Remarks:
- Rule name should be unique and cannot be "all".
- When mode=tunnel,tunnel endpoints must be specified,
except when the action is noauthentication.
When specific IP addresses are entered, they must be
the same IP version.
In addition, When configuring dynamic tunnels:
Tunnel endpoints can be set to any. Local tunnel
endpoint need not be specified for Client policy
(i.e any).
Remote tunnel endpoints need not be specified for
Gateway Policy (i.e any).
Also, action must be requireinrequireout, requireinclearout,
or noauthentication.
- requireinclearout is not valid when mode=Transport.
- At least one authentication must be specified.
- Auth1 and auth2 can be comma-separated lists of options.
- Computerpsk and computerntlm methods cannot be specified together
for auth1.
- Computercert cannot be specified with user credentials for auth2.
- Certsigning options ecdsap256 and ecdsap384 are only supported on
Windows Vista SP1 and later.
- Qmsecmethods can be a list of proposals separated by a ",".
- For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192|
aesgmac256|aesgcm128|aesgcm192|aesgcm256 and
encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256.
- If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for
both ESP integrity and encryption.
- Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256,
sha256 are only supported on Windows Vista SP1 and later.
- Qmpfs=mainmode uses the main mode key exchange setting for PFS.
- The use of DES, MD5 and DHGroup1 is not recommended. These
cryptographic algorithms are provided for backward compatibility
only.
- The default value for certmapping and excludecaname is 'no'.
- The " characters within CA name must be replaced with \'
- For auth1ca and auth2ca, the CA name must be prefixed by 'CN='.
- catype can be used to specify the Certification authority type -
catype=root/intermediate
- authnoencap is supported on Windows 7 and later.
- authnoencap means that the computers will only use authentication,
and will not use any per packet encapsulation or encryption
algorithms to protect subsequent network packets exchanged as part
of this connection.
- QMPFS and authnoencap cannot be used together on the same rule.
- AuthNoEncap must be accompanied by at least one AH or ESP integrity
suite.
- applyauthz can only be specified for tunnel mode rules.
- exemptipsecprotectedconnections can only be specified
for tunnel mode rules. By setting this flag to "Yes",
ESP traffic will be exempted from the tunnel.
AH only traffic will NOT be exempted from the tunnel.
- Valuemin(when specified) for a qmsecmethod should be between 5-2880
minutes. Valuekb(when specified) for a qmsecmethod should be
between 20480-2147483647 kilobytes.
Reliable Multicast Protocol. An implemention of the Pragmatic General Multicast Protocol (Pgm) for adding a degree of reliability ...
Reload the entire stack of pages, including this sheet, into Tray 1 (the top tray, if there is more than one) with the printed ...
Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting ...
Remaining time in minutes before the parent application becomes unlicensed. For KMS clients, this is the remaining time before ...
Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel,tunnel endpoints must be specified, except ...
Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, ...
Remarks: Commas that are not used as separators in distinguished names must be escaped with the backslash ("\") character ...
Remarks: Displays whether Winsock send autotuning is enabled. Send autotuning is dynamically adjust the amount of send buffered ...
Remarks: Dsmod quota only supports a subset of commonly used object class attributes. If a value that you use contains spaces, ...