diff --git a/docs/source/configuration/simulation/nodes/network_examples.rst b/docs/source/configuration/simulation/nodes/network_examples.rst
index 3005893e..9dc8f72b 100644
--- a/docs/source/configuration/simulation/nodes/network_examples.rst
+++ b/docs/source/configuration/simulation/nodes/network_examples.rst
@@ -478,4 +478,82 @@ Node Configuration
 **Firewalls**
 
 - **Ports Configuration**: Similar to routers but with named ports to differentiate between external (internet-facing),
-  internal, and demilitarized zone (DMZ) connections.
\ No newline at end of file
+  internal, and demilitarized zone (DMZ) connections.
+- **ACLs** - The firewall is configured with six primary ACLs, designed to manage the traffic across three key network
+  junctions: internal, external, and DMZ.
+
+  - **Internal Port ACLs**:
+
+    - **Inbound ACL**: Controls traffic entering the internal network from other network zones.
+    - **Outbound ACL**: Controls traffic leaving the internal network to other parts of the network or the internet.
+
+  - **DMZ Port ACLs**:
+    - **Inbound ACL**: Controls traffic coming into the DMZ from the internet or internal network.
+    - **Outbound ACL**: Controls traffic leaving the DMZ to reach the internal network or the internet.
+
+  - **External Port ACLs**:
+
+    External ACLs can be used as a single 'catch-all' where two separate but identical rules would be required for both
+    internal and DMZ ports.
+
+    - **Inbound ACL**: Controls traffic coming in from the internet, allowing only authorised access to the network.
+    - **Outbound ACL**: Regulates what internal traffic can exit to the internet.
+
+Building the Config File
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+**Defining the Network Scope and Scale**
+
+1. **Identify the Participants**:
+
+   - **Home/Office Network**: Consists of PCs and servers that handle daily operations and access to shared resources
+     like files and applications.
+   - **ISP (Internet Service Provider)**: Manages internet connectivity and external routing, acting as the gateway to
+    the internet for the SomeTech network. Also enabled DNS lookups.
+   - **SomeTech Corporate Network**: A complex internal network with multiple subnets, including a DMZ for public-facing
+     services, and segregated internal zones like HR, Engineering, and Data/Storage.
+
+
+**Node Placement and Configuration**
+
+2. **Strategic Node Placement**
+
+   - **Web Server in the DMZ**: The web server is strategically placed within the Demilitarized Zone (DMZ) to ensure
+     that it is accessible from the internet without exposing the internal network to potential security threats. The
+     DMZ acts as a segregated area that isolates public-facing services from critical internal resources, reducing the
+     risk of external attacks spreading into the corporate network.
+   - **Database and Storage Servers**: These servers are located on a separate subnet to enhance security and
+     performance. Segmenting these servers allows for more granular control over access and traffic management,
+     ensuring that sensitive data is tightly secured and that the traffic does not interfere with other operations
+     within the corporate network.
+
+3. **Subnetting Strategy**
+
+   - **/30 Subnets for Router Links**: Links between routers are configured with /30 subnets, which provide just enough
+     addresses for two endpoints and a broadcast address, maximizing the efficiency of IP address usage. This subnet
+     size is typically used for router-to-router connections to minimise the wastage of IP addresses and to simplify
+     network management.
+
+4. **Routing Configurations**
+
+   - **Defining Static Routes**: Static routes are meticulously defined to ensure that data packets find the most
+     direct and secure path to their destinations. This involves specifying routes that direct traffic from the
+     internal network to the internet, between internal subnets, and to the DMZ.
+   - **Use of Default Routes**: Default routes are critical in guiding traffic towards a predefined exit point,
+     typically towards the ISP, when no other specific routes match. This setup ensures that external traffic is
+     efficiently routed through the network gateway, simplifying the routing table.
+
+5. **Security Measures**
+
+   - **ACLs on Routers and Firewalls**: Access Control Lists (ACLs) are crucial in enforcing security policies.
+     They are configured to:
+
+     - **Permit or Deny Specific Traffic**: Depending on the node type and the network segment, ACLs are tailored to
+       control what traffic can enter or leave the network. For instance, ACLs on the firewall regulate traffic between
+       the internet, DMZ, and internal network.
+     - **Support Specific Applications**: ACLs also facilitate the operation of specific applications by allowing
+       necessary communications. For example, permitting HTTP traffic to and from the web server in the DMZ ensures
+       that web services are accessible without compromising the security of other network segments.
+   - **Route Security**: Routing configurations are secured by ensuring that routes do not inadvertently expose
+     sensitive parts of the network to unauthorised traffic. Routes are carefully planned to keep internal and external
+     traffic separate unless explicitly allowed via ACLs.
diff --git a/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml b/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml
index 1d38d89a..89101130 100644
--- a/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml
+++ b/src/primaite/config/_package_data/multi_lan_internet_network_example.yaml
@@ -1,6 +1,9 @@
 game:
   ports:
   - ARP
+  - DNS
+  - HTTP
+  - POSTGRES_SERVER
   protocols:
   - ICMP
   - TCP
@@ -252,6 +255,10 @@ simulation:
         subnet_mask: 255.255.255.0
         default_gateway: 10.10.3.1
         dns_server: 8.8.8.2
+        applications:
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
 
       - hostname: some_tech_snr_dev_pc
         type: computer
@@ -265,6 +272,9 @@ simulation:
           - type: DatabaseClient
             options:
               db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
 
       - hostname: some_tech_jnr_dev_pc
         type: computer
@@ -276,6 +286,9 @@ simulation:
           - type: DatabaseClient
             options:
               db_server_ip: 10.10.1.11
+          - type: WebBrowser
+            options:
+              target_url: http://sometech.ai
 
     links:
       # Home/Office Lan Links
@@ -351,4 +364,4 @@ simulation:
       - endpoint_a_hostname: some_tech_eng_sw
         endpoint_a_port: 2
         endpoint_b_hostname: some_tech_jnr_dev_pc
-        endpoint_b_port: 1
\ No newline at end of file
+        endpoint_b_port: 1