Usage: set global statefulftp|statefulpptp enable|disable|notconfigured set global ipsec (parameter) (value) set global mainmode ...

Usage: set global statefulftp|statefulpptp enable|disable|notconfigured
      set global ipsec (parameter) (value)
      set global mainmode (parameter) (value) | notconfigured

IPsec Parameters:

      strongcrlcheck    - Configures how CRL checking is enforced.
                          0: Disable CRL checking (default)
                          1: Fail if cert is revoked
                          2: Fail on any error
                          notconfigured: Returns the value to its not
                          configured state.
      saidletimemin     - Configures the security association idle time in
                          minutes.
                        - Usage: 5-60|notconfigured (default=5)
      defaultexemptions - Configures the default IPsec exemptions. Default is
                          to exempt IPv6 neighbordiscovery protocol and
                          DHCP from IPsec.
                        - Usage: none|neighbordiscovery|icmp|dhcp|notconfigured
      ipsecthroughnat   - Configures when security associations can be
                          established with a computer behind a network
                          address translator.
                        - Usage: never|serverbehindnat|
                                 serverandclientbehindnat|
                                 notconfigured(default=never)
      authzcomputergrp  - Configures the computers that are authorized to
                          establish tunnel mode connections.
                        - Usage: none||notconfigured
      authzusergrp      - Configures the users that are authorized to establish
                          tunnel mode connections.
                        - Usage: none||notconfigured

Main Mode Parameters:

      mmkeylifetime     - Sets main mode key lifetime in minutes
                          or sessions, or both.
                        - Usage: min,sess
                          minlifetime: <1> min,
                          maxlifetime: <2880> min
                          minsessions: <0> sessions,
                          maxsessions: <2,147,483,647> sessions
      mmsecmethods      - configures the main mode list of proposals
                        - Usage:
                          keyexch:enc-integrity,keyexch:enc-integrity[,...]|default
                        - keyexch=dhgroup1|dhgroup2|dhgroup14|
                          ecdhp256|ecdhp384
                        - enc=3des|des|aes128|aes192|aes256
                        - integrity=md5|sha1|sha256|sha384
      mmforcedh         - configures the option to use DH to secure key exchange. 
                        - Usage:
                          yes|no (default=no) 


Remarks:

      - Configures global settings, including advanced IPsec options. 
      - The use of DES, MD5 and DHGroup1 is not recommended. These 
        cryptographic algorithms are provided for backward compatibility 
        only. 
      - The mmsecmethods keyword default sets the policy to: 
        dhgroup2-aes128-sha1,dhgroup2-3des-sha1 

Examples: 

      Disable CRL checking: 
      netsh advfirewall set global ipsec strongcrlcheck 0 

      Turn on the Firewall support for stateful FTP: 
      netsh advfirewall set global statefulftp enable 

      Set global main mode proposals to the default value: 
      netsh advfirewall set global mainmode mmsecmethods default 

      Set global main mode proposals to a customer list: 
      netsh advfirewall set global mainmode mmsecmethods 
      dhgroup1:des-md5,dhgroup1:3des-sha1