netsh » advfirewall » consec » add » rule

Microsoft Windows [Version 6.1.7000]
(C) Copyright 2009 Microsoft Corp.
C:\Windows>netsh advfirewall consec add rule ? Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] |..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] | ..."] [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|ecdhp256|ecdhp384|mainmode| none (default=none)] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)] Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel,tunnel endpoints must be specified, except when the action is noauthentication. When specific IP addresses are entered, they must be the same IP version. In addition, When configuring dynamic tunnels: Tunnel endpoints can be set to any. Local tunnel endpoint need not be specified for Client policy (i.e any). Remote tunnel endpoints need not be specified for Gateway Policy (i.e any). Also, action must be requireinrequireout, requireinclearout, or noauthentication. - requireinclearout is not valid when mode=Transport. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1 action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none action=requireinrequestout Create a tunnel mode rule from subnet A (192.168.0.0, external ip=1.1.1.1) to subnet B (192.157.0.0, external ip=2.2.2.2): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout Create a dynamic tunnel mode rule from subnet A (192.168.0.0/16) to subnet B (192.157.0.0, remoteGW=2.2.2.2) Client Policy: netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=any endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 action=requireinrequireout Gateway Policy (Applied only to the Gateway device): netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=192.157.0.0/16 endpoint2=any localtunnelendpoint=2.2.2.2 action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'"

NETSH / ADVFIREWALL / CONSEC / ADD / RULE
Quick - Link:
netsh p2p pnrp cloud dump
Displays a configuration script.
netsh http add timeout
Adds a global timeout to the service.
netsh p2p collab contact show
Displays Information.
netsh dhcpclient
Changes to the `netsh dhcpclient' context.
netsh nap client show
Shows configuration and state information.
netsh branchcache importkey
Imports a new content information key.
netsh namespace show policy
Shows dns client policy table.


... Home  
... Impressum

... CMD commands

... Netsh-Windows-11
... Netsh-Windows-10


... Netsh-Windows-7
... Netsh-Vista
... Netsh-XP

... PowerShell Commands

... Download
    alternative cmd.exe





Windows-10


... Windows 10 FAQ
... Windows 10 How To


Windows 10 How To


... Windows 11 How To
... Windows 10 FAQ


Adds a new connection security rule. / Windows 10, 8.1, Seven

HTTP: ... cmd/en/Windows_7/netsh/advfirewall/consec/add/rule.htm
0.077
17026
Wie kann ich Clear Type in Windows 8.1 und 10 deaktivieren?
How can I uninstall the MultiClipBoardSlots from Windows OS!
What is the best web server among Windows Server solutions?
Be my patron on Software OK!
I don't always have the same CPU frequency, why?
Kann ich einen Kommentar zu den Fotos hinzufügen!
What is lossless compression?
Hilfe, wo kann man das Windows 8 und 8.1 ausschalten, bzw. herunterfahren?
How do I customize the PayPal password?
Exclude a Folder in Windows 10 Defender!



(0)