
  • Deployed Intelligent WAN (IWAN) in both Hybrid and Dual-ISP branches to provide an increase in bandwidth capacity, security and reliability
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast- Ethernet channel between switches
  • Experience working on administering various AWS Services using AWS Console, AWS CLI
  • Creating dedicated VLANs for Voice & Data with QoS for prioritizing VOICE over DATA
  • Troubleshoot and coordinate the resolution of connectivity related issues
  • Mentored security analysts assisting them with analyzing Snort alerts for the Cisco Firepower appliances
  • Implement and troubleshoot Static NAT, Dynamic NAT, PAT, Spanning Tree Protocols (STP), MSTP, RSTP
  • Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route
  • Providing access to specific IP, Port filter and port access
  • Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches
  • Troubleshoot Fortinet Firewall issues, edited policies and created rules
  • Recommend and design equipment configurations for LAN/WAN/VOIP deployment on Cisco, ADTRAN, Fortinet, F5, and Bluecoat
  • Drive the project for implementing Viptela Software Defined WAN (SDWAN) solutions and reduced Costs on MPLS for every fiscal year
  • Hands-on experience with SDWAN (MPLS/Frame Relay), routers, switches, TCP/IP, routing Protocols (BGP/OSPF), and IP addresses
  • Working experience on the Arista 7150S series, 7160 series, and 7260QX series switches; 7508R routers
  • Worked on the implementation of Infoblox DNS, DHCP, and IPAM (DDI) for the network
  • Real-time Network management and network monitoring using Cisco Works LMS and SolarWinds
  • Hands-on knowledge of AAA protocols such as RADIUS, TACACS+, and Cisco ACS includes Cisco ISE implementation for 802.1x authentication
  • Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the Blue coat proxies
  • Strong experience with Ansible for network configuration automation and management using built-in libraries
  • Hands-on experience with data center technologies that include spine-left, CISCO ACI, And Rasta cloud vision
  • Translating Cisco IOS Route maps to Cisco IOS XR Routing policies
  • Worked on the migration from Cisco ASA to the Palo Alto firewall and the configuration of User-ID, App-IDs, SSL Decryption, URL Filtering, Policies, Zone Protection, High Availability, and Certification Management
  • Worked on the URL filtering and upgradation of the Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0
  • Providing technical support to LAN & WAN systems
  • Involved in troubleshooting of DNS, DHCP and other IP conflict problems
  • Responsible for level 2 support of existing network technologies /services& integration of new network technologies / services
  • Configured VSS on Cisco Catalyst 6509 switches to have redundancy
  • Worked on T1/ E1/T3 technologies and different LAN & WAN technologies.

Education

CCNA Certified -

Online 728
Elk River, MN
03.2013

English - Computer Networking

Cabrillo College
Aptos, CA
07.2010

High School Diploma -

Four Words Foreign Country
Peshawar, KPK
04.2000

Skills

  • 10000 series switches
  • FortiNet Firewall, FortiGate,
  • FortiNet Devices, FoftiManager, FortiAnalyzer
  • Planning, Designing & implementing various solutions in distributed environment using Checkpoint, Palo Alto, Cisco PIX & ASA, and Cisco Routers
  • Experienced in handling and installing Checkpoint and Juniper Firewalls
  • Skilled knowledge of RIP, EIGRP, BGP and OSPF
  • Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls
  • Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series
  • Knowledge in Documenting and preparing the Process related Operational Manuals
  • Good knowledge in LAN/WAN Technologies like TFTP, HSRP, VRRP, ACL, NAT/PAT, IPsec and VPNs
  • Security / Firewalls: Cisco ASA Firewalls, IPSEC & SSL VPNs, IPS/IDS, DMZ Setup, Cisco NAC, ACL, IOS Firewall features, checkpoint
  • Juniper: EX-2200, EX-4200, EX-4500, MX-480, M Series, SRX210, SRX240
  • Scripting Languages

Accomplishments

  • Creation of Firewall policies as per the requirements on Palo Alto, Checkpoint, ASA, FWSM, Firewalls
  • Strong working familiarity with Cisco ISE with hands-on experience configuring Cisco routers, switches, wireless
  • Efficient and Expert in EIGRP, OSPF, with knowledge on MPLS, BGP (including configuration and troubleshooting)
  • Expertise in handling and installing Palo Alto Firewalls
  • Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis
  • Installation, configuration and maintenance of Checkpoint, Cisco, Palo Alto, Juniper, Fortinet Firewalls
  • Worked on Multi-vendor platform with checkpoint, Fortinet and Cisco firewalls requesting net flow for security compliance, coding, and pushing firewall rules after approval and troubleshoot incidents as required
  • Hands on experience in Integrating VMware NSX Palo Alto Firewalls
  • Configuring, Administering and troubleshooting the Checkpoint and ASA firewall
  • Experiences in migration from multiple vendors to the Palo Alto firewalls
  • Knowledge in Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505
  • Switching tasks include VTP, ISL/ 802.1q, IP sec and, VLANs, Ether Channel, Trunking, GRE Tunneling, Port Security, STP and RSTP
  • Involved in troubleshooting of DNS, DHCP and other IP conflict problems
  • Experience in troubleshooting NAT configurations, Access-Lists (ACL), and DNS/DHCP related issues within LAN Network
  • Extensive work experience in VOIP technologies on H323, MGCP, SIP, administrating and troubleshooting of Cisco CUCM, Unity, Meeting Place Express and Voice Gateway
  • Experience working with Cisco 3750, 4948, 2811, 2600, 7200, 6500, 12000, Cisco IOS and Cisco CatOS configuration and backups, Uploading and download IOS and CatOS using XModem, TFTP and FTP protocols
  • Involved in configuration of OSPF Summarization (Summarizing internal and external routes)
  • Scalability of OSPF by Filtering of Intra, Inter and External OSPF routes
  • Used various BGP Attributes and various Route-filters such as named Access-lists, Prefix lists, Route-maps to permit or deny routes and to change various attribute
  • Experienced in implementation and troubleshooting knowledge of protocols and technologies, especially in the following: BGP4, OSPF, IPv4, and Ethernet
  • Creating Network Design in MS-Visio for new servers, application to be placed into multiple Datacenter.

Certification

CCNA,CCNP

Languages

Pushto
Native or Bilingual
Urdu
Full Professional
English
Professional Working
Hindi
Full Professional

Software

Fortinet Firewall

Affiliations

  • Firewall

Muhammad Sarfraz

Network Security Engineer

References

References available upon request.

Timeline

Sr. Network and Wireless Engineer/Admin

MUFG
02.2022 - 09.2022

Sr. Network Admin/Engineer

Verizon
08.2019 - 02.2022

Network Engineer

Orange Business Services Mauritius Ltd
03.2015 - 07.2019

CCNA Certified -

Online 728

English - Computer Networking

Cabrillo College

High School Diploma -

Four Words Foreign Country

Similar Profiles

CREATE PROFILE
Muhammad Sarfraz