This is probably a good idea as you are completely new to Qubes.
Many of the problems that people have with Qubes are not Qubes specific,
and a general understanding of Linux, Fedora or Debian, will be a great
help.
If you prefer not to read, there are many videos online to help get you
started.
A step further than some users.
It’s important to understand that by default Qubes blocks all new incoming
traffic, and that there is a firewall at each stage between sys-net and
your qube. All are activated automatically.
The GUI configuration tool controls only outbound traffic. You can
use it to restrict which sites or which protocols a qube can connect to.
There is a CLI tool, qvm-firewall, in dom0 which gives you slightly
more control over outbound connections.
If you want anything more than this you will have to learn nftables and
customise the firewall rules on the target qube and each upstream qube.
Definitely not for beginners.
There is no inbuilt functionality for this. You could install a network
sniffer like Wireshark in the template used by sys-net, or one of the
other network monitoring tools. One thing that you have to remember is
that at each stage of the network Qubes applies translation - all the
traffic that sys-net sees appears to have come from sys-firewall. If you
want more fine grained analysis you should monitor at that level also.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.