Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any ...


Examples:

      Add a rule for domain isolation using defaults:
      netsh advfirewall consec add rule name="isolation"
      endpoint1=any endpoint2=any action=requireinrequestout

      Add a rule with custom quick mode proposals:
      netsh advfirewall consec add rule name="custom"
      endpoint1=any endpoint2=any
      qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1
      action=requireinrequestout

      Add a rule with custom quick mode proposals:
      netsh advfirewall consec add rule name="custom"
      endpoint1=any endpoint2=any
      qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none
      action=requireinrequestout

      Create a tunnel mode rule from
      subnet A (192.168.0.0, external ip=1.1.1.1) to
      subnet B (192.157.0.0, external ip=2.2.2.2):
      netsh advfirewall consec add rule name="my tunnel" mode=tunnel
      endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16
      remotetunnelendpoint=2.2.2.2
      localtunnelendpoint=1.1.1.1 action=requireinrequireout

      Create a dynamic tunnel mode rule from subnet
      A (192.168.0.0/16)
      to subnet B (192.157.0.0, remoteGW=2.2.2.2)
      Client Policy:
      netsh advfirewall consec add rule name="dynamic tunnel"
      mode=tunnel
      endpoint1=any endpoint2=192.157.0.0/16
      remotetunnelendpoint=2.2.2.2
      action=requireinrequireout
      Gateway Policy (Applied only to the Gateway device):
      netsh advfirewall consec add rule name="dynamic tunnel"
      mode=tunnel endpoint1=192.157.0.0/16
      endpoint2=any localtunnelendpoint=2.2.2.2
      action=requireinrequireout

      Add a rule with CA name:
      netsh advfirewall consec add rule name="cert rule"
      endpoint1=any endpoint2=any action=requireinrequestout
      auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North,
       South, East, and West Root Authority\'"

      Add a rule, with multiple authentication methods, using a variety of cert
      criteria:
      netsh advfirewall consec add rule name="cert rule" endpoint1=any
      endpoint2=any action=requireinrequireout auth1=computercert
      auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup
      certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\'
      certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\'
      certhash:0123456789abcdef01234567890ABCDEF0123456"