MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.

I'm not curious

Sr.Network engineer/Palo Alto

Location Crystal Lake, United States
Posted 13-October-2021
Duration : 220 hours
Location : Combo of onsite and remote
T&e paid for by client
Consultant can decide when they go onsite based on work flow
Consultant needs to be vaccinated

There are actually 2 locations where the Palo Alto firewalls will be installed:

McHenry County College
8900 US Hwy 14
Crystal Lake, IL 60012

Shah Center
4100 W Shamrock Ln
McHenry, IL 60050

Palo Alto
Goals and Objectives
The following list describes the agreed to goals and objectives for this project:
New FW Deployment
o FW Migration
Deploy and perform basic configuration of new in-scope PAN FWs and management server
Migrate existing security policies from Legacy Cisco solutions and adapt for use with new solution
Integrate with ClearPass Policy Manager (CPPM) for identity management
Provide (limited) After-Hours support for cutover of new solution to production
Provide 'Day One' first business day support for solution following each cutover
o Remote VPN Setup (Global Protect Configuration)
Assist with architecture, design and planning of client virtual private network (VPN) configuration, including:
- Redundancy
- Integration with CPPM
Setup as external gateway only
Provide pilot test configuration for the in-scope number of the test user end point clients
Tuning, Optimization and Zone creation
o Provide Tuning and Optimization services focused on maximizing the effectiveness of deployed security controls, including:
Refinement of AppID, Threat Prevention, Uniformed Resource Locator (URL) Filtering, Wildfire, and overall security policies
o Setup for Demilitarized Zone (DMZ) segmentation
Establish one (1) additional new interface/VLAN/zone on each new FW instance to allow for DMZ (East/West) segmentation of resources
- With up to five (5) policy rules to establish base line communication with new zone
o Provide (limited) After-Hours support for cutover of changes to production
Secure Sockets Layer (SSL) Decryption
o Work with Client to develop and deploy a proof of concept for deployment of SSL decryption policies, based on Legacy Broadcom policies
Provide informal knowledge transfer throughout the engagement
FF or TM:
Target Start Date (1st,2nd,3rd):
10/04/2021 First Available
Client will provide Client with the below deliverable documents ('Deliverables') electronically in standard Client format.
FW Migration
Project Summary Report
The Project Summary Report provides a formal document that captures the work performed and details of the solutions deployment. The deliverable includes:
Summary of work performed
Update Existing Architecture diagram (if available)
Configuration settings
Dependencies impacting start:

Onsite or Remote:
Onsite - special requirements:

If Onsite - Address:

Expenses allowed (Y/N):
Delivery Outline, if needed:
Environment Review
Validate provided design to verify it meets the project objectives.
Perform a high-level review of the network environments in order to verify that the planned placement of security devices will provide the required functionality.
Understand where traffic is flowing and verify proper visibility into the contents of communications in these environments
Planning Phase
General Discovery and Planning
Review current network diagram as related to the FW's intended deployment. Verify the purchased equipment meets the specifications and requirements of the provided architecture.
Architecture: Develop and plan the system configuration and placement of the FW management system or console.
Network Configuration: Identify, document and review Internet protocol (IP) addresses, subnet masks and routing configurations for each FW hardware and virtual interface.
o New Interface/VLAN/Zone for DMZ (East/West) Segmentation
Work with Client team to identify and review IP addresses, subnet masks and routing configurations for new segmentation zone
Configuration and Policies:
o Work with Client team to review the existing FW rule set to prepare the policy that will be migrated or recreated on the new platform
VPN: Identify requirements for each in-scope Internet Protocol Security (IPsec) VPN tunnel. Gather authentication requirements, such as certificates or shared keys.
SSL Decryption:
o Review certificate requirements and Public Key Infrastructure (PKI) certificate management infrastructure in preparation for deployment of SSL Decryption features. Client will provide feedback on requirements and best practices to allow Client to make changes as required prior to actual rollout.
Global Protect Remote Access: Identify requirements for in-scope remote access groups including authentication systems and user groups to be included in the remote access configuration
CPPM Integration
o Work with Client to plan integration with CPPM for identity management
Planning of Advanced FW Features
Application Layer Filtering: Develop application layer filter configurations for standard/known ports and protocols (DNS, SNMP, SMTP, FTP, etc.) based on in-scope devices
Application Layer Filtering: Conversion of Legacy single port-based rules only
URL Filtering: Develop limited URL filtering configuration based on in-scope profiles
User-ID: Develop default User-ID configuration (Integration with CPPM)
Anti-virus (AV) Filtering: Develop AV filtering configuration.
Advanced Persistent Threat (APT) Filtering: Develop default Wildfire configuration.
Anti-Spyware: Develop default Anti-Spyware Configuration
Vulnerability: Develop default vulnerability profiles
Develop Test and Back-out Plan
Develop a functional test and back-out plan to verify the implementation has been successful or determine issues that drive the back-out strategy.
Note: Client must develop an internal test and acceptance plan to cover all applications
Staging Phase
Stage Hardware and Upgrade Software
Install in scope FW appliances and software according to the Scoping Considerations section
Update in-scope FW appliances and software to the latest stable service packs and hotfixes (as required)
Build Initial Configuration
Apply the developed configuration to the management system and plan for appropriate connectivity and communication between the management system and deployed FW enforcement points
Apply the base FW rule set configuration based on vendor and industry standards and best practices
Apply the developed network address translation (NAT) configuration to the specified interfaces
Apply the remote access configuration.
o Configure Global Protect
o Configure external gateway portal:
Integrate with CPPM
Configure one (1) Syslog profile
Configure VPN tunnels
Migration Configuration
Migrate objects, security rules and NAT rules from Legacy solution to PAN's solution
Migrate IPSec site-to-site VPNs from Legacy solution to the PAN solution
.Deployment Phase
Deploy Hardware
Initiate applicable change control procedures to permit installation of the software, hardware and configuration of devices
Move FWs into production
Connect enforcement points and management console to appropriate networks
Integrate all FW enforcement points to the central management system
Sample Client Distribution
o Configure Global Protect Clients on in-scope number of Endpoint clients
. Denotes task(s)/phase may be performed After Hours
.Testing Phase
Basic device configuration testing
Test the basic functionality and connectivity of all in-scope devices
Route test traffic through the new environment and test the various rules to verify they are functioning as designed
Verify traffic passing between networks is translated to the IP address scheme in the developed NAT configuration
Verify logs are being recorded and stored to the appropriate systems based on the developed logging configuration
Test the failover of high availability (HA) FW enforcement points
Test user authentication for administration and remote access
Test remote access configuration
Validate VPN configurations are working as designed
Testing of Advanced FW Features
Verify application layer filtering as active and utilizing the developed configuration
Verify URL filtering as active and utilizing the developed configuration
Verify User-ID configurations are working properly
Verify AV configurations are working properly
Verify APT configurations are working properly
Verify Anti-Spyware configurations are working properly
Verify Vulnerability configurations are working properly
. Denotes task(s)/phase may be performed After Hours
First Business Day Support
Client will provide support on the first business day following successful cutover to the Production environment for emergent troubleshooting of the FW solution as needed to address connectivity issues resulting from the cutover to the new FW solution.
Log Collection Period
Collect AppID logs for in scope logging period
Optimization and Tuning Phase
Client 's consultant will support and provide activities relating to the list below, as time allows, up to the number of hours noted in the Scoping Considerations table below.
Staging Phase

Awards & Accolades for MyTechLogy
Winner of
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url