Hello I am in need of help with the second part to my lab. I need help filling out tables 1,2, and 3 based on the policies another tutor helped me make before hand. I will attach the policies as well as the Lab document of what the tables need to be filled with.

MicroComputers (MC) Lab: Firewall ACLs Introduction In this simulated lab assignment, you are going to research and write up firewall policy and implement the policy by translating it into firewall rules based on the scenario detailed below. At the end, you must present your results to your customer. The scenario is multipart, and you must read repeatedly the information given, to understand the tasks and execute carefully as required. Scenario Micro Computers (MC), is a small computer retail shop that sells computers and computer accessories to its customers in the Balitmore area. You are employed by MC, and your group is the team selected to create the company's security policy. The primary purpose of the security policy is to create a firewall-based network security solution for MC's network. There are 80 employees working in different roles ranging from sales to senior manager. MC has the following departments: Sales/Marketing, Store, Management where the accounting department is also hosted. The departments communicate internally within MC network and with the outside world via the internet regarding the operations and transactions related to the business processes. 7 Mgmt & Accounts Sales/Mkting Store MS Windows 2016 Active Directory/File 192.168.12.11/27 Subnet0 Subnet1 Subnet2 Subnet3 Subnet4 Subnet Name Subnet5 Subnet6 Subnet7 Switch 2 SW2 www.bo Switch 3 SW3 Technical Environment 1. The company has a Microsoft Active Directory environment (Windows 2016+ servers, Windows 10 workstations & laptops, MS Office applications). Internal servers include Microsoft Active Directory Services (File/Print/DNS as part of AD), MS Terminal Services, MS Exchange (email), MS SQL (database) server, and MS IIS (Internet Information Services) for a Webserver. 2. There is an external e-mail spam filter appliance as the public point of presence provided by ISP, which forwards mail to the internal mail server. Outside e-mail users can't send e-mail messages directly to the different departments and must go via spam filter. Switch 4 SW4 3. All employees are authorized telecommuters (mobile workers), who access the Terminal Server from their homes as well as company provided laptops when traveling. Remote workers include system administrators who work remotely and can connect to the internal network critical services via the internet, but this doesn't include remote access to the MS SQL Server. Inbound 4. The sales and customer service departments use a CRM (customer relations management) application through a web portal which uses data on the MS SQL server. Internally, the Sales' associates have no direct access to the SQL Server, but only the database manager can do so. Inbound 5. Data related to computers and peripherals is stored on the MS SQL Server that interfaces with the MS IIS (Web Server). This means that customers can only search products via the Web Server using their local browsers. 6. The Webserver hosts a public website for searches and viewing products as well as a "business to business" and regular customer's e-commerce site, meaning it allows customers to securely log in, place orders, and review their account. The e-commerce site, running from the Webserver, accesses (interfaces with) the SQL server for customer, inventory, and pricing information. 7. The company operates a "flat" network, meaning all internal devices share the same LAN with the same subnet mask. 8. All switches are configured and operational, and don't have to be concerned about them. This applies also to all servers as they are configured and fully functional. 9. The placement of the firewall in the topology follows the "Bastion Host" model. 10. The firewall is not configured and must be configured at the start with device initial/base configuration plan which is going to be one of your first steps in deployment stage. 11. The firewall that is used in the topology is Dell SonicWall TZ-300 model which has three types of link interfaces LAN (4 ports), WAN, and DMZ. Direction Summary of your team's tasks Your team will provide inputs to the MC management in three phases; each phase will take 1 week. At the end of each week, you will submit your results to the MC management. 6. The e-mail Outbound MS Windows 2016 Exchange Server 3. For each This exercise will be worth 100 total points to your lab de. All members of your team must contribute to the work; your instructor may ask any member of the team to explain part of the work to verify their participation. Inbound Inbound Phase 0 is to set up your teams. You will work in teams of 2-3. Phase 1 will be a firewall policy. Explore and research the operations that relate to MC's business process and based on your finding create a firewall policy that is going to serves as the basis for creating the firewall rule sets. The policy must be at least 2 pages long and should have a title, overview, purpose, scope and policy statements that articulates and details the firewall configuration settings and Audit and Controls of the firewall policy. The firewall policy should also capture enforcement and measures in the case of policy violations. It must be formatted in a professional manner using a word-processor such as Word or Google Docs. Please include page numbering and the version of the document e.g. policy version history. You can use a template from the internet but must adapt it to the needs/context and business processes of Micro Computer (MC) retail shop. 1. You 2. Further to this, you must acknowledge where you got the template from by providing the source of the template. 192.168.12.12/27 A link is given below, and you can download a document to give you an idea of what a firewall policy looks like: https://www.cde.state.co.us/dataprivacyandsecurity/networkfirewallpolicy. Keep in mind that this document is model and is not specific to the MC organization. Item to turn in: firewall policy document. Task 1: Complete the IPv4 addressing plan for the 4 subnets in the diagram Task 2: Create Firewall Rules using descriptive terms Task 3: Create Firewall Rules using IP addresses and port numbers Direction Outbound Phase 2 will be a subnetting table and the needed firewall rules. Phase 3 will be a presentation (using Voice Thread) describing your solution and any recommendations you may have. Task 1: IPv4 Addressing Plan (Scheme) for MC As part of your task to implement a secure network, you must have a plan for your IP addressing scheme and apply the IP addressing in a professional manner. For this purpose, you are given a base IP address of 192.168.12.0/24 that you must subnet for the network segments layer 3 switches though the switches currently operate as layer 2. These can be configured potentially as layer 3 in the future with VLANs and VLAN switch trunking to increase separated by network efficiency. Don't worry about VLANs for now. and you don't Outbound Subnetting Requirements: 1. The base IP address given, 192.168.12.0/24, must be subnetted to allow a maximum of Network Address 192.168.12.0/27 192.168.12.32/27 192.168.12.64/27 192.168.12.96/27 only 30 useable host addresses per network segment separated by the switches. 2. The first subnet (subnet0) must be used by the critical devices: the IP address assignments for the servers are shown in the topology. This has been done for you already. 3. The next available subnet (Subnet1) is assigned to the management subnet, the third subnet (subnet 2) to Sales and the fourth (subnet3) to the Store department. The rest of the IP address assignments are shown on the table below, but you must complete the remaining of the table. 4. Except for those devices/servers for which IP assignment is shown, the first available address in each subnet is kept aside for an intermediary or a critical device such as routers, firewall or even servers. Though the switches currently are used as layer 2 devices, reserve the first available and useable address in each subnet for the switch's administrative/default VLAN. 5. A table is given to help you plan the addressing scheme and you must complete the table to create the inventory of your IP addresses. You may use a subnetting calculator or other tool to verify your table. Table 3: ACL Item to turn document MS Windows 2016 Terminal Services must To show the provided in the subnet1 subnet2 Outbound ANY Table 2: Firewall Rules (descriptive) DMZ is, so VoiceThread, subnet3 ANY you Customers Subneto 192.168.12.224/27 192.168.12.225 - 192.168.12.254 Item to turn in: Voice Thread to *** E It is time to turn (translate) the firewall devices understand better. Take them into an ACL using IP addresses and Table 1: Subnet Note: MC is planning to open a branch office in Kalamazoo, MI next year, so subnets 4-7 are reserved for the new office. They are not needed for this exercise but you need to leave the IP addresses for those subnets available for the new office. create way 192.168.12.13/27 gateway (spam filter) is provided by the ISP and is assigned a Public IP address as shown on the topology. Firewall internal (LAN) interface is assigned available IP of subnet5 address 7. The the first and the external/outer (WAN) interface is assigned the first available address of the Public IP address of the ext_subnet0 of 220.51.79.0/28 as shown in the topology Webserver (IIS) ANY diagram. This assignment is shown on not appear on this table. 8. Customers and Mobile workers have no specific IP addresses, could be anything. ANY ANY a VoiceThread Task 2 Using the information provided and the IP addresses as a lead, create firewall rule sets using the table provided below. This table uses descriptive terms rather than IP addresses and port numbers. firewall 1. The first inbound given as an example. 2. Add four more rules for reference to determine in: Tables 1, 2 and and upload MS Windows 2016 SQL Server Switch 1 SW1 Task 3: Translate the firewall rules into an ACL 192.168.12.15 192.168.12.14/27 Source it, After completing Phase 2, you network and no demilitarized or Prepare from phases 1 and 2 network (additional hardware, Phase 1 (30 points) you Voice Thread get credit. subnet0 and what Phase 2 (40 points) Useable IP Address Range firewall Inbound and outbound rules. Use the business process as a the protocols needed to create the rules. direction, cleanup rule is added at the table have to do anything on those. Source realize zone MS Windows 2016-IIS Webserver presentation will need to explain but you must give a corresponding ACL on how to do it the table below. Note: the Firewall changes new 192.168.12.15/27 ANY that (DMZ) irewall Ext. Interface 220.51.79.1/28 ACLs, why it ANY rule as well as the corresponding reciprocal outbound rule are Customers 3 completed may create for ACL ANY lasting you Email Gateway Spam Filter 220.51.79.15/28 ANY Destination Type of Traffic Webserver (IIS) HTTP/TCP ANY above is the firewall outer interface. Ext_subnet0 does the for the Destination 192.168.12.15 Broadcast Address 192.168.12.31 192.168.12.255 Phase 3 (30 points) Telecommuter Mobile Worker rows in table Customers Users Design by Ma valuable. rules into ACL that the SonicWall or any of the other the firewall rules from the table above and translate port numbers. the MC is putting itself at inside the network. no more would recommend etc). Your customers ANY HTTP/TCP ANY at the end of the rules' list rows Address Assignment All Servers Management ANY Sales Store Reserved for Kalamazoo Management Reserved for Kalamazoo Sales Type of HTTP/TCP Reserved for Kalamazoo ANY Store Reserved for Kalamazoo-to- Baltimore WAN connection HTTP/TCP = 80 than 10 minutes to table above (Task 3). first inbound and outbound rules is the basis to create the ACL entries. You may use credit for anything you download presentation. Each member of the team may any from risk because there is a You feel it is necessary Traffic = 80 Action Allow Deny Allow as described. You may fill them out on this a new document. Deny that describes implement a DMZ on not understand Action Allow Deny Allow Deny flat that you the results this what a media you wish in the the internet. must present part of the