Philippe Tournier

Implementation of Prisma Access solution (Palo Alto Networks)

Leading the implementation of the Prisma Access solution for securing remote access and centralizing security policies in the Palo Alto cloud (Stratacloud).

Advanced configuration of application security policies (App-ID, User-ID, SSL Decryption) and integration with enterprise directories (Azure AD / LDAP).

Deployment of a Zero Trust Network Access (ZTNA) based on identity and endpoint posture, ensuring granular control of access to internal SAGE and SaaS resources.

Deployment of Zscaler Internet Access (ZIA) Cloud Proxy

Implementation of the Zscaler ZIA secure proxy for securing internet access and real-time content filtering.

Configuration of GRE/IPSec tunnel between remote sites and Zscaler PoPs.

Definition and application of dynamic security policies (URL filtering, sandboxing, SSL inspection).

SSO integration with Azure AD and MFA, ensuring strong authentication and contextual access control.

Support for the pilot phase and progressive ramp-up, with compliance reporting and Zscaler dashboards.

Integration of a global SASE architecture

Design of a hybrid SASE architecture combining ZTNA, FWaaS, and SD-WAN, for unified and secure access to cloud and on-premises resources.

Fortinet SD-WAN Proof of Concept (PoC)

Execution of a Fortinet SD-WAN PoC (FortiGate/FortiManager) for WAN rationalization and improved application performance.

Configuration of dynamic IPsec overlay VPNs, performance-based link selection (SLA monitoring).

Technical environment: FW Palo Alto 5410, Panorama, Stratacloud Manager, Fortinet 100F, FortiManager, FortiAnalyzer, Cisco Nexus 95xx and 93xx, Vxlan NDFC Fabric, IP Fabric Media ST 2110 Fabric.

-Netcenter APAC Project: Design and integration of a new datacenter based on vxlan fabric. Writing LLD (Low-Level Design)

-Urbasec Program, writing DAT G (Technical Specification Document - General) and DAT D (Technical Specification Document - Detailed) for sites to be migrated to the MultiVsys Palo Alto solution.

- Obsolescence Program, writing DAT documents for ObsoWindows and ObsoLan projects. Implementation of a 10G/40G server foundation based on HPE and Cisco switches. Migration plan for all MSY LAN switches.

-IT Convergence Program: redesign of LAN and security for the Ex-Zodiac sites in SED format with implementation of Urbasec rules and IP re-addressing. Writing migration and testing plans.

-MES (Manufacturing Exec. Syst.) Project: populating the industrial Vsys of the FGR site with VLAN migration on Palo Alto FW. Opening flows, updating DAT D and migration plan.

-Expertise and Troubleshooting on business flows between Safran and its partners (Dassault/Airbus). Opening flows and IPsec VPN.

-Security environment: Palo Alto 3220 and 820 range, Panorama access and group DDI in read-only, multivsys environment, filtering via FOF. Ticket opening process via SNOW+CAB. Implementation of IPsec VPN on Palo Alto 820.