. Objectives
• Design scalable and resilient enterprise network architecture.
• Implement secure Cisco DMVPN WAN connectivity.
• Architect Sophos Firewall multi-zone security framework.
• Design Tier-2/Tier-3 Data Center architecture.
• Implement VMware vSphere high-availability clusters.
• Ensure Zero Trust segmentation and high availability.
Cisco Enterprise Network
• Hierarchical Core / Distribution / Access design.
• OSPF multi-area and BGP WAN edge routing.
• HSRP/VRRP gateway redundancy.
• VLAN design and segmentation.
• QoS for ERP and VoIP.
• NetFlow, SNMPv3, and monitoring integration.
DMVPN WAN Architecture
• Dual Hub DMVPN Phase 3 architecture.
• mGRE tunnels with NHRP configuration.
• IPsec IKEv2 with AES-256 encryption.
• Routing over DMVPN (OSPF/EIGRP/BGP).
• IP SLA tracking and automatic failover.
• QoS pre-classify and bandwidth control.
Sophos Firewall
• Multi-zone segmentation (WAN, LAN, DMZ, Server, VPN, Guest).
• IPS, ATP, SSL inspection, Application Control.
• Web Application Firewall for public services.
• Active-Passive High Availability design.
• Firewall rule matrix and Zero Trust policy implementation.
Data Center Design
• Dual core switch design.
• Redundant ISP and firewall connectivity.
• Rack elevation and power redundancy planning.
• Storage network segmentation.
• Disaster Recovery architecture.
VMware Virtualization
• vSphere cluster with HA and DRS.
• Distributed Virtual Switch (VDS).
• Resource sizing and capacity planning.
• Backup and snapshot governance policy.
• Secure management and segmentation.
Security & Compliance
• Micro-segmentation strategy.
• Control Plane Policing (CoPP).
• Certificate-based authentication.
• Logging, SIEM integration, and monitoring.
• Failover testing documentation.
Deliverables
• High-Level Design (HLD).
• Low-Level Design (LLD).
• IP Addressing & VLAN Matrix.
• DMVPN Tunnel Plan.
• Firewall Security Matrix.
• Data Center Physical & Logical Diagrams.
• Disaster Recovery Plan.
• Knowledge Transfer & Documentation.
Required Qualifications
• Cisco CCIE (Enterprise Infrastructure preferred).
• Minimum 10 years enterprise networking experience.
• Proven Sophos Firewall architecture experience.
• Data Center design expertise.
• VMware VCP/VCAP certification preferred.
Performance Indicators (KPIs)
• Network uptime ≥ 99.9%.
• Zero critical misconfiguration findings.
• Successful failover test validation.
• Documented and approved architecture design.