Performed Project Tasks

‒ Checkpoint cluster environment setup
‒ Checkpoint environment conception and design
‒ Checkpoint FW + NAT + Threat Prevention policy structure design
‒ Checkpoint Multi-Domain Security Management conception global policies + domains
‒ Checkpoint Multi-Domain Security Management project planning
‒ Checkpoint VSX architecture design & Blades allocation
‒ Cisco core switches backbone infrastructure renew, define requirements with specification
‒ Cisco Firepower Firewall one-arm mode integration in ACI (Service Graph)
‒ Cisco Firepower Firewall two-arm mode integration in ACI (L3Out)
‒ Cloud DC network services architecture
‒ Define firewall rules for MS Exchange environment to O365 Cloud
‒ Design customer cloud network segments for services
‒ Dimensioning and specification for Checkpoint cluster hardware
‒ Dimensioning of Checkpoint Management Server Open Server
‒ Disaster Recovery concept for Checkpoint Firewall Cluster – draft, implementation, tests
‒ Fortinet SD-WAN strategy design concept
‒ Fortinet SD-WAN testlab architecture design concept
‒ MDSM domain administrator groups – role conception, implementation
‒ Name concept for the rules, objects, hosts
‒ Network segmentation design
‒ New Checkpoint solution design
‒ Project planning of the Checkpoint deployment phases
‒ Replacing FW appliances – dimensioning and selection of new components
‒ Vlan + DMZ conception

‒ Checkpoint Endpoint Management Server
‒ Checkpoint Firewall Security Gateways
‒ Checkpoint Multi-Domain Security Management Server
‒ Checkpoint Security Management Server
‒ Checkpoint SMB Embedded Gaia
‒ Cisco ASA
‒ Cisco Firepower
‒ Fortinet FortiGate Firewall
‒ Setup Checkpoint ClusterXL
‒ Setup Checkpoint VSX Virtual Contexts
‒ Setup Cisco ASA Virtual Contexts

‒ BlueCoat ASG Proxies configuration for individual O365 apps
‒ BlueCoat Authentication-Connector installation, configuration
‒ Checkpoint Blades configuration – Application Control, URL Filtering, IPsec VPN, Mobile Access, Identity Awareness, Content Awareness, Threat Prevention IPS, Threat Prevention Anti-Bot, Threat Prevention Anti-Virus, Monitoring, MTA, Webproxy
‒ Checkpoint Multi-Domain Security Management – distribution into MDSM domains
‒ Cisco Catalyst switches configuration
‒ Cisco Nexus switches configuration
‒ Deployment and configuration of Sandblast Appliance
‒ Deployment and configuration of threat prevention blades
‒ Firewall VPN tunnel to Azure Cloud setup
‒ Troubleshooting O365 services access to the cloud

‒ Checkpoint Appliances migration to Checkpoint Virtual System Extensions
‒ Checkpoint cluster migration from vrrp to ClusterXL
‒ Checkpoint cluster mode migration from virtual system load sharing to high availability
‒ Checkpoint Security Management Server Migration to Multi-Domain Security Management
‒ Checkpoint Security Gateway + Security Management server R77 migration to R80
‒ Firewall cluster migration from Cisco ASA to Checkpoint VSX
‒ Migration from TMG Firewall to Checkpoint Firewall
‒ Migration of customer services to the cloud
‒ Planning and managing of migration phases
‒ Problem troubleshooting during the migration
‒ Requirements analysis for firewall cluster migration

‒ FW policy structure design for automation
‒ FW policy rules creation and compliance check
‒ FW ruleset optimization
‒ Endpoint Security Policy design, configuration
‒ FW ruleset compliance check
‒ FW rules structure conception, creation
‒ FW ruleset analysis, consolidation, cleanup

‒ VPN Site-to-Site concept und configuration
‒ Checkpoint RAS VPN configuration and setup
‒ VPN connection deployment between Checkpoints and AWS Amazon Cloud
‒ Configuration of IPsec VPN tunnels between thirty locations
‒ Troubleshooting VPN Problems

‒ Checkpoint DDoS ruleset configuration + fine tuning
‒ Fine tuning of the QoS rules
‒ Firewall Ruleset performance tuning
‒ Implementation of the QoS rules
‒ MPLS network analysis & Bandwidth ruleset concept
‒ Performance tests in operational environment
‒ Performance tuning of the Checkpoint appliances
‒ Preparation / hardening for security audit
‒ SecureXL + ClusterXL performance tuning

‒ Network scan, device scan
‒ Network traffic sniffing – traffic/data analysis
‒ End devices – vulnerability scan

‒ Bluecoat Threatpulse cloud proxy Prove of Concept + go-live
‒ Checkpoint Automation & Orchestration POC deployment in Testlab
‒ Connection options performance tests IPsec vs. explicit proxy + scalability
‒ Creation and automation of cloud policies
‒ Firewall automation and implementation in ACI POC
‒ Migration of the locations of Bluecoat ASGs to the cloud
‒ NetFlow Sensor, Replicator, Collector architecture design + POC
‒ Pfsense Firewall automation of installation process and ruleset creation in Testlab
‒ Performance tests in operational environment