Location: Remote (Some of the sites are based in Europe, and there might be some early meetings to accommodate everyone's schedules)
Target 17-20+ yrs of consultant
Tasks & Requirements
- Discover and discuss requirements for traffic flow and segmentation
- Knowledge of BGP routing
- Service Graph integration with ACI device groups NGFW firewalls
- Create templates and device groups in Panorama
- Create NAT rules and security to meet AB requirements
- Configure NAT rules
- Configure security rules
- Knowledge of migrating traditional protocol and port security rules to APP-ID based security rules.
- Create objects for custom APP-IDs and configure security policy rules using APP-ID
- Troubleshooting of rules for application functionality
- Create security profiles such as Vulnerability Protection, Antivirus, URL Filtering, Anti Spyware, Anti Malware, File-Blocking, etc
- Configure Site-to-Site IPSec VPN Tunnels as per AB requirements
- Configure User ID integration for security rules as per AB requirements
- Knowledge of SSL certificates for firewall functions such as SSL decryption and Global Protect remote access
- Run pre-test to verify requirements
- Configurations will be backed up
- Update As-Built documentation
Required Qualifications
The resource needs to have experience in administrating Palo Alto firewalls and Cisco Firepower VPN gateways in complex environments. Some of the things to look for:
- Advanced Palo Alto troubleshooting
- Advanced AnyConnect VPN troubleshooting.
- Advanced Panorama administration
- BGP routing
- Panorama ACI service graph
- Rule provisioning. Panorama rule scripting a plus
- Experience on Palo Alto Expedition tool.
