Hafedh Karoui

Definition of S-SDWAN & SSE strategy

• Development of a new architecture direction aligned with the overall cybersecurity, connectivity, and Cloud strategy

• Identification of key use cases: secure cloud access, application segmentation, internet traffic inspection, application performance, etc.

• Meetings and technical exchanges with key market players for benchmarking and solution framing

• Drafting of the specifications for the implementation of an SSD-WAN / SSE solution (phase in progress). Study of replacing central SSL VPN gateways (end of support) with a ZTNA solution

• Framing of future needs of different entities and definition of a trajectory towards a ZTNA (Zero Trust Network Access) model.

• Meetings and technical exchanges with key market vendors.

• Management of the tender, presentations, and selection of finalist solutions

• Execution of POCs with Netskope, Zscaler

• In-depth analysis of the performance and capacity limitations of the existing platform.

• Proposal of a new centralized, more robust, and scalable architecture.

• Coordination of operations, integration, and cybersecurity teams around the new SD-WAN Architecture. Modernization of the STIME Arista Datacenter infrastructure)

• Documentation of the existing infrastructure and development of the datacenter redesign specifications.

• Contribution to the tender, POC, and target solution selection phases.

• Design of DAT/DATI documents with the integrator and preparation of migration scenarios.

• Definition of the network design on a Spine-Leaf architecture, integrating multi-VRF segmentation, Anycast IRB, and inter-site DCI.

• Involvement in the implementation of the network automation model based on Nautobot and AWX/Ansible.

• Collaboration with teams to harmonize data models and configuration templates

• Design and implementation of a World Wide remote access solution based on Pulse Connect Secure Gateway, F5 Load Balancers (LTM / GTM), Cloudflare DNS Load Balancing, connection geolocation, and Palo Alto firewalls.

• Implementation of an SSL web portal for partner access based on Pulse Connect Secure, with SAML authentication (Azure AD IdP) and MFA.

• Interconnection of L'Oréal sites to Zscaler via redundant GRE tunnels deployed on Palo Alto firewalls.

◦ Preparation of Zscaler locations, creation of GRE tunnels, configuration of the cloud firewall, URL filtering, and Application Control.

◦ Limitation of partner access through tenant restriction features on Azure AD and Zscaler.

• Definition of the IoT access architecture for L'Oréal factories.

- Design of the network and security infrastructure (Palo Alto, Fortigate, Zscaler Cloud Firewall firewalls) and implementation of multi-level URL / Application Control filtering (Zscaler + Palo Alto).

◦ Installation and configuration of Palo Alto firewalls, integration with Panorama, creation of access policies, GRE tunnels, policy routing, DMZ, URL filtering.

◦ Wi-Fi redesign: local switching, new VLANs, policy profiles, guest portal.

• Migration of Splunk to a new Linux infrastructure.

• Installation and configuration of Rsyslog and Splunk Universal Forwarders.

• Integration of new applications into Splunk, creation of custom reports, dashboards, and SNMP monitoring

Technical environment SSL VPN, Reverse Proxy, Web Publishing, Pulse Connect Secure, F5 LTM/GTM, Cloudflare, Zscaler, Azure, Private Cloud, Palo Alto, Fortinet, Cisco, Anti-DDoS, Splunk, Terraform, Panorama, Enterprise Wi-Fi.