- Rule name should be unique and cannot be "all". - When mode=tunnel, both tunnel endpoints must be specified and must be the same IP version. Also, action must be requireinrequireout. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1 and encryption=3des|des|aes128|aes192|aes256 - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \'
Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout
Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:md5+esp:md5-3des+60min+20480kb,ah:sha1 action=requireinrequestout
Create a tunnel mode rule from subnet A (192.168.0.0, external ip=126.96.36.199) to subnet B (188.8.131.52, external ip=184.108.40.206): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=220.127.116.11/16 remotetunnelendpoint=18.104.22.168 localtunnelendpoint=22.214.171.124 action=requireinrequireout
Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'"
NETSH / ADVFIREWALL / CONSEC / ADD / RULE
netsh advfirewall consec add rule - Windows Vista - commandAdds a new connection security rule. - Windows Vista netsh, advfirewall, consec, add, rule, cmd, command, Windows, Vista