Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| | | | | endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ...

Usage: add rule name=       endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|          ||||       endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|          ||||       action=requireinrequestout|requestinrequestout|          requireinrequireout|noauthentication       [description=]       [mode=transport|tunnel (default=transport)]       [enable=yes|no (default=yes)]       [profile=public|private|domain|any[,...] (default=any)]       [type=dynamic|static (default=static)]       [localtunnelendpoint=|]       [remotetunnelendpoint=|]       [port1=0-65535|any (default=any)]       [port2=0-65535|any (default=any)]       [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)]       [interfacetype=wiresless|lan|ras|any (default=any)]       [auth1=computerkerb|computercert|computerpsk|          computerntlm|anonymous[,...]]       [auth1psk=]       [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] | ..."]       [auth1healthcert=yes|no (default=no)]       [auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]]       [auth2ca=" [certmapping:yes|no] | ..."]       [auth2healthcert=yes|no (default=no)]       [qmpfs=dhgroup1|dhgroup2|dhgroup14|ecdhp256|ecdhp384|mainmode|          none (default=none)]       [qmsecmethods=          ah:+esp:-+[valuemin]+[valuekb]          |default]  Remarks:        - Rule name should be unique and cannot be "all".       - When mode=tunnel, both tunnel endpoints must be specified and must be         the same IP version. Also, action must be requireinrequireout.       - At least one authentication must be specified.       - Auth1 and auth2 can be comma-separated lists of options.       - Computerpsk and computerntlm methods cannot be specified together         for auth1.       - Computercert cannot be specified with user credentials for auth2.       - Qmsecmethods can be a list of proposals separated by a ",".       - For qmsecmethods, integrity=md5|sha1 and         encryption=3des|des|aes128|aes192|aes256       - Qmpfs=mainmode uses the main mode key exchange setting for PFS.       - The use of DES, MD5 and DHGroup1 is not recommended. These         cryptographic algorithms are provided for backward compatibility         only.       - The default value for certmapping and excludecaname is 'no'.       - The " characters within CA name must be replaced with \'  Examples:        Add a rule for domain isolation using defaults:       netsh advfirewall consec add rule name="isolation"       endpoint1=any endpoint2=any action=requireinrequestout        Add a rule with custom quick mode proposals:       netsh advfirewall consec add rule name="custom"       endpoint1=any endpoint2=any       qmsecmethods=ah:md5+esp:md5-3des+60min+20480kb,ah:sha1       action=requireinrequestout        Create a tunnel mode rule from       subnet A (192.168.0.0, external ip=1.1.1.1) to       subnet B (192.157.0.0, external ip=2.2.2.2):       netsh advfirewall consec add rule name="my tunnel" mode=tunnel       endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16       remotetunnelendpoint=2.2.2.2       localtunnelendpoint=1.1.1.1 action=requireinrequireout        Add a rule with CA name:       netsh advfirewall consec add rule name="cert rule"       endpoint1=any endpoint2=any action=requireinrequestout       auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North,        South, East, and West Root Authority\'"