Windows Firewall with Advanced Security Deployment Guidance

Microsoft is offering deployment guidance to simplify the work of customers that need to leverage Windows Firewall with Advanced Security in order to secure network communication to a Domain Controller.

A Test Lab Guide is now live on the Microsoft Download Center, streamlining the deployment and configuration of Windows Firewall with Advanced Security.

Windows Server 2008 R2 customers will need to make the best out of connection security rules in order to ensure that network communication between a domain controller and domain member computers are protected. Of course, Internet Protocol security (IPsec) is a big part of the solution provided by Microsoft.

“Windows Firewall with Advanced Security (WFAS) combines a host-based firewall and an Internet Engineering Task Force (IETF)-compliant implementation of Internet Protocol security (IPsec),” Microsoft explains.

“As a host-based firewall, WFAS runs on each computer that is running Windows Vista or a later version of Windows to provide local protection from network attacks that might pass through your perimeter network firewall or originate from inside your organization.

“WFAS also provides IPsec-based computer-to-computer connection security which lets you protect the network data by setting rules that require authentication, integrity checking, or encryption when your computers exchange data. WFAS works with both Internet Protocol version 4 (IPv4) and IPv6 traffic.”

According to Microsoft, the guide is designed to streamline the deployment of a test lab involving two server computers and one client machine. The instructions are based on a Base Configuration test lab set up for deploying WFAS connection security rules.

In the end, the resource comes to simplify the deployment of a solution capable of making sure that network traffic between domain members and a domain controller computer is protected.

“In a typical deployment, WFAS connection security rules are configured to use IPsec network authentication and/or encryption between domain members and/or between domain members and computers outside the domain.

“Domain controllers are typically excluded from the IPsec requirements because of the complex rules required to allow new clients to join the domain,” the company added.