Usage: add rule name=endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| | | | | endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
| | | | action=requireinrequestout|requestinrequestout| requireinrequireout|noauthentication [description=
] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint= | ] [remotetunnelendpoint= | ] [port1=0-65535|any (default=any)] [port2=0-65535|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computerpsk| computerntlm|anonymous[,...]] [auth1psk= ] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] | ..."] [auth1healthcert=yes|no (default=no)] [auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]] [auth2ca=" [certmapping:yes|no] | ..."] [auth2healthcert=yes|no (default=no)] [qmpfs=dhgroup1|dhgroup2|dhgroup14|ecdhp256|ecdhp384|mainmode| none (default=none)] [qmsecmethods= ah: +esp: - +[valuemin]+[valuekb] |default] Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel, both tunnel endpoints must be specified and must be the same IP version. Also, action must be requireinrequireout. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1 and encryption=3des|des|aes128|aes192|aes256 - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:md5+esp:md5-3des+60min+20480kb,ah:sha1 action=requireinrequestout Create a tunnel mode rule from subnet A (192.168.0.0, external ip=1.1.1.1) to subnet B (192.157.0.0, external ip=2.2.2.2): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'
Usage: %ws modifiers switches data computername Where 'computername' can be the name or domain ame Modifiers: -F = perform ...
Usage: ADD PLEX LUN= NOERR ADD TPGROUP TPORTAL= NOERR Adds an existing LUN as a plex to the currently selected LUN or adds ...
Usage: add rule name= dir=in|out action=allow|block|bypass program= service= |any description= enable=yes|no (default=yes) ...
Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| | | | | endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ...
Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| | | | | endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ...
Usage: all format = (list | table) wide = (yes | no) Displays all policies, filter lists, and filter actions. Parameters: ...
Usage: all resolvedns = (yes | no) Displays details of all policies, filters, SAs, and statistics from SPD. Parameters: Tag ...
Usage: ASSOCIATE CONTROLLERS ADD , ,. ASSOCIATE PORTS ADD - , - ,. ASSOCIATE TARGETS ADD , ,. Adds or replaces the list of ...
Usage: AuditPol /backup /file: This command backs up system audit policy settings and per-user audit policy settings for ...