11068 \nMain Mode SA at %1!s! \n----------------------------------------------------------------------
11069 \nLocal IP Address: %1!s!
11070 \nRemote IP Address: %1!s!
11071 \nFirst Auth: %1!s!
11072 \nSecond Auth: %1!s!
11073 \nMM Offer: %1!s!
11074 \nCookie Pair: %1!x!:%2!x!
11075 \nHealth Cert: %1!s!
11076 \nQuick Mode SA at %1!s! \n----------------------------------------------------------------------
11077 \nLocal IP Address: %1!s!
11078 \nRemote IP Address: %1!s!
11079 \nLocal Port: %1!s!
11080 \nRemote Port: %1!s!
11081 \nProtocol: %1!s!
11082 \nDirection: %1!s!
11083 \nQM Offer: %1!s!
11084 \nDeleted %1!u! SA(s).\n
11085 Dynamic Store
11086 \nSkipped deleting %1!u! dynamic rule(s) because they did not originate from the dynamic store.\n
11087 Not Configured
11088 \nThe %1!s! MainMode settings in the specified GPO store cannot be shown because they have not been configured.
11089 \nThe following GPOs were found with the name "%1!s!":\n
11090 \nUse one of these GPO IDs to identify the desired GPO.\n
11091 \nPFS: %1!s!
11092 \nKeyLifetime %1!s!\nSecMethods %2!s!
11093 Access Denied
11094 \nSkipped updating %1!u! dynamic rule(s) because they did not originate from the dynamic store.\n
11095 Public Profile
11096 \nGenerate Consec Rules: %1!s!
11097 \n Type Code
11098 \n %1!-4s! %2!-4s!
11099 \nEdge traversal: %1!s!
11100 \nDirection: %1!s!
11101 \nMy ID: %1!s!
11102 \nPeer ID: %1!s!
11103 UNKNOWN
11104 None
11105 Never
11106 Server behind NAT
11107 Server and client behind NAT
12000 Resets the policy to the default out-of-box policy.\n
12001 \nUsage: reset [export filename=<pathilename>]\n\nRemarks:\n\n - Restores the Windows Firewall with Advanced Security policy to the\n default policy. The current active policy can be optionally exported\n to a specified file.\n - In a Group Policy object, this command returns all settings to\n notconfigured and deletes all connection security and firewall\n rules.\n\nExamples:\n\n Backup the current policy and restore out-of-box policy:\n netsh advfirewall reset export "c:\backuppolicy.wfw"
12002 Sets the per-profile or global settings.\n
12003 Sets properties in the domain profile.\n
12004 \nUsage: set domainprofile (parameter) (value)\n\nParameters:\n\n state - Configure the firewall state.\n Usage: state on|off|notconfigured\n\n firewallpolicy - Configures default inbound and outbound behavior.\n Usage: firewallpolicy (inbound behavior),(outbound behavior)\n Inbound behavior:\n blockinbound - Block inbound connections that do not\n match an inbound rule.\n blockinboundalways - Block all inbound connections even if\n the connection matches a rule.\n allowinbound - Allow inbound connections that do\n not match a rule.\n notconfigured - Return the value to its unconfigured state.\n Outbound behavior:\n allowoutbound - Allow outbound connections that do not\n match a rule.\n blockoutbound - Block outbound connections that do not\n match a rule.\n notconfigured - Return the value to its unconfigured state.\n\n settings - Configures firewall settings.\n Usage: settings (parameter) enable|disable|notconfigured\n Parameters:\n localfirewallrules - Merge local firewall rules with Group\n Policy rules. Valid when configuring\n a Group Policy store.\n localconsecrules - Merge local connection security rules\n with Group Policy rules. Valid when\n configuring a Group Policy store.\n inboundusernotification - Notify user when a program listens\n for inbound connections.\n remotemanagement - Allow remote management of Windows\n Firewall.\n unicastresponsetomulticast - Control stateful unicast response to\n multicast.\n\n logging - Configures logging settings.\n Usage: logging (parameter) (value)\n Parameters:\n allowedconnections - Log allowed connections.\n Values: enable|disable|notconfigured\n droppedconnections - Log dropped connections.\n Values: enable|disable|notconfigured\n filename - Name and location of the firewall log.\n Values: <string>|notconfigured\n maxfilesize - Maximum log file size in kilobytes.\n Values: 1 - 32767|notconfigured\n\nRemarks:\n\n - Configures domain profile settings.\n - The "notconfigured" value is valid only for a Group Policy store.\n\nExamples:\n\n Turn the firewall off when the domain profile is active:\n netsh advfirewall set domainprofile state off\n\n Set the default behavior to block inbound and allow outbound\n connections when the domain profile is active:\n netsh advfirewall set domainprofile firewallpolicy\n blockinbound,allowoutbound\n\n Turn on remote management when the domain profile is active:\n netsh advfirewall set domainprofile settings remotemanagement enable\n\n Log dropped connections when the domain profile is active:\n netsh advfirewall set domainprofile logging droppedconnections enable\n
12005 Sets properties in the private profile.\n
12006 \nUsage: set privateprofile (parameter) (value)\n\nParameters:\n\n state - Configure the firewall state.\n Usage: state on|off|notconfigured\n\n firewallpolicy - Configures default inbound and outbound behavior.\n Usage: firewallpolicy (inbound behavior),(outbound behavior)\n Inbound behavior:\n blockinbound - Block inbound connections that do not\n match an inbound rule.\n blockinboundalways - Block all inbound connections even if\n the connection matches a rule.\n allowinbound - Allow inbound connections that do\n not match a rule.\n notconfigured - Return the value to its unconfigured state.\n Outbound behavior:\n allowoutbound - Allow outbound connections that do not\n match a rule.\n blockoutbound - Block outbound connections that do not\n match a rule.\n notconfigured - Return the value to its unconfigured state.\n\n settings - Configures firewall settings.\n Usage: settings (parameter) enable|disable|notconfigured\n Parameters:\n localfirewallrules - Merge local firewall rules with Group\n Policy rules. Valid when configuring\n a Group Policy store.\n localconsecrules - Merge local connection security rules\n with Group Policy rules. Valid when\n configuring a Group Policy store.\n inboundusernotification - Notify user when a program listens\n for inbound connections.\n remotemanagement - Allow remote management of Windows\n Firewall.\n unicastresponsetomulticast - Control stateful unicast response to\n multicast.\n\n logging - Configures logging settings.\n Usage: logging (parameter) (value)\n Parameters:\n allowedconnections - Log allowed connections.\n Values: enable|disable|notconfigured\n droppedconnections - Log dropped connections.\n Values: enable|disable|notconfigured\n filename - Name and location of the firewall log.\n Values: <string>|notconfigured\n maxfilesize - Maximum log file size in kilobytes.\n Values: 1 - 32767|notconfigured\n\nRemarks:\n\n - Configures private profile settings.\n - The "notconfigured" value is valid only for a Group Policy store.\n\nExamples:\n\n Turn the firewall off when the private profile is active:\n netsh advfirewall set privateprofile state off\n\n Set the default behavior to block inbound and allow outbound\n connections when the private profile is active:\n netsh advfirewall set privateprofile firewallpolicy\n blockinbound,allowoutbound\n\n Turn on remote management when the private profile is active:\n netsh advfirewall set privateprofile settings remotemanagement enable\n\n Log dropped connections when the private profile is active:\n netsh advfirewall set privateprofile logging droppedconnections enable\n
12007 Sets properties in the active profile.\n
12008 \nUsage: set currentprofile (parameter) (value)\n\nParameters:\n\n state - Configure the firewall state.\n Usage: state on|off|notconfigured\n\n firewallpolicy - Configures default inbound and outbound behavior.\n Usage: firewallpolicy (inbound behavior),(outbound behavior)\n Inbound behavior:\n blockinbound - Block inbound connections that do not\n match an inbound rule.\n blockinboundalways - Block all inbound connections even if\n the connection matches a rule.\n allowinbound - Allow inbound connections that do\n not match a rule.\n notconfigured - Return the value to its unconfigured state.\n Outbound behavior:\n allowoutbound - Allow outbound connections that do not\n match a rule.\n blockoutbound - Block outbound connections that do not\n match a rule.\n notconfigured - Return the value to its unconfigured state.\n\n settings - Configures firewall settings.\n Usage: settings (parameter) enable|disable|notconfigured\n Parameters:\n localfirewallrules - Merge local firewall rules with Group\n Policy rules. Valid when configuring\n a Group Policy store.\n localconsecrules - Merge local connection security rules\n with Group Policy rules. Valid when\n configuring a Group Policy store.\n inboundusernotification - Notify user when a program listens\n for inbound connections.\n remotemanagement - Allow remote management of Windows\n Firewall.\n unicastresponsetomulticast - Control stateful unicast response to\n multicast.\n\n logging - Configures logging settings.\n Usage: logging (parameter) (value)\n Parameters:\n allowedconnections - Log allowed connections.\n Values: enable|disable|notconfigured\n droppedconnections - Log dropped connections.\n Values: enable|disable|notconfigured\n filename - Name and location of the firewall log.\n Values: <string>|notconfigured\n maxfilesize - Maximum log file size in kilobytes.\n Values: 1 - 32767|notconfigured\n\nRemarks:\n\n - Configures profile settings for the currently active profile.\n - The "notconfigured" value is valid only for a Group Policy store.\n\nExamples:\n\n Turn the firewall off on the currently active profile:\n netsh advfirewall set currentprofile state off\n\n Set the default behavior to block inbound and allow outbound\n connections on the currently active profile:\n netsh advfirewall set currentprofile firewallpolicy\n blockinbound,allowoutbound\n\n Turn on remote management on the currently active profile:\n netsh advfirewall set currentprofile settings remotemanagement enable\n\n Log dropped connections on the currently active profile:\n netsh advfirewall set currentprofile logging droppedconnections enable\n
12009 Sets properties in all profiles.\n
12010 \nUsage: set allprofiles (parameter) (value)\n\nParameters:\n\n state - Configure the firewall state.\n Usage: state on|off|notconfigured\n\n firewallpolicy - Configures default inbound and outbound behavior.\n Usage: firewallpolicy (inbound behavior),(outbound behavior)\n Inbound behavior:\n blockinbound - Block inbound connections that do not\n match an inbound rule.\n blockinboundalways - Block all inbound connections even if\n the connection matches a rule.\n allowinbound - Allow inbound connections that do\n not match a rule.\n notconfigured - Return the value to its unconfigured state.\n Outbound behavior:\n allowoutbound - Allow outbound connections that do not\n match a rule.\n blockoutbound - Block outbound connections that do not\n match a rule.\n notconfigured - Return the value to its unconfigured state.\n\n settings - Configures firewall settings.\n Usage: settings (parameter) enable|disable|notconfigured\n Parameters:\n localfirewallrules - Merge local firewall rules with Group\n Policy rules. Valid when configuring\n a Group Policy store.\n localconsecrules - Merge local connection security rules\n with Group Policy rules. Valid when\n configuring a Group Policy store.\n inboundusernotification - Notify user when a program listens\n for inbound connections.\n remotemanagement - Allow remote management of Windows\n Firewall.\n unicastresponsetomulticast - Control stateful unicast response to\n multicast.\n\n logging - Configures logging settings.\n Usage: logging (parameter) (value)\n Parameters:\n allowedconnections - Log allowed connections.\n Values: enable|disable|notconfigured\n droppedconnections - Log dropped connections.\n Values: enable|disable|notconfigured\n filename - Name and location of the firewall log.\n Values: <string>|notconfigured\n maxfilesize - Maximum log file size in kilobytes.\n Values: 1 - 32767|notconfigured\n\nRemarks:\n\n - Configures profile settings for all profiles.\n - The "notconfigured" value is valid only for a Group Policy store.\n\nExamples:\n\n Turn the firewall off for all profiles:\n netsh advfirewall set allprofiles state off\n\n Set the default behavior to block inbound and allow outbound\n connections on all profiles:\n netsh advfirewall set allprofiles firewallpolicy\n blockinbound,allowoutbound\n\n Turn on remote management on all profiles:\n netsh advfirewall set allprofiles settings remotemanagement enable\n\n Log dropped connections on all profiles:\n netsh advfirewall set allprofiles logging droppedconnections enable\n
12011 Sets the global properties.\n
12012 \nUsage: set global statefulftp|statefulpptp enable|disable|notconfigured\n set global ipsec (parameter) (value)\n set global mainmode (parameter) (value) | notconfigured\n\nIPsec Parameters:\n\n strongcrlcheck - Configures how CRL checking is enforced.\n 0: Disable CRL checking\n 1: Fail if cert is revoked (default)\n 2: Fail on any error\n notconfigured: Returns the value to its not\n configured state.\n saidletimemin - Configures the security association idle time in\n minutes.\n - Usage: 5-60|notconfigured (default=5)\n defaultexemptions - Configures the default IPsec exemptions. Default is\n to exempt IPv6 neighbordiscovery protocol from\n IPsec.\n - Usage: none|neighbordiscovery|notconfigured\n ipsecthroughnat - Configures when security associations can be\n established with a computer behind a network\n address translator.\n - Usage: never|serverbehindnat|\n serverandclientbehindnat|\n notconfigured(default=never)\n\nMain Mode Parameters:\n\n mmkeylifetime - Sets main mode key lifetime in minutes\n or sessions, or both.\n - Usage: <num>min,<num>sess\n mmsecmethods - configures the main mode list of proposals\n - Usage:\n keyexch:enc-integrity,enc-integrity[,...]|default\n - keyexch=dhgroup1|dhgroup2|dhgroup14|\n ecdhp256|ecdhp384\n - enc=3des|des|aes128|aes192|aes256\n - integrity=md5|sha1\n\nRemarks:\n\n - Configures global settings, including advanced IPsec options.\n - The use of DES, MD5 and DHGroup1 is not recommended. These\n cryptographic algorithms are provided for backward compatibility\n only.\n - The mmsecmethods keyword default sets the policy to:\n dhgroup2-aes128-sha1,dhgroup2-3des-sha1\n\nExamples:\n\n Disable CRL checking:\n netsh advfirewall set global ipsec strongcrlcheck 0\n\n Turn on firewall stateful FTP support on server:\n netsh advfirewall set global statefulftp enable\n\n Set global main mode proposals to the default value:\n netsh advfirewall set global mainmode mmsecmethods default\n\n Set global main mode proposals to a customer list:\n netsh advfirewall set global mainmode mmsecmethods\n dhgroup1:des-md5,3des-sha1
12013 Sets the policy store for the current interactive session.\n
12014 \nUsage: set store local|gpo=<computer name>|gpo=<domain\GPO name>|\n gpo=<domain\GPO unique ID>\n\nRemarks:\n\n - Sets the policy store to a Group Policy object (GPO) identified by a\n computer name, domain and GPO name or GPO unique identifier, or\n the local policy store. \n - The default value is local.\n - You must stay in the same interactive session, otherwise\n the store setting is lost.\n - A domain name needs to be fully specified, including the\n\nExamples:\n\n Set the policy store to the GPO on computer1:\n netsh advfirewall set store gpo=computer1\n\n Set the policy store to the GPO called laptops in the office domain:\n netsh advfirewall set store gpo=office.acme.com\laptops\n\n Set the policy store to the GPO with unique identifier\n {842082DD-7501-40D9-9103-FE3A31AFDC9B} in the office domain:\n netsh advfirewall set store\n gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B}
12015 Displays profile or global properties.\n
12016 Displays properties for the domain properties.\n
12017 \nUsage: show domainprofile [parameter]\n\nParameters:\n\n state - Displays whether Windows Firewall with Advanced\n Security is on or off.\n firewallpolicy - Displays default inbound and outbound\n firewall behavior.\n settings - Displays firewall properties.\n logging - Displays logging settings.\n\nRemarks:\n\n - Displays the properties for the domain profile. If a parameter\n is not specified, all properties are displayed.\n\nExamples:\n\n Display the domain profile firewall state:\n netsh advfirewall show domainprofile state
12018 Displays properties for the private profile.\n
12019 \nUsage: show privateprofile [parameter]\n\nParameters:\n\n state - Displays whether Windows Firewall with Advanced\n Security is on or off.\n firewallpolicy - Displays default inbound and outbound\n firewall behavior.\n settings - Displays firewall properties.\n logging - Displays logging settings.\n\nRemarks:\n\n - Displays the properties for the private profile. If a parameter\n is not specified, all properties are displayed.\n\nExamples:\n\n Display the private profile firewall state:\n netsh advfirewall show privateprofile state
12020 Displays properties for the active profile.\n
12021 \nUsage: show currentprofile [parameter]\n\nParameters:\n\n state - Displays whether Windows Firewall with Advanced\n Security is on or off.\n firewallpolicy - Displays default inbound and outbound\n firewall behavior.\n settings - Displays firewall properties.\n logging - Displays logging settings.\n\nRemarks:\n\n - Displays the properties for the active profile. If a parameter\n is not specified, all properties are displayed.\n\nExamples:\n\n Display the active profile firewall state:\n netsh advfirewall show currentprofile state
12022 Displays properties for all profiles.\n
12023 \nUsage: show allprofiles [parameter]\n\nParameters:\n\n state - Displays whether Windows Firewall with Advanced\n Security is on or off.\n firewallpolicy - Displays default inbound and outbound\n firewall behavior.\n settings - Displays firewall properties.\n logging - Displays logging settings.\n\nRemarks:\n\n - Displays the properties for all profiles. If a parameter\n is not specified, all properties are displayed.\n\nExamples:\n\n Display the firewall state for all propfiles:\n netsh advfirewall show allprofiles state
12024 Displays the global properties.\n
12025 \nUsage: show global [property]\n\nParameters:\n\n ipsec - Shows IPsec specific settings.\n statefulftp - Shows stateful ftp support.\n statefulpptp - Shows stateful pptp support.\n mainmode - Shows Main Mode settings.\n\nRemarks:\n\n - Displays the global property settings. If a parameter is\n not specified,\n all properties are displayed.\n\nExamples:\n\n Display IPsec settings:\n netsh advfirewall show global ipsec\n\n Display main mode settings:\n netsh advfirewall show global mainmode
12026 Displays the policy store for the current interactive session.\n
12027 \nUsage: show store\n\nRemarks:\n\n - This command displays the current policy store.\n\nExample:\n\n netsh advfirewall show store
12028 Imports a policy file into the current policy store.\n
12029 \nUsage: import <path\filename>\n\nRemarks:\n\n - Imports policy from the specified file.\n\nExample:\n\n netsh advfirewall import "c:\newpolicy.wfw"
12030 Exports the current policy to a file.\n
12031 \nUsage: export <path\filename>\n\nRemarks:\n\n - Exports the current policy to the specified file.\n\nExample:\n\n netsh advfirewall export "c:\advfirewallpolicy.wfw"
12032 Adds a new connection security rule.\n
12033 \nUsage: add rule name=<string>\n endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>\n endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>\n action=requireinrequestout|requestinrequestout|\n requireinrequireout|noauthentication\n [description=<string>]\n [mode=transport|tunnel (default=transport)]\n [enable=yes|no (default=yes)]\n [profile=public|private|domain|any[,...] (default=any)]\n [type=dynamic|static (default=static)]\n [localtunnelendpoint=<IPv4 address>|<IPv6 address>]\n [remotetunnelendpoint=<IPv4 address>|<IPv6 address>]\n [port1=0-65535|any (default=any)]\n [port2=0-65535|any (default=any)]\n [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)]\n [interfacetype=wiresless|lan|ras|any (default=any)]\n [auth1=computerkerb|computercert|computerpsk|\n computerntlm|anonymous[,...]]\n [auth1psk=<string>]\n [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no] | ..."]\n [auth1healthcert=yes|no (default=no)]\n [auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]]\n [auth2ca="<CA Name> [certmapping:yes|no] | ..."]\n [auth2healthcert=yes|no (default=no)]\n [qmpfs=dhgroup1|dhgroup2|dhgroup14|ecdhp256|ecdhp384|mainmode|\n none (default=none)]\n [qmsecmethods=\n ah:<integrity>+esp:<integrity>-<encryption>+[valuemin]+[valuekb]\n |default]\n\nRemarks:\n\n - Rule name should be unique and cannot be "all".\n - When mode=tunnel, both tunnel endpoints must be specified and must be\n the same IP version. Also, action must be requireinrequireout.\n - At least one authentication must be specified.\n - Auth1 and auth2 can be comma-separated lists of options.\n - Computerpsk and computerntlm methods cannot be specified together\n for auth1.\n - Computercert cannot be specified with user credentials for auth2.\n - Qmsecmethods can be a list of proposals separated by a ",".\n - For qmsecmethods, integrity=md5|sha1 and\n encryption=3des|des|aes128|aes192|aes256\n - Qmpfs=mainmode uses the main mode key exchange setting for PFS.\n - The use of DES, MD5 and DHGroup1 is not recommended. These\n cryptographic algorithms are provided for backward compatibility\n only.\n - The default value for certmapping and excludecaname is 'no'.\n - The " characters within CA name must be replaced with \'\n\nExamples:\n\n Add a rule for domain isolation using defaults:\n netsh advfirewall consec add rule name="isolation"\n endpoint1=any endpoint2=any action=requireinrequestout\n\n Add a rule with custom quick mode proposals:\n netsh advfirewall consec add rule name="custom"\n endpoint1=any endpoint2=any\n qmsecmethods=ah:md5+esp:md5-3des+60min+20480kb,ah:sha1\n action=requireinrequestout\n\n Create a tunnel mode rule from\n subnet A (192.168.0.0, external ip=1.1.1.1) to\n subnet B (192.157.0.0, external ip=2.2.2.2):\n netsh advfirewall consec add rule name="my tunnel" mode=tunnel\n endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16\n remotetunnelendpoint=2.2.2.2\n localtunnelendpoint=1.1.1.1 action=requireinrequireout\n\n Add a rule with CA name:\n netsh advfirewall consec add rule name="cert rule"\n endpoint1=any endpoint2=any action=requireinrequestout\n auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North,\n South, East, and West Root Authority\'"
12034 Sets new values for properties of an existing rule.\n
12035 \nUsage: set rule\n group=<string> | name=<string>\n [type=dynamic|static]\n [profile=public|private|domain|any[,...] (default=any)]\n [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [port1=0-65535|any]\n [port2=0-65535|any]\n [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]\n new\n [name=<string>]\n [profile=public|private|domain|any[,...]]\n [description=<string>]\n [mode=transport|tunnel]\n [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [action=requireinrequestout|requestinrequestout|\n requireinrequireout|noauthentication]\n [enable=yes|no]\n [type=dynamic|static]\n [localtunnelendpoint=<IPv4 address>|<IPv6 address>]\n [remotetunnelendpoint=<IPv4 address>|<IPv6 address>]\n [port1=0-65535|any]\n [port2=0-65535|any]\n [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]\n [interfacetype=wiresless|lan|ras|any]\n [auth1=computerkerb|computercert|computerpsk|computerntlm>|\n anonymous[,...]]\n [auth1psk=<string>]\n [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no] | ..."]\n [auth1healthcert=yes|no]\n [auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]]\n [auth2ca="<CA Name> [certmapping:yes|no] | ..."]\n [auth2healthcert=yes|no]\n [qmsecmethods=\n ah:<integrity>+esp:<integrity>-<encryption>+[valuemin]+[valuekb]|\n default]\n\n\nRemarks:\n\n - Sets a new parameter value on an identified rule. The command fails\n if the rule does not exist. To create a rule, use the add command.\n - Values after the new keyword are updated in the rule. If there are\n no values, or keyword new is missing, no changes are made.\n - A group of rules can only be enabled or disabled.\n - If multiple rules match the criteria, all matching rules will be\n updated.\n - Rule name should be unique and cannot be "all".\n - Auth1 and auth2 can be comma-separated lists of options.\n - Computerpsk and computerntlm methods cannot be specified together\n for auth1.\n - Computercert cannot be specified with user credentials for auth2.\n - Qmsecmethods can be a list of proposals separated by a ",".\n - For qmsecmethods, integrity=md5|sha1 and\n encryption=3des|des|aes128|aes192|aes256\n - If qmsemethods are set to default, qmpfs will be set to default\n as well.\n - Qmpfs=mainmode uses the main mode key exchange setting for PFS.\n - The use of DES, MD5 and DHGroup1 is not recommended. These\n cryptographic algorithms are provided for backward compatibility\n only.\n - The default value for certmapping and excludecaname is 'no'.\n - The " characters within CA name must be replaced with \'\n\nExamples:\n\n Rename rule1 to rule 2:\n netsh advfirewall consec set rule name="rule1" new\n name="rule2"\n\n Change the action on a rule:\n netsh advfirewall consec set rule name="rule1"\n endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout
12036 Deletes all matching connection security rules.\n
12037 \nUsage: delete rule name=<string>\n [type=dynamic|static]\n [profile=public|private|domain|any[,...] (default=any)]\n [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [port1=0-65535|any (default=any)]\n [port2=0-65535|any (default=any)]\n [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]\n\nRemarks:\n\n - Deletes a name identified by name and optionally by profiles,\n endpoints, ports, protocol, and type.\n - If multiple matches are found, all matching rules are deleted.\n\nExamples:\n\n Delete a rule called "rule1" from all profiles:\n netsh advfirewall consec delete rule name="rule1"\n\n Delete all dynamic rules from all profiles:\n netsh advfirewall consec delete rule name=all type=dynamic
12038 Displays a specified connection security rule.\n
12039 \nUsage: show rule name=<string>\n [profile=public|private|domain|any[,...]]\n [type=dynamic|static (default=static)]\n [verbose]\n\nRemarks:\n\n - Displays all instances of the rule identified by name, and\n optionally profiles and type.\n\nExamples:\n\n Display all rules:\n netsh advfirewall consec show rule name=all\n\n Display all dynamic rules:\n netsh advfirewall consec show rule name=all type=dynamic
12040 Adds a new inbound or outbound firewall rule.\n
12041 \nUsage: add rule name=<string>\n dir=in|out\n action=allow|block|bypass\n [program=<program path>]\n [service=<service short name>|any]\n [description=<string>]\n [enable=yes|no (default=yes)]\n [profile=public|private|domain|any[,...]]\n [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [localport=0-65535|RPC|RPC-EPMap|any[,...] (default=any)]\n [remoteport=0-65535|any[,...] (default=any)]\n [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|\n tcp|udp|any (default=any)]\n [interfacetype=wireless|lan|ras|any]\n [rmtcomputergrp=<SDDL string>]\n [rmtusrgrp=<SDDL string>]\n [edge=yes|no (default=no)]\n [security=authenticate|authenc|notrequired (default=notrequired)]\n\nRemarks:\n\n - Add a new inbound or outbound rule to the firewall policy.\n - Rule name should be unique and cannot be "all".\n - If a remote computer or user group is specified, security must be\n authenticate or authenc.\n - If action=bypass, the remote computer group must be specified.\n - Action=bypass is only valid for rules with dir=in.\n - If service=any, the rule applies only to services.\n - ICMP type or code can be "any".\n - Edge can only be specified for inbound rules.\n\n\nExamples:\n\n Add an inbound rule for messenger.exe:\n netsh advfirewall firewall add rule name="allow messenger"\n dir=in program="c:\programfiles\messenger\msmsgs.exe"\n action=allow\n\n Add an outbound rule for port 80:\n netsh advfirewall firewall add rule name="allow80"\n protocol=TCP dir=out localport=80 action=block\n\n Add an inbound rule for messenger.exe and require security\n netsh advfirewall firewall add rule name="allow messenger"\n dir=in program="c:\program files\messenger\msmsgs.exe"\n security=authenticate action=allow\n\n Add an authenticated firewall bypass rule for group\n acmedomain\scanners identified by a SDDL string:\n netsh advfirewall firewall add rule name="allow scanners"\n dir=in rmtcomputergrp=<SDDL string> action=bypass\n security=authenticate
12042 Sets new values for properties of a existing rule.\n
12043 \nUsage: set rule\n group=<string> | name=<string>\n [dir=in|out]\n [profile=public|private|domain|any[,...]]\n [program=<program path>]\n [service=service short name|any]\n [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [localport=0-65535|RPC|RPC-EPMap|any[,...]]\n [remoteport=0-65535|any[,...]]\n [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|\n tcp|udp|any]\n new\n [name=<string>]\n [dir=in|out]\n [program=<program path>\n [service=<service short name>|any]\n [action=allow|block|bypass]\n [description=<string>]\n [enable=yes|no]\n [profile=public|private|domain|any[,...]]\n [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [localport=0-65535|RPC|RPC-EPMap|any[,...]]\n [remoteport=0-65535|any[,...]]\n [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|\n tcp|udp|any]\n [interfacetype=wireless|lan|ras|any]\n [rmtcomputergrp=<SDDL string>]\n [rmtusrgrp=<SDDL string>]\n [edge=yes|no]\n [security=authenticate|authenc|notrequired]\n\nRemarks:\n\n - Sets a new parameter value on an identified rule. The command fails\n if the rule does not exist. To create a rule, use the add command.\n - Values after the new keyword are updated in the rule. If there are\n no values, or keyword new is missing, no changes are made.\n - A group of rules can only be enabled or disabled.\n - If multiple rules match the criteria, all matching rules will\n be updated.\n - Rule name should be unique and cannot be "all".\n - If a remote computer or user group is specified, security must be\n authenticate or authenc.\n - If action=bypass, the remote computer group must be specified.\n - Action=bypass is only valid for rules with dir=in.\n - If service=any, the rule applies only to services.\n - ICMP type or code can be "any".\n - Edge can only be specified for inbound rules.\n\nExamples:\n\n Change the remote IP address on a rule called "allow80":\n netsh advfirewall firewall set rule name="allow80" new\n remoteip=192.168.0.2\n\n Enable a group with grouping string "Remote Desktop":\n netsh advfirewall firewall set rule group="remote desktop" new\n enable=yes
12044 Deletes all matching inbound rules.\n
12045 \nUsage: delete rule name=<string>\n [dir=in|out]\n [profile=public|private|domain|any[,...]]\n [program=<program path>]\n [service=<service short name>|any]\n [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|\n <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]\n [localport=0-65535|RPC|RPC-EPMap|any[,...]]\n [remoteport=0-65535|any[,...]]\n [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|\n tcp|udp|any]\n\nRemarks:\n\n - Deletes a name identified by name and optionally by endpoints, ports,\n protocol, and type.\n - If multiple matches are found, all matching rules are deleted.\n - If name=all is specified all rules are deleted from the specified\n type and profile.\n\nExamples:\n\n Delete all inbound rules for local port 80:\n netsh advfirewall firewall delete rule name=all protocol=tcp localport=80\n\n Delete an inbound rule called "allow80":\n netsh advfirewall firewall delete rule name="allow80"
12046 Displays a specified firewall rule.\n
12047 \nUsage: show rule name=<string>\n [profile=public|private|domain|any[,...]]\n [type=static|dynamic]\n [verbose]\n\nRemarks:\n\n - Displays all matching rules as specified by name and optionally,\n profiles and type. If verbose is specified all matching rules are\n displayed.\n\nExamples:\n\n Display all dynamic inbound rules:\n netsh advfirewall firewall show rule name=all dir=in type=dynamic\n\n Display all the settings for all inbound rules called\n "allow messenger":\n netsh advfirewall firewall show rule name="allow messenger" verbose
12064 Deletes all matching security associations.\n
12065 \nUsage: delete mmsa|qmsa [(source destination)|all]\n\nRemarks:\n - This command deletes the matching security association as\n specified by (source destination) pair.\n - Source and destination are each a single IPv4 or IPv6\n address.\n\nExamples:\n\n Delete all quick mode security associations:\n netsh advfirewall monitor delete qmsa all\n\n Delete all main mode security associations between the two\n specified addresses:\n netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6
12066 Shows all matching security associations.\n
12067 \nUsage: show mmsa|qmsa [(source destination)|all]\n\nRemarks:\n\n - This command shows all the security association, or as filtered by\n (source destination) pair.\n - Source and destination are each a single IPv4 or IPv6\n address.\n\nExamples:\n\n Show all main mode SAs:\n netsh advfirewall monitor show mmsa\n\n Show the main mode SAs between the two addresses:\n netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4
12068 Sets properties in the public profile.\n
12069 \nUsage: set publicprofile (parameter) (value)\n\nParameters:\n\n state - Configure the firewall state.\n Usage: state on|off|notconfigured\n\n firewallpolicy - Configures default inbound and outbound behavior.\n Usage: firewallpolicy (inbound behavior),(outbound behavior)\n Inbound behavior:\n blockinbound - Block inbound connections that do not\n match an inbound rule.\n blockinboundalways - Block all inbound connections even if\n the connection matches a rule.\n allowinbound - Allow inbound connections that do\n not match a rule.\n notconfigured - Return the value to its unconfigured state.\n Outbound behavior:\n allowoutbound - Allow outbound connections that do not\n match a rule.\n blockoutbound - Block outbound connections that do not\n match a rule.\n notconfigured - Return the value to its unconfigured state.\n\n settings - Configures firewall settings.\n Usage: settings (parameter) enable|disable|notconfigured\n Parameters:\n localfirewallrules - Merge local firewall rules with Group\n Policy rules. Valid when configuring\n a Group Policy store.\n localconsecrules - Merge local connection security rules\n with Group Policy rules. Valid when\n configuring a Group Policy store.\n inboundusernotification - Notify user when a program listens\n for inbound connections.\n remotemanagement - Allow remote management of Windows\n Firewall.\n unicastresponsetomulticast - Control stateful unicast response to\n multicast.\n\n logging - Configures logging settings.\n Usage: logging (parameter) (value)\n Parameters:\n allowedconnections - Log allowed connections.\n Values: enable|disable|notconfigured\n droppedconnections - Log dropped connections.\n Values: enable|disable|notconfigured\n filename - Name and location of the firewall log.\n Values: <string>|notconfigured\n maxfilesize - Maximum log file size in kilobytes.\n Values: 1 - 32767|notconfigured\n\nRemarks:\n\n - Configures public profile settings.\n - The "notconfigured" value is valid only for a Group Policy store.\n\nExamples:\n\n Turn the firewall off when the public profile is active:\n netsh advfirewall set publicprofile state off\n\n Set the default behavior to block inbound and allow outbound\n connections when the public profile is active:\n netsh advfirewall set publicprofile firewallpolicy\n blockinbound,allowoutbound\n\n Turn on remote management when the public profile is active:\n netsh advfirewall set publicprofile settings remotemanagement enable\n\n Log dropped connections when the public profile is active:\n netsh advfirewall set publicprofile logging droppedconnections enable\n
12070 Displays properties for the public profile.\n
12071 \nUsage: show publicprofile [parameter]\n\nParameters:\n\n state - Displays whether Windows Firewall with Advanced\n Security is on or off.\n firewallpolicy - Displays default inbound and outbound\n firewall behavior.\n settings - Displays firewall properties.\n logging - Displays logging settings.\n\nRemarks:\n\n - Displays the properties for the public profile. If a parameter\n is not specified, all properties are displayed.\n\nExamples:\n\n Display the public profile firewall state:\n netsh advfirewall show publicprofile state
13000 \nThe store cannot be a Group Policy object when a remote machine is specified. Set the store to 'Local' or set the machine to be the local computer.\n
13001 \nAn unrecoverable Windows Firewall error (0x%1!x!) occurred.\n
13002 \nAn error occurred while attempting to retrieve a Windows Firewall setting.\n
13003 \nAn error occurred contacting the firewall. Make sure that the Windows Firewall service is running and try your request again.\n
13004 \nThe string 'all' cannot be used as the name of a rule.\n
13007 \nThe specified cryptographic set was not found.\n
13008 \n'CurrentProfile' cannot be used when configuring a GPO store. Use 'DomainProfile', 'PrivateProfile', 'PublicProfile', or 'AllProfiles' instead.\n
13009 \nThis setting can only be changed when connected to a GPO store.\n
13010 \nThis setting can only be changed in local stores.\n
13011 \nPorts may only be specified if the protocol is TCP or UDP.\n
13012 \nThe dynamic rule type cannot be used when configuring a GPO store.\n
13013 \nThe auth1 parameter is required when specifying auth1 options.\n
13014 \nThe auth2 parameter is required when specifying auth2 options.\n
13015 \nThe specified authentication set was not found.\n
13016 \nThe specified auth1 set is missing a required parameter.\n
13017 \nThe specified auth2 set is missing a required parameter.\n
13018 \nUnable to export policy with error 0x%1!x!. Make sure that the file name is correct and the file is accessible. The firewall policy has not been reset.\n
13019 \nThe monitor context cannot be used when connected to a GPO store.\n
13020 \nThe endpoints provided do not have the same IP version. Specify two IPv4 or two IPv6 endpoints.\n
13021 \nNo SAs match the specified criteria.\n
13022 \nUnable to export policy with error 0x%1!x!. Make sure that the file name provided is correct and the file is accessible.\n
13023 \nUnable to import policy with error 0x%1!x!. Make sure that the file name provided is correct, accessible, and a valid Windows Firewall policy file.\n
13024 \nAn error occurred connecting to the remote computer. Make sure that the Windows Firewall service on the remote computer is running and configured to allow remote management and try your request again.\n
13025 \nAn error occurred configuring the specified GPO store. Make sure that the specified GPO is valid and accessible and try your request again.\n
13026 \nAn unexpected error (0x%1!x!) occurred while performing validation.\n
13027 \nAn invalid number of arguments were provided. Check help for the correct syntax.\n
13028 \nAn invalid IP address or address keyword was specified.\n
13029 \nAn invalid port value was specified.\n
13030 \nAn invalid protocol value was specified.\n
13031 \nAn invalid auth1 value was specified.\n
13032 \nAn invalid auth2 value was specified.\n
13033 \nFor 'set' commands, the 'new' keyword must be present and must not be the last argument provided.\n
13034 \nAn invalid value was specified.\n
13035 \nAn invalid argument was specified. The only valid argument for reset is 'export'.\n
13036 \nAn invalid store was specified.\n
13037 \nAn invalid firewall policy setting was specified.\n
13038 \nA number value was expected, but the input is either non-numeric or not valid.\n
13039 \nAn invalid mmkeylifetime value was specified.\n
13040 \nAn invalid strongcrlcheck value was specified.\n
13041 \nAn invalid saidletimemin value was specified.\n
13042 \nAn invalid statefulftp or statefulpptp value was specified.\n
13043 \nAn invalid security value was specified.\n
13044 \nSpecify either a source and destination pair or the keyword 'all' to identify SAs.\n
13045 \nAn invalid mmsecmethods value was specified.\n
13046 \nAn invalid qmsecmethods value was specified.\n
13047 \nAn invalid protocol was specified in qmsecmethods.\n
13048 \nAn invalid key lifetime value was specified in qmsecmethods.\n
13049 \nIf the first protocol specified for a proposal in qmsecmethods is ESP, then no other protocols are allowed in that proposal.\n
13050 \nWhen using both AH and ESP protocols in a qmsecmethods proposal, the same integrity value must be used for both protocols.\n
13051 \nThe same protocol was specified more than once for a qmsecmethods proposal.\n
13052 \nThe specified GPO store could not be opened because it has not been created. Create the GPO store and try your request again.\n
13053 \nAuth2 may not be specified when auth1 contains computerpsk.\n
13054 \nAn invalid GPO ID was specified.\n
13055 \nUnable to open the GPO on the specified computer. Make sure that the specified GPO is valid and accessible and try your request again.\n
13056 \nUnable to contact the specified domain. Make sure that the domain is valid and accessible and try your request again.\n
13057 \nUnable to open the specified GPO. Make sure that the GPO is valid and accessible and try your request again.\n
13058 \nMultiple GPOs were found that have the specified name. Specify the GUID of the GPO that you wish to configure.\n
13059 \nLocaltunnelendpoint and remotetunnelendpoint must both be specified when the rule mode is tunnel.\n
13060 \nLocaltunnelendpoint and remotetunnelendpoint cannot be specified when the rule mode is transport.\n
13061 \nAuth2 must be computercert when auth2healthcert is specified.\n
13062 \nAn invalid interface type was specified.\n
13063 \nUnable to set log file path with error 0x%1!x!. Failed to set the security attributes on the file path.\n
13064 \nLog file size must be between 1 and 32767.\n
13065 \nIn Common Criteria mode, the administrator cannot set anything else on the rule when setting qmsecmethods=None.\n
13066 \nAuth1, auth2, qmpfs, and qmsecmethods cannot be specified when action is noauthentication.\n
13067 \nComputerntlm and computerpsk cannot be specifed in the same rule.\n
13068 \nOne or more of the profiles specified is invalid. 'Any' cannot be specified if other profiles are specified.\n
13069 \nGroup cannot be specified along with other identification conditions.\n
13070 \nOnly the enable parameter can be used to update rules specified by a group.\n
13071 \nQmpfs cannot be specified when qmsecmethods is set to default.\n
13072 \nNotconfigured value can only be used when configuring a GPO store.\n
13073 \nAnonymous cannot be specified as the only proposal in auth2.\n
