DBSHAW.COM
Experience
Experience Home Edge Security Experience Cloud Technologies
Projects Directory
Projects Home OpenStack Cluster Expo
Connect

Experience

Edge Security Experience

Practical edge security architecture work spanning custom Linux HA clusters and globally managed enterprise firewall platforms.

Custom HA Linux Edge Cluster

Built and operated a custom high-availability Linux edge stack using OSPF routing, OpenVPN, iptables/netfilter policy controls, and c-icap content adaptation.

wan / internet edge 2-node ha linux firewall cluster fw-node-a ospf • openvpn fw-node-b iptables/netfilter state sync + failover + c-icap policy chain internal switching layer 8 switch stacks segmented access / distribution paths internal server environment 35 servers total private internal cloud 16 cloud nodes traffic path: wan → ha firewall cluster → segmented internal network
  • Designed resilient failover behavior across clustered Linux edge nodes.
  • Implemented dynamic routing with OSPF to maintain path continuity during node events.
  • Built VPN ingress/egress controls with OpenVPN and policy-aware segmentation.
  • Maintained packet filtering and NAT controls through iptables/netfilter hardening.
  • Integrated c-icap for edge content adaptation and policy enforcement workflows.
  • Operationalized observability and runbook-driven incident handling at the edge.

Global NGFW Clustering Across SD-WAN

Delivered globally managed NGFW clustering architecture and operations across five office sites and three distributed datacenters connected over SD-WAN.

global sd-wan fabric office site 1 2-node ngfw cluster office site 2 2-node ngfw cluster office site 3 2-node ngfw cluster office site 4 2-node ngfw cluster office site 5 2-node ngfw cluster datacenter 1 2-node ngfw cluster datacenter 2 2-node ngfw cluster datacenter 3 2-node ngfw cluster 8 total sites connected over sd-wan, each protected by a local 2-node ngfw cluster
  • Architected and supported clustered NGFW deployments across 5 offices and 3 datacenters.
  • Standardized policy lifecycle and change controls for globally managed firewall estates.
  • Coordinated site-specific routing, tunnel, and security policy dependencies.
  • Improved operational consistency with repeatable build and migration procedures.
  • Strengthened incident response at the edge with telemetry-driven investigation workflows.
  • Balanced security enforcement with uptime objectives across distributed environments.

pfSense Homelab Edge and Raspberry Pi Cluster

Built a custom pfSense homelab edge environment to test real-world routing, visibility, and service-delivery patterns with policy-based controls and lightweight cluster services.

  • Designed a custom pfSense edge with policy-based routing (PBR) for traffic steering.
  • Used ntop-ng for traffic analytics, visibility baselines, and flow-level troubleshooting.
  • Ran a Raspberry Pi cluster to host core edge-adjacent infrastructure services.
  • Provided DHCP services through the Pi cluster for segmented homelab networks.
  • Deployed Pi-hole for DNS-level filtering and local resolver control.
  • Integrated an ELK stack for log aggregation, search, and security event analysis.

UniFi Edge Cloud Gateway and Segmented Edge Design

Extended the edge lab with a UniFi Cloud Gateway architecture focused on layered routing, policy-based segmentation, and inspection-ready controls for mixed workloads.

  • Integrated a UniFi edge cloud gateway as the primary control and routing boundary.
  • Configured DNS services and policy-based routing (PBR) for targeted path control.
  • Implemented custom routing to support an additional downstream pfSense router.
  • Built proper network segmentation using VLAN boundaries and policy groups.
  • Applied IPS controls to improve detection and prevention across segmented traffic flows.
  • Validated routing and security behavior with repeatable test paths and traffic baselines.
Back to Projects Home