Securely exposing a locally hosted web server:

• Configured “Allow Policies” – To allow incoming traffic to enter a network typically from a given source IP.
• Configured “Deny Policies” – Although firewalls have implicit deny policies further restrictions were sometimes needed. For this project the firewall was configured to drop all incoming traffic originating from non-US IP. This was in response to several unauthorized connection attempts from countries like Russia.
• Port Forwarding – In order to permit the public to reach a locally hosted server port forwarding specifically for port 80 and 443 needs to be configured (port 80 were forwarded to port 443 for security purposes).
• NAT – To translate the public FQDN of the web server to its IP address.
• PAT – To map the web servers public IP to its private IP.
• DHCP – Although DHCP is typicality done on a DHCP server SonicWALL has limited yet effective DHCP capabilities. The web server required a private IP address which it got from the firewall.
• VLAN – The web server was secured inside a VLAN of its own.

Creating a secure site-to-site connection

• This connection was created between a LAN and AWS for business continuity and disaster recovery purposes.

Network QoS configuration

• Prioritize video conferencing traffic during the pandemic and resolve ongoing latency issues that occurred during peak working hours.

Content Filtering

• In order to prevent employees from accessing malicious sites implement an effective firewall content filter based on the SonicWALLs content filter database.