New "Learning Roadmap" content type and prototype for your review

To help novice or new-to-technology IT Pros, the Windows Server User Assistance Networking Writing team is investigating the use of a new type of topic known as a learning roadmap. The learning roadmap steps a novice or new-to-technology IT Pro through the sets of technologies that are associated with understanding and successfully deploying a Windows technology or end-to-end scenario. Each step in the learning roadmap describes the knowledge set, gives pointers to resources (Microsoft Web content or other published content, such as books), and lists learning objectives and areas of information that should be understood before moving on to the next step.

The learning roadmap topic attempts to answer the question: What do I need to know before I begin a deployment? The intent of the learning roadmap topic is to reduce IT Pro ramp-up time by providing a focused, self-study-based learning plan that is customized for a technology or scenario.

We would love to get your feedback on the usefulness of this new type of topic. We have included a learning roadmap prototype for Windows Firewall with Advanced Security below. Please review for accuracy, completeness, and general usefulness to IT Pros who are new to Windows Firewall and Internet Protocol security (IPsec). Please add your comments to this blog post or send mail to wfasdoc@microsoft.com and let us know what you think.

Note: The prototype below has been published at Learning Roadmap for Windows Firewall with Advanced Security.

************************************************************************************ 

 

Learning Roadmap for Windows Firewall

with Advanced Security

Windows Firewall with Advanced Security helps secure your communications and your computer from attacks over the network. It combines the features of a host-based, stateful firewall, and a complete, standards-compliant IPsec protocol stack that can be used to protect your network packets as they traverse the network.

If you are new to Windows Firewall with Advanced Security, this topic can help you identify what you need to learn to fully understand how to use all of the features available in Windows Firewall with Advanced Security. It includes prerequisite topics that cover a variety of networking fundamentals. You must understand the prerequisite topics first, because the topics for Windows Firewall with Advanced Security build upon them and assume an understanding of them. Afterwards, you can begin learning about Windows Firewall with Advanced Security by reading the documents in the Level 100, 200, and 300 sections.

We recommend that you read the topics in the order listed.

Prerequisite information

This section contains links to a variety of topics and books that contain the background information you need to fully understand how Windows Firewall with Advanced Security works.

· Step 1: Learn about TCP/IP architecture.

See Chapter 2 – Architectural Overview of the TCP/IP Protocol Suite of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153192).

Your goal is to understand the basics of the layered TCP/IP stack architecture and the key protocols in the TCP/IP suite including Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), Internet Control Message Protocol (ICMP), ICMP for IPv6 (ICMPv6), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP).

·

Step 2: Learn about IPv4 and IPv6 addresses.

See Chapter 3 – IP Addressing of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153193).

Your goal is to understand the syntax and size of IPv4 and IPv6 addresses, the different types of addresses, and how to express ranges of addresses.

·

Step 3: Learn about packet structure for TCP/IP core protocols.

See Chapters 5 “Internet Protocol (IP)”, 9 “User Datagram Protocol (UDP)”, and 10 “Transmission Control Protocol (TCP) Basics” of the Windows Server 2008 TCP/IP Protocols and Services Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153195), and Chapter 4 of the Understanding IPv6, Second Edition Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153196).

Your goal is to understand the fields that comprise the IPv4, IPv6, TCP, and UDP headers and IPv4 fragmentation.

·

Step 4: Learn about IPv4 and IPv6 forwarding and routing.

See Chapter 5 – IP Routing (https://go.microsoft.com/fwlink/?linkid=153197), Chapter 10 - TCP/IP End-to-End Delivery (https://go.microsoft.com/fwlink/?linkid=153198), and Chapter 15 – IPv6 Transition Technologies (https://go.microsoft.com/fwlink/?linkid=153199) of TCP/IP Fundamentals for Windows.

Your goal is to understand how IPv4 and IPv6 use routing tables to send or forward packets, how Network Address Translation (NAT) works, and the details of the IPv4 and IPv6 end-to-end delivery processes.

Level 100

The following documents contain introduction information and provide 100 level knowledge about Windows Firewall with Advanced Security.

·

Step 1: Learn about the features available in Windows Firewall with Advanced Security.

See Introduction to Windows Firewall with Advanced Security (https://technet.microsoft.com/en-us/library/cc730955(WS.10).aspx).

This document introduces the features of Windows Firewall with Advanced Security and discusses the benefits of using Windows Firewall and IPsec connection security on your network.

Your goal is to understand the main scenarios supported by Windows Firewall with Advanced Security, and the benefits of implementing those scenarios in your organization.

·

Step 2: Learn the basics of using Windows Firewall with Advanced Security.

See Windows Firewall with Advanced Security Getting Started Guide (https://technet.microsoft.com/en-us/library/cc748991(WS.10).aspx).

This document describes how to manage the firewall and IPsec features of your computer by using the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in.

Your goal is to understand the basics of creating firewall rules and connection security rules.

·

Step 3: Learn how the IPsec protocols work to help protect your network traffic.

See Chapter 13 - Internet Protocol Security and Packet Filtering of TCP/IP Fundamentals for Windows (https://go.microsoft.com/fwlink/?linkid=153200).

This document provides a technical overview of the IPsec set of protocols and how they operate.

Your goal is to understand the role of IPsec, the differences between tunnel and transport modes, the differences between main mode and quick mode, the types of IPsec security negotiations, and the protocols used to implement IPsec protections.

·

Step 4: Learn the basics of server and domain isolation.

See Introduction to Server & Domain Isolation (https://technet.microsoft.com/en-us/library/cc725770(WS.10).aspx).

This document introduces the primary scenarios for using Windows Firewall with Advanced Security to protect your network traffic by using IPsec connection security.

Your goal is to understand the differences between server isolation and domain isolation, the types of policies that you must create for each, and the types of firewall and connection security rules that make up those policies.

·

Step 5: Learn how to configure Windows Firewall with Advanced Security policies in an enterprise environment.

See Step-by-Step Guide: Deploying Windows Firewall Policies (https://technet.microsoft.com/en-us/library/cc732400(WS.10).aspx)

This document discusses how to use Group Policy objects (GPOs) to manage firewall and connection security rules on all of the computers that are part of an Active Directory™ domain.

Your goal is to understand how to use Group Policy to manage the computers in your organization, and how to leverage organization unit membership versus group membership to control GPO deployment.

Level 200

The following documents contain intermediate information and provide 200 level knowledge about Windows Firewall with Advanced Security.

·

Step 1: Learn how to create an effective design for a Windows Firewall with Advanced Security implementation.

See Windows Firewall with Advanced Security Design Guide (https://technet.microsoft.com/en-us/library/cc732024(WS.10).aspx).

This document discusses in detail the process of designing firewall and server and domain isolation scenarios that meet your organization’s requirements for network security.

Your goal is to understand the information must be gathered, the kinds of decisions that must be made, and the design options for the various firewall and isolation scenarios.

·

Step 2: Learn how to deploy your Windows Firewall with Advanced Security design.

See Windows Firewall with Advanced Security Deployment Guide (https://technet.microsoft.com/en-us/library/cc972925(WS.10).aspx).

This document discusses how to effectively implement your design by providing procedures that answer the “how” questions that go along with the “what”, “when”, and “why” questions that you answered in the Design Guide.

Your goal is to understand how to create comprehensive firewall and IPsec policies that can be deployed to the computers in your organization to implement effective host firewall and isolation strategies.

·

Step 3: Practice with your design and deployment in a test lab before putting it into production.

See Setting Up IPsec Domain and Server Isolation in a Test Lab (https://www.microsoft.com/downloads/details.aspx?FamilyId=5ACF1C8F-7D7A-4955-A3F6-318FEE28D825\&displaylang=en).

This document contains procedures that demonstrate how to set up IPsec domain and server isolation in a limited test environment, which you can use as a basis for your own deployment.

Your goal is to understand the reasons for using a lab environment to configure and test your server and domain isolation policies, and how to get the most information from your lab setup to make your production deployment more successful.

·

Step 4: Learn basic troubleshooting procedures for Windows Firewall with Advanced Security.

See Windows Firewall with Advanced Security Troubleshooting Guide: Diagnostics and Tools (https://technet.microsoft.com/en-us/library/cc722062(WS.10).aspx).

This document describes common troubleshooting situations and the tools you can use to help diagnose and resolve connectivity problems related to Windows Firewall and IPsec.

Your goal is to understand the kinds of problems that commonly surface when using firewall and connection security rules in your network, and the tools that you can use to diagnose and resolve those problems.

Level 300

The following documents contain advanced information and provide 300 level knowledge about Windows Firewall with Advanced Security.

·

Step 1: Learn the details of the IPsec protocols and packets, and how they are processed by Windows.

See chapter 18 “Internet Protocol Security (IPsec)” of the Windows Server 2008 TCP/IP Protocols and Services Microsoft Press book (https://go.microsoft.com/fwlink/?linkid=153195)

This chapter provides details of the IPsec protocols and examines the structure of IPsec packets.

Your goal is to understand the different types of IPsec headers and trailers, and packet processing for IPsec-protected packets.

·

Step 2: Learn about advanced features in Windows Firewall with Advanced Security.

See the Windows Firewall Technical Reference (http:/technet.microsoft.com/en-us/library/dd125354(WS.10).aspx).

These documents describe advanced details of the Windows implementation of Windows Firewall with Advanced security, and contain reference material. Read them as appropriate for your Windows Firewall and IPsec environment.

************************************************************************************

Thanks for helping us improve Windows Server documentation.

Dave Bishop and Joe Davies
Windows Server User Assistance Networking Writing Team