Windows Firewall with Advanced Security Learning Roadmap
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Windows Firewall with Advanced Security helps secure your computer and its communications from threats on the network. It combines the features of a host-based, stateful firewall, and a complete, standards-compliant IPsec protocol stack that can be used to protect your network packets as they traverse the network.
If you are new to Windows Firewall with Advanced Security, this topic can help you identify what you need to learn to fully understand and use all of the features available in Windows Firewall with Advanced Security. It includes prerequisite topics that cover a variety of networking fundamentals. You must understand the prerequisite topics first, because the topics for Windows Firewall with Advanced Security build upon them and assume an understanding of them. Afterwards, you can begin learning about Windows Firewall with Advanced Security by reading the documents in the Level 100, 200, and 300 sections.
We recommend that you read the topics in the order listed.
Prerequisites
Level 100
Level 200
Level 300
Prerequisites
This section contains links to a variety of topics and books that contain background information that will help you fully understand how Windows Firewall with Advanced Security works.
Step 1: Learn about TCP/IP architecture.
See Chapter 2 – Architectural Overview of the TCP/IP Protocol Suite of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153192).
This topic examines the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite in detail, analyzing its four layers and the core protocols used within each layer.
Your goal is to understand the basics of the layered TCP/IP stack architecture and the key protocols in the TCP/IP suite including Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), Internet Control Message Protocol (ICMP), ICMP for IPv6 (ICMPv6), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP).
Step 2: Learn about IPv4 and IPv6 addresses.
See Chapter 3 – IP Addressing of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153193).
This topic describes the details of addressing for both IPv4 and IPv6.
Your goal is to understand the syntax and size of IPv4 and IPv6 addresses, the different types of addresses, and how to express ranges of addresses.
Step 3: Learn about packet structure for TCP/IP core protocols.
See chapters 5 “Internet Protocol (IP)”, 9 “User Datagram Protocol (UDP)”, and 10 “Transmission Control Protocol (TCP) Basics” of the Windows Server 2008 TCP/IP Protocols and Services Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153195), and Chapter 4 of the Understanding IPv6, Second Edition Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153196).
These topics describe the TCP/IP core protocols in greater detail.
Your goal is to understand the fields that comprise the IPv4, IPv6, TCP, and UDP headers and the features that they enable, and how IPv4 packet fragmentation works.
Step 4: Learn about IPv4 and IPv6 forwarding and routing.
See Chapter 5 – IP Routing (https://go.microsoft.com/fwlink/?linkid=153197), Chapter 10 - TCP/IP End-to-End Delivery (https://go.microsoft.com/fwlink/?linkid=153198), and Chapter 15 – IPv6 Transition Technologies (https://go.microsoft.com/fwlink/?linkid=153199) of TCP/IP Fundamentals for Windows.
These topics describe routing and related technologies and protocols.
Your goal is to understand how IPv4 and IPv6 use routing tables to send or forward packets, how Network Address Translation (NAT) works, and the details of the IPv4 and IPv6 end-to-end delivery processes.
Level 100
The following topics contain introductory information about Windows Firewall with Advanced Security.
Step 1: Learn about the features available in Windows Firewall with Advanced Security.
See Introduction to Windows Firewall with Advanced Security (https://technet.microsoft.com/en-us/library/cc730955(WS.10).aspx).
This topic introduces the features of Windows Firewall with Advanced Security and discusses the benefits of using Windows Firewall and IPsec connection security on your network.
Your goal is to understand the main scenarios supported by Windows Firewall with Advanced Security, and the how implementing those scenarios in your organization can help improve your network security.
Step 2: Learn the basics of using Windows Firewall with Advanced Security.
See Windows Firewall with Advanced Security Getting Started Guide (https://technet.microsoft.com/en-us/library/cc748991(WS.10).aspx).
This topic describes how to manage the Windows Firewall and IPsec features of your computer by using the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in.
Your goal is to understand the basics of creating Windows Firewall rules and connection security rules.
Step 3: Learn how the IPsec protocols work to help protect your network traffic.
See Chapter 13 - Internet Protocol Security and Packet Filtering of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153200).
This topic provides a technical overview of the IPsec set of protocols and how they operate.
Your goal is to understand the role of IPsec, the differences between tunnel and transport modes, the differences between main mode and quick mode, the types of IPsec security negotiations, and the protocols used to implement IPsec protections.
Step 4: Learn the basics of server and domain isolation.
See Introduction to Server & Domain Isolation (https://technet.microsoft.com/en-us/library/cc725770(WS.10).aspx).
This topic introduces the primary scenarios for using Windows Firewall with Advanced Security to protect your network traffic by using IPsec connection security.
Your goal is to understand the differences between server isolation and domain isolation, the types of policies that you must create for each, and the types of firewall and connection security rules that make up those policies.
Step 5: Learn how to configure Windows Firewall with Advanced Security policies in an enterprise environment.
See Step-by-Step Guide: Deploying Windows Firewall Policies (https://technet.microsoft.com/en-us/library/cc732400(WS.10).aspx)
This topic discusses how to use Group Policy objects (GPOs) to manage firewall and connection security rules on all of the computers that are part of an Active Directory™ domain.
Your goal is to understand how to use Group Policy to manage the computers in your organization, and how to leverage organization unit membership versus group membership to control GPO deployment.
Level 200
The following topics contain intermediate information about Windows Firewall with Advanced Security.
Step 1: Learn how to create an effective design for a Windows Firewall with Advanced Security implementation.
See Windows Firewall with Advanced Security Design Guide (https://technet.microsoft.com/en-us/library/cc732024(WS.10).aspx).
This topic discusses in detail the process of designing firewall and server and domain isolation scenarios that meet your organization’s requirements for network security.
Your goal is to understand the information must be gathered, the kinds of decisions that must be made, and the design options for the various firewall and isolation scenarios.
Step 2: Learn how to deploy your Windows Firewall with Advanced Security design.
See Windows Firewall with Advanced Security Deployment Guide (https://technet.microsoft.com/en-us/library/cc972925(WS.10).aspx).
This topic discusses how to effectively implement your design by providing procedures that answer the “how” questions that go along with the “what”, “when”, and “why” questions that you answered in the Design Guide.
Your goal is to understand how to create comprehensive firewall and IPsec policies that can be deployed to the computers in your organization to implement effective host firewall and isolation strategies.
Step 3: Practice with your design and deployment in a test lab before putting it into production.
See Setting Up IPsec Domain and Server Isolation in a Test Lab (https://www.microsoft.com/downloads/details.aspx?FamilyId=5ACF1C8F-7D7A-4955-A3F6-318FEE28D825\&displaylang=en).
This topic contains procedures that demonstrate how to set up IPsec domain and server isolation in a limited test environment, which you can use as a basis for your own deployment.
Your goal is to understand the reasons for using a lab environment to configure and test your server and domain isolation policies, and how to get the most information from your lab setup to make your production deployment more successful.
Step 4: Learn basic troubleshooting procedures for Windows Firewall with Advanced Security.
See Windows Firewall with Advanced Security Troubleshooting Guide: Diagnostics and Tools (https://technet.microsoft.com/en-us/library/cc722062(WS.10).aspx).
This topic describes common troubleshooting situations and the tools you can use to help diagnose and resolve connectivity problems related to Windows Firewall and IPsec.
Your goal is to understand the kinds of problems that commonly occur when using firewall and connection security rules in your network, and the tools that you can use to diagnose and resolve those problems.
Level 300
The following topics contain advanced information about Windows Firewall with Advanced Security.
Step 1: Learn the details of the IPsec protocols and packets, and how they are processed by Windows.
See chapter 18 “Internet Protocol Security (IPsec)” of the Windows Server 2008 TCP/IP Protocols and Services Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153195)
This topic provides details of the IPsec protocols and examines the structure of IPsec packets.
Your goal is to understand the different types of IPsec headers and trailers, and packet processing for IPsec-protected packets.
Step 2: Learn about advanced features in Windows Firewall with Advanced Security.
See the Windows Firewall Technical Reference (https://go.microsoft.com/fwlink/?linkid=161824).
These topics describe advanced details of the Windows implementation of Windows Firewall with Advanced Security, and contain reference material. Read them as appropriate for your Windows Firewall and IPsec environment
Additional Resources
To share your suggestions for resources to help others learn about Windows Firewall with Advanced Security, see Community Suggestions for Ramping up on Windows Firewall with Advanced Security (https://go.microsoft.com/fwlink/?LinkId=214939).
Feedback
Your feedback is valuable and welcome! Please rate this content using the stars in the upper-right of your browser window, or send your comments and suggestions to Windows Firewall with Advanced Security Documentation Feedback (wfasdoc@microsoft.com). The author will review your comments and use them to help improve this documentation. Your e-mail address will not be saved or used for any other purposes.