Palo Alto Architect (SC Cleared)

Palo Alto Architect (SC Cleared)

Duration: 3 Weeks

Start: ASAP

Rate: Negotiable

Location: Remote working

IR35 Status: Outside

Project Overview:

We require a Palo Alto Architect (SC Cleared) to advise our public sector client on web proxying.

The Client has two data centres and an express route connection with Microsoft and has previously used Microsoft TMG to manage their URL routing.

They would now like to move forward web proxying to the pair of Palo Alto Firewalls located in bot data centres to allow decommissioning of the TMG Proxy Servers; a pair of Cisco ASA Firewalls and an additional Sidewinder Firewall. They would also like to explore options for removing a Legacy forward lookup zone currently configured in their internal DNS.

The client wants a future proof design that continues to work when they move to a WAN model where each office breaks out to the Internet without traversing the network for most web traffic.

As the Palo Alto Architect you will be required to advise the Client on how they can implement forward web proxying on their Palo Altos or alternative end user device routing options. The client has users working on two different connections, remotely from home locations and via the clients network in their offices.

The design challenge is to go "direct" for nearly all traffic but allow for exceptions that are routed out through the Palo Altos, either to specific VPN connections or to the Internet for websites/applications that use IP whitelisting as a security control. The configuration is further complicated by users operating in two distinct connection configurations when working remotely (using Microsoft Always On VPN) and in the office on the LAN. The solution must work consistently in both modes.

As the Palo Alto Architect you will consider their routing through PAs to produce a design which moves us away from their current design of a WPAD file directing this traffic to a Microsoft TMG Proxy to the solution

We require a Palo Alto architect who can produce a design centred on forward Proxy routing or via the Clients existing network design to remove additional unnecessary hops from outbound internal and external URLs to provide an efficient and secure new solution for such sites.

Key outcomes/deliverables will include:

Discovery - A workshop to establish the design.
Design - A new LLD for all URLs which must traverse from the client's network out via VPN destinations or express route to their ultimate destinations.
Handover - A workshop on the LLD to walk through the Tech Ops team so they are able to implement

To apply for this role please call Joanne Stanley - Tel or email: (see below)

Certes IT Service Solutions welcome applications from all sections of the community and from people with diverse experience and backgrounds

Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.