netsh » advfirewall » consec » add » rule

Microsoft Windows [Version 6.0.6001]
(C) Copyright 2006 Microsoft Corp.
c:\windows>netsh advfirewall consec add rule ? Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=|] [remotetunnelendpoint=|] [port1=0-65535|any (default=any)] [port2=0-65535|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computerpsk| computerntlm|anonymous[,...]] [auth1psk=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] | ..."] [auth1healthcert=yes|no (default=no)] [auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]] [auth2ca=" [certmapping:yes|no] | ..."] [auth2healthcert=yes|no (default=no)] [qmpfs=dhgroup1|dhgroup2|dhgroup14|ecdhp256|ecdhp384|mainmode| none (default=none)] [qmsecmethods= ah:+esp:-+[valuemin]+[valuekb] |default] Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel, both tunnel endpoints must be specified and must be the same IP version. Also, action must be requireinrequireout. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1 and encryption=3des|des|aes128|aes192|aes256 - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:md5+esp:md5-3des+60min+20480kb,ah:sha1 action=requireinrequestout Create a tunnel mode rule from subnet A (, external ip= to subnet B (, external ip= netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1= endpoint2= remotetunnelendpoint= localtunnelendpoint= action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'"


Quick - Link:
netsh ras diagnostics set cmtracing
Enables/disables Connection Manager logging.
netsh interface isatap show router
Shows the ISATAP router information.
netsh winsock show catalog
Displays contents of Winsock Catalog.
netsh ipsec static set policy
Modifies a policy.
netsh interface ipv4 show tcpconnections
Displays TCP connections.


... Windows 10 FAQ
... Windows 10 How To

Windows 10 How To

... Windows 11 How To
... Windows 10 FAQ

Adds a new connection security rule. / Windows Vista

HTTP: ... cmd/en/Windows_Vista/netsh/advfirewall/consec/add/rule.htm

Menüpunkt Extras, Netz, Netzlaufwerk trennen!

Compare Fonts TTF OTF on Windows!

The Desktop Classic Analog Watch!

Schlafmodus Blockierung mit Windows Starten lassen!

Mouse drop tracks on the Windows desktop!

Windows security icon in the Windows 11 taskbar on / off!