Microsoft is offering deployment guidance to simplify the work of customers that need to leverage Windows Firewall with Advanced Security in order to secure network communication to a Domain Controller.
"Windows Firewall with Advanced Security combines a host-based firewall and an Internet Engineering Task Force (IETF)-compliant implementation of Internet Protocol security, Microsoft explains.
As a host-based firewall, WFAS runs on each computer that/s running Windows Vista or a later version of Windows to provide local protection from network attacks that might pass through your perimeter network firewall or originate from inside your organization.
WFAS also provides IPsec-based computer-to-computer connection security which lets you protect the network data by setting rules that require authentication, integrity checking, or encryption when your computers exchange data. WFAS works with both Internet Protocol version 4 (IPv4) and IPv6 traffic."
This Test Lab Guide contains an introduction to WFAS and step-by-step instructions for extending the Base Configuration test lab. You will configure WFAS connection security rules to protect network communication between a domain controller and domain member computers using IPsec.
The connection security rules are configured to allow new computers to join the domain and then subsequently the communication between the domain controller and the domain member is protected using IPsec.
More Info: Download