????
Your IP : 216.73.216.152

Current Path : C:/Windows/System32/en-US/
Current File : C:/Windows/System32/en-US/authfwcfg.dll.mui
MZ����@���	�!�L�!This program cannot be run in DOS mode.

$��<߱�R���R���R�U�����R�U�P���R�Rich��R�PEL�!�

 ��@ ��8.rdata�@@.rsrc �@@{���
T88{���$��8.rdata8x.rdata$zzzdbg P.rsrc$01P'��.rsrc$02 ��;��)�b��%	���3č�Tf4{���H�(�@�h���#������������������(��@��X��p���������������������0��H��`��x������������������� ��8�-P�.h�/��0��1��2����	�			(	8	H	X	h	x	�	�	�	�	�	�	�	�			(	8	H	X	h	x	�	�	�	�	�	�	�	�			(	8P'��(���-���4��|:��@.�<F�� L���R���SV�$U�<V�� WF�hX��4Zt��fj�lR�hp��u���y��,~:	�h����������x�n���*!��K�R�� ��M~��l�k�X�N���6����	�|�&
���n��	���MUI���D5�[U5�-I�It�RuY�b�_B/�������MUIen-USX
%1!s! Settings: 
----------------------------------------------------------------------,
State                                 %1!s!,
Firewall Policy                       %1!s!�
LocalFirewallRules                    %1!s!
LocalConSecRules                      %2!s!
InboundUserNotification               %3!s!
RemoteManagement                      %4!s!
UnicastResponseToMulticast            %5!s!	
Logging:�
LogAllowedConnections                 %1!s!
LogDroppedConnections                 %2!s!
FileName                              %3!s!
MaxFileSize                           %4!s!
Main Mode:�
KeyLifetime                           %1!u!min,%2!u!sess
SecMethods                            %3!s!
ForceDH                               %4!s!PA
IPsec:`
StrongCRLCheck                        %1!s!
SAIdleTimeMin                         %2!s!
DefaultExemptions                     %3!s!
IPsecThroughNAT                       %4!s!
AuthzUserGrp                          %5!s!
AuthzComputerGrp                      %6!s!
AuthzUserGrpTransport                 %7!s!
AuthzComputerGrpTransport             %8!s!,
StatefulFTP                           %1!s!,
StatefulPPTP                          %1!s!,
Policy Store                          %1!s!Domain ProfilePrivate ProfileDisabledCheckEnforces
Rule Name:                            %1!s!
----------------------------------------------------------------------,
Description:                          %1!s!,
Enabled:                              %1!s!,
Profiles:                             %1!s!,
Type:                                 %1!s!,
LocalTunnelEndpoint:                  %1!s!PA,
RemoteTunnelEndpoint:                 %1!s!,
InterfaceTypes:                       %1!s!,
Endpoint1:                            %1!s!,
Endpoint2:                            %1!s!,
Port1:                                %1!s!,
Port2:                                %1!s!,
Protocol:                             %1!s!,
Action:                               %1!s!,
Auth1:                                %1!s!,
Auth1PSK:                             %1!s!,
Auth1CAName:                          %1!s!,
Auth1CertMapping:                     %1!s!,
Auth1ExcludeCAName:                   %1!s!,
Auth1HealthCert:                      %1!s!,
Auth2:                                %1!s!,
Auth2CAName:                          %1!s!,
Auth2CertMapping:                     %1!s!,
Auth2HealthCert:                      %1!s!,
MainModeSecMethods:                   %1!s!9
MainModeKeyLifetime:                  %1!u!min,%2!u!sess,
QuickModeSecMethods:                  %1!s!,
QuickModePFS:                         %1!s!Current ProfileN/A (GPO-store only)
Deleted %1!u! rule(s).

Updated %1!u! rule(s).
,
Mode:                                 %1!s!s
Rule Name:                            %1!s!
----------------------------------------------------------------------,
Description:                          %1!s!,
Grouping:                             %1!s!,
Enabled:                              %1!s!,
Profiles:                             %1!s!PA,
LocalIP:                              %1!s!,
RemoteIP:                             %1!s!,
LocalPort:                            %1!s!,
RemotePort:                           %1!s!,
Protocol:                             %1!s!,
Program:                              %1!s!,
Service:                              %1!s!,
InterfaceTypes:                       %1!s!,
RemoteComputerGroup:                  %1!s!,
RemoteUserGroup:                      %1!s!,
Security:                             %1!s!,
Action:                               %1!s!s
Main Mode SA at %1!s!                      
----------------------------------------------------------------------,
Local IP Address:                     %1!s!,
Remote IP Address:                    %1!s!,
Auth1:                                %1!s!PA,
Auth2:                                %1!s!,
MM Offer:                             %1!s!'
Cookie Pair:                          ,
Health Cert:                          %1!s!s
Quick Mode SA at %1!s!                     
----------------------------------------------------------------------,
Local IP Address:                     %1!s!,
Remote IP Address:                    %1!s!,
Local Port:                           %1!s!,
Remote Port:                          %1!s!,
Protocol:                             %1!s!,
Direction:                            %1!s!,
QM Offer:                             %1!s!
Deleted %1!u! SA(s).

Dynamic Store_
Skipped deleting %1!u! dynamic rule(s) because they did not originate from the dynamic store.
Not Configuredn
The %1!s! MainMode settings in the specified GPO store cannot be shown because they have not been configured.6
The following GPOs were found with the name "%1!s!":
7
Use one of these GPO IDs to identify the desired GPO.
,
PFS:                                  %1!s!�
KeyLifetime                           %1!s!
SecMethods                            %2!s!
ForceDH                               %3!s!
Access Denied_
Skipped updating %1!u! dynamic rule(s) because they did not originate from the dynamic store.
Public Profile,
Generate Consec Rules:                %1!s!3
                                      Type    Code9
                                      %1!-4s!    %2!-4s!,
Edge traversal:                       %1!s!,
Direction:                            %1!s!,
Auth1 Local ID:                       %1!s!,
Auth1 Remote ID:                      %1!s!UNKNOWNNoneNeverServer behind NATServer and client behind NATOFFONAllowBlockBypassInOutYesNoAnyGlobalGPOPALocalStoreEnableDisableminRequireInRequestOutRequestInRequestOutRequireInRequireOutNoAuthenticationDHGroup1DHGroup2	DHGroup14ECDHP256ECDHP384MainModeDynamicPAStaticTunnel	TransportBothComputerKerbComputerCertComputerPSKComputerNTLM	AnonymousUserCertUserKerbUserNTLM3DESDESAES128AES192AES256MD5SHA1TCPUDPICMPv4ICMPv6AHESPNeighborDiscoveryICMPAuthenticateAuthEncNotRequiredWirelessLANRASDomainPrivatePublicBlockInboundBlockInboundAlwaysAllowInbound
BlockOutbound
AllowOutbound:,-+%umin%ukb,
Auth2 Local ID:                       %1!s!PA,
Auth2 Remote ID:                      %1!s!%1!02x!ComputerCertECDSAP256ComputerCertECDSAP384UserCertECDSAP256UserCertECDSAP384	AESGCM128	AESGCM192	AESGCM256SHA256SHA384	AESGCM128	AESGCM192	AESGCM256
AESGMAC128
AESGMAC192PA
AESGMAC256�
Auth1ECDSAP256CAName:                 %1!s!
Auth1ECDSAP256CertMapping:            %2!s!
Auth1ECDSAP256ExcludeCAName:          %3!s!
Auth1ECDSAP256CertType:               %4!s!
Auth1ECDSAP256HealthCert:             %5!s!�
Auth1ECDSAP384CAName:                 %1!s!
Auth1ECDSAP384CertMapping:            %2!s!
Auth1ECDSAP384ExcludeCAName:          %3!s!
Auth1ECDSAP384CertType:               %4!s!
Auth1ECDSAP384HealthCert:             %5!s!�
Auth2ECDSAP256CAName:                 %1!s!
Auth2ECDSAP256CertMapping:            %2!s!
Auth2ECDSAP256CertType:               %3!s!
Auth2ECDSAP256HealthCert:             %4!s!�
Auth2ECDSAP384CAName:                 %1!s!
Auth2ECDSAP384CertMapping:            %2!s!
Auth2ECDSAP384CertType:               %3!s!
Auth2ECDSAP384HealthCert:             %4!s!�
Auth2ECDSAP256CAName:                 %1!s!
Auth2ECDSAP256CertMapping:            %2!s!
Auth2ECDSAP256CertType:               %3!s!�
Auth2ECDSAP384CAName:                 %1!s!
Auth2ECDSAP384CertMapping:            %2!s!
Auth2ECDSAP384CertType:               %3!s!O
%1!s!: 
----------------------------------------------------------------------
%1!s!

AuthDynEnc�
BootTimeRuleCategory                  %1!s!
FirewallRuleCategory                  %2!s!
StealthRuleCategory                   %3!s!
ConSecRuleCategory                    %4!s!Windows Defender Firewall
Categories:s
Rule Name:                            %1!s!
----------------------------------------------------------------------,
Description:                          %1!s!,
Profiles:                             %1!s!9
KeyLifetime:                          %1!u!min,%2!u!sess,
Endpoint1:                            %1!s!,
Endpoint2:                            %1!s!,
Auth1:                                %1!s!,
Auth1PSK:                             %1!s!,
Auth1CAName:                          %1!s!,
Auth1CertMapping:                     %1!s!,
Auth1ExcludeCAName:                   %1!s!,
Auth1HealthCert:                      %1!s!,
SecMethods:                           %1!s!,
Enabled:                              %1!s!$
Receive fail                : %1!S!$
Send fail                   : %1!S!$
Acquire Heap size           : %1!S!$
Receive Heap size           : %1!S!$
Negotiation Failures        : %1!S!PA$
Invalid Cookies Rcvd        : %1!S!$
Total Acquire               : %1!S!$
TotalGetSpi                 : %1!S!$
TotalKeyAdd                 : %1!S!$
TotalKeyUpdate              : %1!S!$
GetSpiFail                  : %1!S!$
KeyAddFail                  : %1!S!$
KeyUpdateFail               : %1!S!$
IsadbListSize               : %1!S!$
ConnListSize                : %1!S!%
Invalid Packets Rcvd        : %1!S!


IPsec Statistics
----------------
 
IPsecStatistics not available.
$
Active Assoc                : %1!S!$
Offload SAs                 : %1!S!PA$
Pending Key                 : %1!S!$
Key Adds                    : %1!S!$
Key Deletes                 : %1!S!$
ReKeys                      : %1!S!$
Active Tunnels              : %1!S!$
Bad SPI Pkts                : %1!S!$
Pkts not Decrypted          : %1!S!$
Pkts not Authenticated      : %1!S!$
Pkts with Replay Detection  : %1!S!$
Confidential Bytes Sent     : %1!S!$
Confidential Bytes Received : %1!S!$
Authenticated Bytes Sent    : %1!S!$
Authenticated Bytes Received: %1!S!$
Transport Bytes Sent        : %1!S!$
Transport Bytes Received    : %1!S!$
Offloaded Bytes Sent        : %1!S!%
Offloaded Bytes Received    : %1!S!
$
Bytes Sent In Tunnels       : %1!S!$
Bytes Received In Tunnels   : %1!S!
IKE Statistics
-------------- 

IKEStatistics not available.
$
Main Modes                  : %1!S!$
Quick Modes                 : %1!S!$
Soft SAs                    : %1!S!$
Authentication Failures     : %1!S!$
Active Acquire              : %1!S!$
Active Receive              : %1!S!$
Acquire fail                : %1!S!,
Rule source:                          %1!s!
Quick Mode:X
QuickModeSecMethods                   %1!s!
QuickModePFS                          %2!s!PA
Security Associations:,
GPO Name                              %1!s!\
Global Policy State:
----------------------------------------------------------------------h
Windows Defender Firewall Rules:
----------------------------------------------------------------------
Connection Security Rules:,
Auth1CertType:                        %1!s!,
Auth2CertType:                        %1!s!AuthNoEncap,
ExemptIPsecProtectedConnections:      %1!s!RequireInClearOut,
ApplyAuthorization:                   %1!s!Defer to application
Defer to userDenyLocal Group Policy Setting
Local SettingDynamic Setting,
ForceDH:                              %1!s!
Mainmode Rules:DHCPGroup Policy Setting�
The 'netsh advfirewall dump' command is not implemented in this version
of Windows. Instead, use the 'netsh advfirewall export' command to write
the current Windows Defender Firewall with Advanced Security configuration from
the current policy store to a file on disk. You can then use 'netsh
advfirewall import' to read the file and load it into another policy
store, such as a Group Policy object or the current policy store on
another computer. To set the current policy store, use the 'netsh
advfirewall set store' command.
For more information about the commands in the netsh advfirewall context,
see Netsh Commands for Windows Defender Firewall with Advanced Security at
https://go.microsoft.com/fwlink/?linkid=111237.	DHGroup24ComputerNegoEx
UserNegoEx,
Auth1CriteriaType:                    %1!s!,
Auth1CertNameType:                    %1!s!,
Auth1CertName:                        %1!s!,
Auth1CertEku:                         %1!s!,
Auth1CertHash:                        %1!s!,
Auth1FollowCertRenewal:               %1!s!,
Auth1ECDSAP256CriteriaType:           %1!s!PA,
Auth1ECDSAP256CertNameType:           %1!s!,
Auth1ECDSAP256CertName:               %1!s!,
Auth1ECDSAP256CertEku:                %1!s!,
Auth1ECDSAP256CertHash:               %1!s!,
Auth1ECDSAP256FollowCertRenewal:      %1!s!,
Auth1ECDSAP384CriteriaType:           %1!s!,
Auth1ECDSAP384CertNameType:           %1!s!,
Auth1ECDSAP384CertName:               %1!s!,
Auth1ECDSAP384CertEku:                %1!s!,
Auth1ECDSAP384CertHash:               %1!s!,
Auth1ECDSAP384FollowCertRenewal:      %1!s!,
Auth2CriteriaType:                    %1!s!,
Auth2CertNameType:                    %1!s!,
Auth2CertName:                        %1!s!,
Auth2CertEku:                         %1!s!,
Auth2CertHash:                        %1!s!,
Auth2FollowCertRenewal:               %1!s!,
Auth2ECDSAP256CriteriaType:           %1!s!,
Auth2ECDSAP256CertNameType:           %1!s!,
Auth2ECDSAP256CertName:               %1!s!,
Auth2ECDSAP256CertEku:                %1!s!,
Auth2ECDSAP256CertHash:               %1!s!,
Auth2ECDSAP256FollowCertRenewal:      %1!s!,
Auth2ECDSAP384CriteriaType:           %1!s!,
Auth2ECDSAP384CertNameType:           %1!s!,
Auth2ECDSAP384CertName:               %1!s!,
Auth2ECDSAP384CertEku:                %1!s!,
Auth2ECDSAP384CertHash:               %1!s!,
Auth2ECDSAP384FollowCertRenewal:      %1!s!,
Auth1KerbProxyFQDN:                   %1!s!,
Auth1ProxyServerFQDN:                 %1!s!,
Auth2ProxyServerFQDN:                 %1!s!,
Machine authorization SDDL            %1!s!,
User authorization SDDL               %1!s!4Resets the policy to the default out-of-box policy.

Usage:  reset [export <path\filename>]

Remarks:

      - Restores the Windows Defender Firewall with Advanced Security policy to the
        default policy.  The current active policy can be optionally exported
        to a specified file.
      - In a Group Policy object, this command returns all settings to
        notconfigured and deletes all connection security and firewall
        rules.

Examples:

      Backup the current policy and restore out-of-box policy:
      netsh advfirewall reset export "c:\backuppolicy.wfw")Sets the per-profile or global settings.
'Sets properties in the domain profile.
�
Usage:  set domainprofile (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures domain profile settings.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off when the domain profile is active:
      netsh advfirewall set domainprofile state off

      Set the default behavior to block inbound and allow outbound
      connections when the domain profile is active:
      netsh advfirewall set domainprofile firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management when the domain profile is active:
      netsh advfirewall set domainprofile settings remotemanagement enable

      Log dropped connections when the domain profile is active:
      netsh advfirewall set domainprofile logging droppedconnections enable
(Sets properties in the private profile.
�
Usage:  set privateprofile (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures private profile settings.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off when the private profile is active:
      netsh advfirewall set privateprofile state off

      Set the default behavior to block inbound and allow outbound
      connections when the private profile is active:
      netsh advfirewall set privateprofile firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management when the private profile is active:
      netsh advfirewall set privateprofile settings remotemanagement enable

      Log dropped connections when the private profile is active:
      netsh advfirewall set privateprofile logging droppedconnections enable
'Sets properties in the active profile.
�
Usage:  set currentprofile (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures profile settings for the currently active profile.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off on the currently active profile:
      netsh advfirewall set currentprofile state off

      Set the default behavior to block inbound and allow outbound
      connections on the currently active profile:
      netsh advfirewall set currentprofile firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management on the currently active profile:
      netsh advfirewall set currentprofile settings remotemanagement enable

      Log dropped connections on the currently active profile:
      netsh advfirewall set currentprofile logging droppedconnections enable
!Sets properties in all profiles.
N
Usage:  set allprofiles (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures profile settings for all profiles.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off for all profiles:
      netsh advfirewall set allprofiles state off

      Set the default behavior to block inbound and allow outbound
      connections on all profiles:
      netsh advfirewall set allprofiles firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management on all profiles:
      netsh advfirewall set allprofiles settings remotemanagement enable

      Log dropped connections on all profiles:
      netsh advfirewall set allprofiles logging droppedconnections enable
Sets the global properties.

Usage: set global statefulftp|statefulpptp enable|disable|notconfigured
      set global ipsec (parameter) (value)
      set global mainmode (parameter) (value) | notconfigured

IPsec Parameters:

      strongcrlcheck    - Configures how CRL checking is enforced.
                          0: Disable CRL checking (default)
                          1: Fail if cert is revoked
                          2: Fail on any error
                          notconfigured: Returns the value to its not
                          configured state.
      saidletimemin     - Configures the security association idle time in
                          minutes.
                        - Usage: 5-60|notconfigured (default=5)
      defaultexemptions - Configures the default IPsec exemptions. Default is
                          to exempt IPv6 neighbordiscovery protocol and
                          DHCP from IPsec.
                        - Usage: none|neighbordiscovery|icmp|dhcp|notconfigured
      ipsecthroughnat   - Configures when security associations can be
                          established with a computer behind a network
                          address translator.
                        - Usage: never|serverbehindnat|
                                 serverandclientbehindnat|
                                 notconfigured(default=never)
      authzcomputergrp  - Configures the computers that are authorized to
                          establish tunnel mode connections.
                        - Usage: none|<SDDL string>|notconfigured
      authzusergrp      - Configures the users that are authorized to establish
                          tunnel mode connections.
                        - Usage: none|<SDDL string>|notconfigured

Main Mode Parameters:

      mmkeylifetime     - Sets main mode key lifetime in minutes
                          or sessions, or both.
                        - Usage: <num>min,<num>sess
                          minlifetime: <1> min,
                          maxlifetime: <2880> min
                          minsessions: <0> sessions,
                          maxsessions: <2,147,483,647> sessions
      mmsecmethods      - configures the main mode list of proposals
                        - Usage:
                          keyexch:enc-integrity,keyexch:enc-integrity[,...]|default
                        - keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24|
                          ecdhp256|ecdhp384
                        - enc=3des|des|aes128|aes192|aes256
                        - integrity=md5|sha1|sha256|sha384
      mmforcedh         - configures the option to use DH to secure key exchange. 
                        - Usage:
                          yes|no (default=no) 


Remarks:

      - Configures global settings, including advanced IPsec options. 
      - The use of DES, MD5 and DHGroup1 is not recommended. These 
        cryptographic algorithms are provided for backward compatibility 
        only. 
      - The mmsecmethods keyword default sets the policy to: 
        dhgroup2-aes128-sha1,dhgroup2-3des-sha1 

Examples: 

      Disable CRL checking: 
      netsh advfirewall set global ipsec strongcrlcheck 0 

      Turn on the Firewall support for stateful FTP: 
      netsh advfirewall set global statefulftp enable 

      Set global main mode proposals to the default value: 
      netsh advfirewall set global mainmode mmsecmethods default 

      Set global main mode proposals to a customer list: 
      netsh advfirewall set global mainmode mmsecmethods 
      dhgroup1:des-md5,dhgroup1:3des-sha1;Sets the policy store for the current interactive session.
�
Usage: set store local|gpo=<computer name>|gpo=<domain\GPO name>|
          gpo=<domain\GPO unique ID>

Remarks:

      - Sets the policy store to a Group Policy object (GPO) identified by a
        computer name, domain and GPO name or GPO unique identifier, or
        the local policy store. 
      - The default value is local.
      - You must stay in the same interactive session, otherwise
        the store setting is lost.
      - When specifying a domain name, you must enter a fully
        qualified domain name (FQDN).

Examples:

      Set the policy store to the GPO on computer1:
      netsh advfirewall set store gpo=computer1

      Set the policy store to the GPO called laptops in the office domain:
      netsh advfirewall set store gpo=office.acme.com\laptops

      Set the policy store to the GPO with unique identifier
      {842082DD-7501-40D9-9103-FE3A31AFDC9B} in the office domain:
      netsh advfirewall set store
      gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B}'Displays profile or global properties.
PA/Displays properties for the domain properties.
�
Usage: show domainprofile [parameter]

Parameters:

      state             - Displays whether Windows Defender Firewall with Advanced
                          Security is on or off.
      firewallpolicy    - Displays default inbound and outbound
                          firewall behavior.
      settings          - Displays firewall properties.
      logging           - Displays logging settings.

Remarks:

      - Displays the properties for the domain profile. If a parameter
        is not specified, all properties are displayed.

Examples:

      Display the domain profile firewall state:
      netsh advfirewall show domainprofile state-Displays properties for the private profile.
�
Usage: show privateprofile [parameter]

Parameters:

      state             - Displays whether Windows Defender Firewall with Advanced
                          Security is on or off.
      firewallpolicy    - Displays default inbound and outbound
                          firewall behavior.
      settings          - Displays firewall properties.
      logging           - Displays logging settings.

Remarks:

      - Displays the properties for the private profile. If a parameter
        is not specified, all properties are displayed.

Examples:

      Display the private profile firewall state:
      netsh advfirewall show privateprofile state,Displays properties for the active profile.
�
Usage: show currentprofile [parameter]

Parameters:

      state             - Displays whether Windows Defender Firewall with Advanced
                          Security is on or off.
      firewallpolicy    - Displays default inbound and outbound
                          firewall behavior.
      settings          - Displays firewall properties.
      logging           - Displays logging settings.

Remarks:

      - Displays the properties for the active profile. If a parameter
        is not specified, all properties are displayed.

Examples:

      Display the active profile firewall state:
      netsh advfirewall show currentprofile state&Displays properties for all profiles.
�
Usage: show allprofiles [parameter]

Parameters:

      state             - Displays whether Windows Defender Firewall with Advanced
                          Security is on or off.
      firewallpolicy    - Displays default inbound and outbound
                          firewall behavior.
      settings          - Displays firewall properties.
      logging           - Displays logging settings.

Remarks:

      - Displays the properties for all profiles. If a parameter
        is not specified, all properties are displayed.

Examples:

      Display the firewall state for all propfiles:
      netsh advfirewall show allprofiles state Displays the global properties.
#
Usage: show global [property]

Parameters:

      ipsec             - Shows IPsec specific settings.
      statefulftp       - Shows stateful ftp support.
      statefulpptp      - Shows stateful pptp support.
                          This value is Ignored in Windows 7 and is available only to
                          manage downlevel Windows Defender Firewall with Advanced Security systems.
      mainmode          - Shows Main Mode settings.
      categories        - Shows Firewall Categories.

Remarks:

      - Displays the global property settings. If a parameter is
        not specified,
        all properties are displayed.

Examples:

      Display IPsec settings:
      netsh advfirewall show global ipsec

      Display main mode settings:
      netsh advfirewall show global mainmode?Displays the policy store for the current interactive session.
�
Usage: show store

Remarks:

      - This command displays the current policy store.

Example:

      netsh advfirewall show store5Imports a policy file into the current policy store.
�
Usage: import <path\filename>

Remarks:

      - Imports policy from the specified file.

Example:

      netsh advfirewall import "c:\newpolicy.wfw"&Exports the current policy to a file.
�
Usage: export <path\filename>

Remarks:

      - Exports the current policy to the specified file.

Example:

      netsh advfirewall export "c:\advfirewallpolicy.wfw"PA%Adds a new connection security rule.
4Sets new values for properties of an existing rule.
0Deletes all matching connection security rules.
�
Usage: delete rule name=<string>
      [type=dynamic|static]
      [profile=public|private|domain|any[,...] (default=any)]
      [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [port1=0-65535|<port range>[,...]|any (default=any)]
      [port2=0-65535|<port range>[,...]|any (default=any)]
      [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]

Remarks:

      - Deletes a rule identified by name and optionally by profiles,
        endpoints, ports, protocol, and type.
      - If multiple matches are found, all matching rules are deleted.

Examples:

      Delete a rule called "rule1" from all profiles:
      netsh advfirewall consec delete rule name="rule1"

      Delete all dynamic rules from all profiles:
      netsh advfirewall consec delete rule name=all type=dynamic/Displays a specified connection security rule.
�
Usage: show rule name=<string>
      [profile=public|private|domain|any[,...]]
      [type=dynamic|static (default=static)]
      [verbose]

Remarks:

      - Displays all instances of the rule identified by name, and
        optionally profiles and type.

Examples:

      Display all rules:
      netsh advfirewall consec show rule name=all

      Display all dynamic rules:
      netsh advfirewall consec show rule name=all type=dynamic.Adds a new inbound or outbound firewall rule.
J
Usage: add rule name=<string>
      dir=in|out
      action=allow|block|bypass
      [program=<program path>]
      [service=<service short name>|any]
      [description=<string>]
      [enable=yes|no (default=yes)]
      [profile=public|private|domain|any[,...]]
      [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)]
      [remoteport=0-65535|<port range>[,...]|any (default=any)]
      [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
         tcp|udp|any (default=any)]
      [interfacetype=wireless|lan|ras|any]
      [rmtcomputergrp=<SDDL string>]
      [rmtusrgrp=<SDDL string>]
      [edge=yes|deferapp|deferuser|no (default=no)]
      [security=authenticate|authenc|authdynenc|authnoencap|notrequired 
         (default=notrequired)]

Remarks:

      - Add a new inbound or outbound rule to the firewall policy.
      - Rule name should be unique and cannot be "all".
      - If a remote computer or user group is specified, security must be
        authenticate, authenc, authdynenc, or authnoencap.
      - Setting security to authdynenc allows systems to dynamically
        negotiate the use of encryption for traffic that matches
        a given Windows Defender Firewall rule. Encryption is negotiated based on
        existing connection security rule properties. This option
        enables the ability of a machine to accept the first TCP
        or UDP packet of an inbound IPsec connection as long as
        it is secured, but not encrypted, using IPsec.
        Once the first packet is processed, the server will
        re-negotiate the connection and upgrade it so that
        all subsequent communications are fully encrypted.
      - If action=bypass, the remote computer group must be specified when dir=in.
      - If service=any, the rule applies only to services.
      - ICMP type or code can be "any".
      - Edge can only be specified for inbound rules.
      - AuthEnc and authnoencap cannot be used together.
      - Authdynenc is valid only when dir=in.
      - When authnoencap is set, the security=authenticate option becomes an
        optional parameter.

Examples:

      Add an inbound rule with no encapsulation security for browser.exe:
      netsh advfirewall firewall add rule name="allow browser"
      dir=in program="c:\programfiles\browser\browser.exe"
      security=authnoencap action=allow

      Add an outbound rule for port 80:
      netsh advfirewall firewall add rule name="allow80"
      protocol=TCP dir=out localport=80 action=block

      Add an inbound rule requiring security and encryption
      for TCP port 80 traffic:
      netsh advfirewall firewall add rule
      name="Require Encryption for Inbound TCP/80"
      protocol=TCP dir=in localport=80 security=authdynenc
      action=allow

      Add an inbound rule for browser.exe and require security
      netsh advfirewall firewall add rule name="allow browser"
      dir=in program="c:\program files\browser\browser.exe"
      security=authenticate action=allow

      Add an authenticated firewall bypass rule for group
      acmedomain\scanners identified by a SDDL string:
      netsh advfirewall firewall add rule name="allow scanners"
      dir=in rmtcomputergrp=<SDDL string> action=bypass
      security=authenticate

      Add an outbound allow rule for local ports 5000-5010 for udp-
      Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow3Sets new values for properties of a existing rule.
�
Usage: set rule
      group=<string> | name=<string>
      [dir=in|out]
      [profile=public|private|domain|any[,...]]
      [program=<program path>]
      [service=service short name|any]
      [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any]
      [remoteport=0-65535|<port range>[,...]|any]
      [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
         tcp|udp|any]
      new
      [name=<string>]
      [dir=in|out]
      [program=<program path>
      [service=<service short name>|any]
      [action=allow|block|bypass]
      [description=<string>]
      [enable=yes|no]
      [profile=public|private|domain|any[,...]]
      [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [localport=0-65535|RPC|RPC-EPMap|any[,...]]
      [remoteport=0-65535|any[,...]]
      [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
         tcp|udp|any]
      [interfacetype=wireless|lan|ras|any]
      [rmtcomputergrp=<SDDL string>]
      [rmtusrgrp=<SDDL string>]
      [edge=yes|deferapp|deferuser|no (default=no)]
      [security=authenticate|authenc|authdynenc|notrequired]

Remarks:

      - Sets a new parameter value on an identified rule. The command fails
        if the rule does not exist. To create a rule, use the add command.
      - Values after the new keyword are updated in the rule.  If there are
        no values, or keyword new is missing, no changes are made.
      - A group of rules can only be enabled or disabled.
      - If multiple rules match the criteria, all matching rules will
        be updated.
      - Rule name should be unique and cannot be "all".
      - If a remote computer or user group is specified, security must be
        authenticate, authenc or authdynenc.
      - Setting security to authdynenc allows systems to dynamically
        negotiate the use of encryption for traffic that matches
        a given Windows Defender Firewall rule. Encryption is negotiated based on
        existing connection security rule properties. This option
        enables the ability of a machine to accept the first TCP
        or UDP packet of an inbound IPsec connection as long as
        it is secured, but not encrypted, using IPsec.
        Once the first packet is processed, the server will
        re-negotiate the connection and upgrade it so that
        all subsequent communications are fully encrypted.
      - Authdynenc is valid only when dir=in.
      - If action=bypass, the remote computer group must be specified when dir=in.
      - If service=any, the rule applies only to services.
      - ICMP type or code can be "any".
      - Edge can only be specified for inbound rules.

Examples:

      Change the remote IP address on a rule called "allow80":
      netsh advfirewall firewall set rule name="allow80" new
      remoteip=192.168.0.2

      Enable a group with grouping string "Remote Desktop":
      netsh advfirewall firewall set rule group="remote desktop" new
      enable=yes

      Change the localports on the rule "Allow port range" for udp- 
      Set rule name="Allow port range" dir=out protocol=udp localport=5000-5020 action=allow%Deletes all matching firewall rules.
K
Usage: delete rule name=<string>
      [dir=in|out]
      [profile=public|private|domain|any[,...]]
      [program=<program path>]
      [service=<service short name>|any]
      [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|any]
      [remoteport=0-65535|<port range>[,...]|any]
      [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
         tcp|udp|any]

Remarks:

      - Deletes a rule identified by name and optionally by endpoints, ports,
        protocol, and type.
      - If multiple matches are found, all matching rules are deleted.
      - If name=all is specified all rules are deleted from the specified
        type and profile.

Examples:

      Delete all rules for local port 80:
      netsh advfirewall firewall delete rule name=all protocol=tcp localport=80

      Delete a rule called "allow80":
      netsh advfirewall firewall delete rule name="allow80"$Displays a specified firewall rule.
E
Usage: show rule name=<string>
      [profile=public|private|domain|any[,...]]
      [type=static|dynamic]
      [verbose]

Remarks:

      - Displays all matching rules as specified by name and optionally,
        profiles and type. If verbose is specified all matching rules are
        displayed.

Examples:

      Display all dynamic inbound rules:
      netsh advfirewall firewall show rule name=all dir=in type=dynamic

      Display all the settings for all inbound rules called
      "allow browser":
      netsh advfirewall firewall show rule name="allow browser" verbosePA,Deletes all matching security associations.

Usage: delete mmsa|qmsa [(source destination)|all]

Remarks:
      - This command deletes the matching security association as
        specified by (source destination) pair.
      - Source and destination are each a single IPv4 or IPv6
        address.

Examples:

      Delete all quick mode security associations:
      netsh advfirewall monitor delete qmsa all

      Delete all main mode security associations between the two
      specified addresses:
      netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6,Shows the runtime Firewall policy settings.
'Sets properties in the public profile.
�
Usage:  set publicprofile (parameter) (value)

Parameters:

      state             - Configure the firewall state.
              Usage: state on|off|notconfigured

      firewallpolicy    - Configures default inbound and outbound behavior.
      Usage: firewallpolicy (inbound behavior),(outbound behavior)
         Inbound behavior:
            blockinbound        - Block inbound connections that do not
                                  match an inbound rule.
            blockinboundalways  - Block all inbound connections even if
                                  the connection matches a rule.
            allowinbound        - Allow inbound connections that do
                                  not match a rule.
            notconfigured       - Return the value to its unconfigured state.
         Outbound behavior:
            allowoutbound       - Allow outbound connections that do not
                                  match a rule.
            blockoutbound       - Block outbound connections that do not
                                  match a rule.
            notconfigured       - Return the value to its unconfigured state.

      settings          - Configures firewall settings.
      Usage: settings (parameter) enable|disable|notconfigured
      Parameters:
         localfirewallrules         - Merge local firewall rules with Group
                                      Policy rules. Valid when configuring
                                      a Group Policy store.
         localconsecrules           - Merge local connection security rules
                                      with Group Policy rules. Valid when
                                      configuring a Group Policy store.
         inboundusernotification    - Notify user when a program listens
                                      for inbound connections.
         remotemanagement           - Allow remote management of Windows
                                      Firewall.
         unicastresponsetomulticast - Control stateful unicast response to
                                      multicast.

      logging           - Configures logging settings.
      Usage: logging (parameter) (value)
      Parameters:
         allowedconnections  - Log allowed connections.
                               Values: enable|disable|notconfigured
         droppedconnections  - Log dropped connections.
                               Values: enable|disable|notconfigured
         filename            - Name and location of the firewall log.
                               Values: <string>|notconfigured
         maxfilesize         - Maximum log file size in kilobytes.
                               Values: 1 - 32767|notconfigured

Remarks:

      - Configures public profile settings.
      - The "notconfigured" value is valid only for a Group Policy store.

Examples:

      Turn the firewall off when the public profile is active:
      netsh advfirewall set publicprofile state off

      Set the default behavior to block inbound and allow outbound
      connections when the public profile is active:
      netsh advfirewall set publicprofile firewallpolicy
      blockinbound,allowoutbound

      Turn on remote management when the public profile is active:
      netsh advfirewall set publicprofile settings remotemanagement enable

      Log dropped connections when the public profile is active:
      netsh advfirewall set publicprofile logging droppedconnections enable
,Displays properties for the public profile.
�
Usage: show publicprofile [parameter]

Parameters:

      state             - Displays whether Windows Defender Firewall with Advanced
                          Security is on or off.
      firewallpolicy    - Displays default inbound and outbound
                          firewall behavior.
      settings          - Displays firewall properties.
      logging           - Displays logging settings.

Remarks:

      - Displays the properties for the public profile. If a parameter
        is not specified, all properties are displayed.

Examples:

      Display the public profile firewall state:
      netsh advfirewall show publicprofile state�
Usage: add rule name=<string>
      endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>
      endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>
      action=requireinrequestout|requestinrequestout|
         requireinrequireout|requireinclearout|noauthentication
      [description=<string>]
      [mode=transport|tunnel (default=transport)]
      [enable=yes|no (default=yes)]
      [profile=public|private|domain|any[,...] (default=any)]
      [type=dynamic|static (default=static)]
      [localtunnelendpoint=any|<IPv4 address>|<IPv6 address>]
      [remotetunnelendpoint=any|<IPv4 address>|<IPv6 address>]
      [port1=0-65535|<port range>[,...]|any (default=any)]
      [port2=0-65535|<port range>[,...]|any (default=any)]
      [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)]
      [interfacetype=wiresless|lan|ras|any (default=any)]
      [auth1=computerkerb|computercert|computercertecdsap256|
         computercertecdsap384|computerpsk|computerntlm|anonymous[,...]]
      [auth1psk=<string>]
      [auth1kerbproxyfqdn=<fully-qualified dns name>]
      [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no] 
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         |..."]
      [auth1healthcert=yes|no (default=no)]
      [auth1ecdsap256ca="<CA Name> [certmapping:yes|no]
         [excludecaname:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth1ecdsap256healthcert=yes|no (default=no)]
      [auth1ecdsap384ca="<CA Name> [certmapping:yes|no]
         [excludecaname:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth1ecdsap384healthcert=yes|no (default=no)]
      [auth2=computercert|computercertecdsap256|computercertecdsap384|
         userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm|
         anonymous[,...]]
      [auth2kerbproxyfqdn=<fully-qualified dns name>]
      [auth2ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]�

Remarks:

      - Rule name should be unique and cannot be "all".
      - When mode=tunnel,tunnel endpoints must be specified,
        except when the action is noauthentication.
        When specific IP addresses are entered, they must be
        the same IP version.
        In addition, When configuring dynamic tunnels:
        Tunnel endpoints can be set to any. Local tunnel
        endpoint need not be specified for Client policy
        (i.e any).
        Remote tunnel endpoints need not be specified for
        Gateway Policy (i.e any).
        Also, action must be requireinrequireout, requireinclearout,
        or noauthentication.
      - requireinclearout is not valid when mode=Transport.
      - At least one authentication must be specified.
      - Auth1 and auth2 can be comma-separated lists of options.
      - Computerpsk and computerntlm methods cannot be specified together
        for auth1.
      - Computercert cannot be specified with user credentials for auth2.
      - Certsigning options ecdsap256 and ecdsap384 are only supported on 
        Windows Vista SP1 and later.
      - Qmsecmethods can be a list of proposals separated by a ",".
      - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192|
        aesgmac256|aesgcm128|aesgcm192|aesgcm256  and
        encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256.
      - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for
        both ESP integrity and encryption.
      - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256,
        sha256 are only supported on Windows Vista SP1 and later. 
      - Qmpfs=mainmode uses the main mode key exchange setting for PFS.
      - The use of DES, MD5 and DHGroup1 is not recommended. These
        cryptographic algorithms are provided for backward compatibility
        only.
      - The default value for certmapping and excludecaname is 'no'.
      - The " characters within CA name must be replaced with \'
      - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='.
      - catype can be used to specify the Certification authority type -
        catype=root/intermediate
      - authnoencap is supported on Windows 7 and later.
      - authnoencap means that the computers will only use authentication,
        and will not use any per packet encapsulation or encryption
        algorithms to protect subsequent network packets exchanged as part
        of this connection.
      - QMPFS and authnoencap cannot be used together on the same rule.
      - AuthNoEncap must be accompanied by at least one AH or ESP integrity
        suite.
      - applyauthz can only be specified for tunnel mode rules.
      - exemptipsecprotectedconnections can only be specified
        for tunnel mode rules. By setting this flag to "Yes", 
        ESP traffic will be exempted from the tunnel. 
        AH only traffic will NOT be exempted from the tunnel. 
      - Valuemin(when specified) for a qmsecmethod should be between 5-2880
        minutes. Valuekb(when specified) for a qmsecmethod should be
        between 20480-2147483647 kilobytes.
      - Certhash specifies the thumbprint, or hash of the certificate.
      - Followrenewal specifies whether to automatically follow renewal
        links in certificates. Only applicable for certificate section
        (requires certhash).
      - Certeku specifies the comma separated list of EKU OIDs to match
        in the certificate.
      - Certname specifies the string to match for certificate name
        (requires certnametype).
      - Certnametype specifies the certificate field for the certname
        to be matched against (requires certname).G	

Examples:

      Add a rule for domain isolation using defaults:
      netsh advfirewall consec add rule name="isolation"
      endpoint1=any endpoint2=any action=requireinrequestout

      Add a rule with custom quick mode proposals:
      netsh advfirewall consec add rule name="custom"
      endpoint1=any endpoint2=any
      qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1
      action=requireinrequestout

      Add a rule with custom quick mode proposals:
      netsh advfirewall consec add rule name="custom"
      endpoint1=any endpoint2=any
      qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none
      action=requireinrequestout

      Create a tunnel mode rule from
      subnet A (192.168.0.0, external ip=1.1.1.1) to
      subnet B (192.157.0.0, external ip=2.2.2.2):
      netsh advfirewall consec add rule name="my tunnel" mode=tunnel
      endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16
      remotetunnelendpoint=2.2.2.2
      localtunnelendpoint=1.1.1.1 action=requireinrequireout

      Create a dynamic tunnel mode rule from subnet
      A (192.168.0.0/16)
      to subnet B (192.157.0.0, remoteGW=2.2.2.2)
      Client Policy:
      netsh advfirewall consec add rule name="dynamic tunnel"
      mode=tunnel
      endpoint1=any endpoint2=192.157.0.0/16
      remotetunnelendpoint=2.2.2.2
      action=requireinrequireout
      Gateway Policy (Applied only to the Gateway device):
      netsh advfirewall consec add rule name="dynamic tunnel"
      mode=tunnel endpoint1=192.157.0.0/16
      endpoint2=any localtunnelendpoint=2.2.2.2
      action=requireinrequireout

      Add a rule with CA name:
      netsh advfirewall consec add rule name="cert rule"
      endpoint1=any endpoint2=any action=requireinrequestout
      auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North,
       South, East, and West Root Authority\'"

      Add a rule, with multiple authentication methods, using a variety of cert
      criteria:
      netsh advfirewall consec add rule name="cert rule" endpoint1=any
      endpoint2=any action=requireinrequireout auth1=computercert
      auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup
      certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\'
      certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\'
      certhash:0123456789abcdef01234567890ABCDEF0123456"_
Usage: set rule
      group=<string> | name=<string>
      [type=dynamic|static]
      [profile=public|private|domain|any[,...] (default=any)]
      [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [port1=0-65535|<port range>[,...]|any]
      [port2=0-65535|<port range>[,...]|any]
      [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]
      new
      [name=<string>]
      [profile=public|private|domain|any[,...]]
      [description=<string>]
      [mode=transport|tunnel]
      [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
         <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [action=requireinrequestout|requestinrequestout|
         requireinrequireout|requireinclearout|noauthentication]
      [enable=yes|no]
      [type=dynamic|static]
      [localtunnelendpoint=any|<IPv4 address>|<IPv6 address>]
      [remotetunnelendpoint=any|<IPv4 address>|<IPv6 address>]
      [port1=0-65535|<port range>[,...]|any]
      [port2=0-65535|<port range>[,...]|any]
      [protocol=0-255|tcp|udp|icmpv4|icmpv6|any]
      [interfacetype=wiresless|lan|ras|any]
      [auth1=computerkerb|computercert|computercertecdsap256|
         computercertecdsap384|computerpsk|computerntlm|anonymous[,...]]
      [auth1psk=<string>]
      [auth1kerbproxyfqdn=<fully-qualified dns name>]
      [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth1healthcert=yes|no]
      [auth1ecdsap256ca="<CA Name> [certmapping:yes|no]
         [excludecaname:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth1ecdsap256healthcert=yes|no (default=no)]
      [auth1ecdsap384ca="<CA Name> [certmapping:yes|no]
         [excludecaname:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]�

Remarks:

      - Sets a new parameter value on an identified rule. The command fails
        if the rule does not exist. To create a rule, use the add command.
      - Values after the new keyword are updated in the rule.  If there are
        no values, or keyword new is missing, no changes are made.
      - A group of rules can only be enabled or disabled.
      - If multiple rules match the criteria, all matching rules will be
        updated.
      - Rule name should be unique and cannot be "all".
      - Auth1 and auth2 can be comma-separated lists of options.
      - Computerpsk and computerntlm methods cannot be specified together
        for auth1.
      - Computercert cannot be specified with user credentials for auth2.
      - Certsigning options ecdsap256 and ecdsap384 are only supported on 
        Windows Vista SP1 and later.
      - Qmsecmethods can be a list of proposals separated by a ",".
      - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192|
        aesgmac256|aesgcm128|aesgcm192|aesgcm256  and
        encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256.
      - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for
        both ESP integrity and encryption.
      - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256,
        sha256 are only supported on Windows Vista SP1 and later. 
      - If qmsemethods are set to default, qmpfs will be set to default
        as well.
      - Qmpfs=mainmode uses the main mode key exchange setting for PFS.
      - The use of DES, MD5 and DHGroup1 is not recommended. These
        cryptographic algorithms are provided for backward compatibility
        only.
      - The " characters within CA name must be replaced with \'
      - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='.
      - catype can be used to specify the Certification authority type -
        catype=root/intermediate
      - authnoencap is supported on Windows 7 and later.
      - authnoencap means that the computers will only use authentication,
        and will not use any per packet encapsulation or encryption
        algorithms to protect subsequent network packets exchanged as part
        of this connection.
      - QMPFS and authnoencap cannot be used together on the same rule.
      - AuthNoEncap must be accompanied by at least one AH or ESP integrity
        suite.
      - When mode=tunnel action must be requireinrequireout, requireinclearout
        or noauthentication.
      - requireinclearout is not valid when mode=Transport.
      - applyauthz can only be specified for tunnel mode rules.
      - exemptipsecprotectedconnections can only be specified
        for tunnel mode rules. By setting this flag to "Yes", 
        ESP traffic will be exempted from the tunnel. 
        AH only traffic will NOT be exempted from the tunnel. 
      - Port1, Port2 and Protocol can only be specified when mode=transport.
      - Valuemin(when specified) for a qmsecmethod should be between 5-2880
        minutes. Valuekb(when specified) for a qmsecmethod should be
        between 20480-2147483647 kilobytes.
      - Certhash specifies the thumbprint, or hash of the certificate.
      - Followrenewal specifies whether to automatically follow renewal
        links in certificates. Only applicable for certificate section
        (requires certhash).
      - Certeku specifies the comma separated list of EKU OIDs to match
        in the certificate.
      - Certname specifies the string to match for certificate name
        (requires certnametype).
      - Certnametype specifies the certificate field for the certname
        to be matched against (requires certname).�

Examples:

      Rename rule1 to rule 2:
      netsh advfirewall consec set rule name="rule1" new
      name="rule2"

      Change the action on a rule:
      netsh advfirewall consec set rule name="rule1"
      endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout

      Add a rule with custom quick mode proposals:
      netsh advfirewall consec set rule name="Custom QM" new
      endpoint1=any endpoint2=any
      qmsecmethods=authnoencap:aesgmac256,ah:aesgmac256+esp:aesgmac256-noneDisplays the main mode SAs
�
Usage: show mmsa [(source  destination)|all]

Remarks:

      - This command shows the security association, or as
        filtered by (source destination) pair.
      - Source and destination are each a single IPv4 or IPv6
        address.

Examples:

      Show all main mode SAs:
      netsh advfirewall monitor show mmsa

      Show the main mode SAs between the two addresses:
      netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4Displays the quick mode SAs.
�
Usage: show qmsa [(source  destination)|all]

Remarks:

      - This command shows the security association, or as
        filtered by (source destination) pair.
      - Source and destination are each a single IPv4 or IPv6
        address.

Examples:

      Show all quick mode SAs:
      netsh advfirewall monitor show qmsa

      Show the quick mode SAs between the two addresses:
      netsh advfirewall monitor show qmsa 192.168.0.3 192.168.0.4Adds a new mainmode rule.
4Sets new values for properties of an existing rule.
%Deletes all matching mainmode rules.
{
Usage: delete rule name=<string>|all
      [profile=any|current|public|private|domain[,...]]
      [type=dynamic|static (default=static)]

Remarks:

      - Deletes an existing main mode setting that matches the
        name specified. Optionally, profile can be specified.
        Command fails if setting with the specified name does not exist.
      - If name=all is specified all rules are deleted from the specified
        type and profile.
        If profile is not specified, the delete applies to all profiles.

Examples:

      Delete a main mode rule with name test:
      Netsh advfirewall mainmode delete rule name="test"$Displays a specified mainmode rule.
<
Usage: show rule name=<string>|all
      [profile=all|current|public|private|domain[,...]]
      [type=dynamic|static (default=static)]
      [verbose]

Remarks:

      - Display existing main mode settings that match the name specified.
        Displays all matching rules as specified by name and optionally,
        profile can be specified.
        If "all" is specified in the name, all mainmode settings will be shown
        for the profiles specified.

Examples:

      Display a main mode rule by name test:
      Netsh advfirewall mainmode show rule name="test"-Displays current firewall state information.

Usage: show firewall 
       [rule
           name=<string>
           [dir=in|out]
           [profile=public|private|domain|active|any[,...]]
       ]
       [verbose] 


Remarks:

      - Displays the Windows Defender Firewall properties for all available 
        network profiles. 
      - The profile= argument enables the administrator to filter 
        the output to specific profiles on the system. 
      - The Verbose argument adds support for displaying detailed 
        security and advanced rule 'source name' information. 

Examples:

      Display the current Firewall state: 
      netsh advfirewall monitor show firewall 

      Display the current outbound firewall rule for public profie: 
      netsh advfirewall monitor show firewall rule name=all dir=out profile=public+Displays current consec state information.
�
Usage: show consec 
       [rule
           name=<string>
           [profile=public|private|domain|active|any[,...]]
       ]
       [verbose] 


Remarks:

      - Displays the Connection Security configuration for all 
        available network profiles 
      - The [profile=] command enables the administrator to filter 
        the output to specific profiles on the system or to only 
        return results from Active or Inactive profiles 
      - The [rule] command allows the administrator to scope the rule 
        output to certain rule names and status to scope the output 
      - The Verbose command adds support for displaying detailed 
        security and advanced rule 'source name' information 

Examples:

      Display the current connection security state: 
      netsh advfirewall monitor show consec 

      Display the current connection security information for public profie: 
      netsh advfirewall monitor show consec rule name=all profile=public(Displays the currently active profiles.

Usage: show currentprofile

Remarks:

      - This command shows the network connections associated
        with currently active profiles.

Examples:

      Shows all networks associated with the currently active profiles:
      netsh advfirewall monitor show currentprofilePA-Displays current mainmode state information.
h
Usage: show mainmode 
       [rule
           name=<string>
           [profile=public|private|domain|active|any[,...]]
       ]
       [verbose] 


Remarks:

      - Displays the Main mode Security configuration for all 
        available network profiles 
      - The [profile=] command enables the administrator to filter 
        the output to specific profiles on the system or to only 
        return results from Active or Inactive profiles 
      - The [rule] command allows the administrator to scope the rule 
        output to certain rule names and status to scope the output 
      - The Verbose command adds support for displaying detailed 
        security and advanced rule 'source name' information 

Examples:

      Display the current main mode information for public profie: 
      netsh advfirewall monitor show mainmode rule name=all profile=public	
      [auth2ecdsap256ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth2ecdsap384ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384|
         mainmode|none (default=none)]
      [qmsecmethods=authnoencap:<integrity>+[valuemin]+[valuekb]|
         ah:<integrity>+esp:<integrity>-<encryption>+[valuemin]+[valuekb]
         |default]
      [exemptipsecprotectedconnections=yes|no (default=no)]
      [applyauthz=yes|no (default=no)]N
      - Certcriteriatype specifies whether to take the action with the
        certificate when selecting the local certificate, validating
        the peer certificate, or both.
      - Within a computercert authentication mapping, multiple certificates can
        be referenced by separating each entry by using the '|' character.�
      [auth1ecdsap384healthcert=yes|no (default=no)]
      [auth2=computercert|computercertecdsap256|computercertecdsap384|
         userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm|
         anonymous[,...]]
      [auth2kerbproxyfqdn=<fully-qualified dns name>]
      [auth2ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth2ecdsap256ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [auth2ecdsap384ca="<CA Name> [certmapping:yes|no]
         [catype:root|intermediate (default=root)]
         [certhash:<Hex hash string, with no spaces or leading 0x>]
         [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
         [certname:<CertName>] [certnametype:<SubjectAltDNS|
         SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
         [certcriteriatype:<Selection|Validation|Both (default=both)>]
         | ..."]
      [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384|
         mainmode|none]
      [qmsecmethods=authnoencap:<integrity>+[valuemin]+[valuekb]|
         ah:<integrity>+esp:<integrity>-<encryption>+[valuemin]+[valuekb]
         |default]
      [exemptipsecprotectedconnections=yes|no (default=no)]
      [applyauthz=yes|no (default=no)]�
      - Certcriteriatype specifies whether to take the action with the
        certificate when selecting the local certificate, validating
        the peer certificate, or both.�

Remarks:

      - Add a new mainmode rule to the firewall policy.
      - Rule name should be unique and cannot be "all".
      - Computerpsk and computerntlm methods cannot be
        specified together for auth1.
      - The use of DES, MD5 and DHGroup1 is not recommended.
        These cryptographic algorithms are provided for backward
        compatibility   only.
      - The minimum main mode keylifetime is mmkeylifetime=1min.
        The maximum main mode mmkeylifetime= 2880min.
        The minimum number of sessions= 0 sessions.
        The maximum = 2,147,483,647 sessions.
      - The mmsecmethods keyword default sets the policy to:
        dhgroup2-aes128-sha1,dhgroup2-3des-sha1
      - Certhash specifies the thumbprint, or hash of the certificate.
      - Followrenewal specifies whether to automatically follow renewal
        links in certificates. Only applicable for certificate section
        (requires certhash).
      - Certeku specifies the comma separated list of EKU OIDs to match
        in the certificate.
      - Certname specifies the string to match for certificate name
        (requires certnametype).
      - Certnametype specifies the certificate field for the certname
        to be matched against (requires certname).
      - Certcriteriatype specifies whether to take the action with the
        certificate when selecting the local certificate, validating
        the peer certificate, or both.

Examples:

      -Add a main mode rule
       Netsh advfirewall mainmode add rule name="test"
       description="Mainmode for RATH"
       Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384
       auth1=computercert,computercertecdsap256
       auth1ca="C=US, O=MSFT, CN=\'Microsoft North,
       South, East, and West Root Authority\'"
       auth1healthcert=no
       auth1ecdsap256ca="C=US, O=MSFT, CN=\'Microsoft North,
       South, East, and West Root Authority\'"
       auth1ecdsap256healthcert=yes
       mmkeylifetime=2min profile=domain?

Remarks:

      -Sets a new parameter value on an identified rule. The command fails
       if the rule does not exist. To create a rule, use the add command.
      -Values after the new keyword are updated in the rule.  If there are
       no values, or keyword new is missing, no changes are made.
      -If multiple rules match the criteria, all matching rules will
       be updated.
      -Rule name should be unique and cannot be "all".
      -Auth1 can be comma-separated lists of options.
       Computerpsk and computerntlm methods cannot
       be specified together for auth1.
      -The use of DES, MD5 and DHGroup1 is not recommended.
       These cryptographic algorithms are provided for backward
       compatibility   only.
      -The minimum main mode keylifetime is mmkeylifetime=1min.
       The maximum main mode mmkeylifetime= 2880min.
       The minimum number of sessions= 0 sessions.
       The maximum = 2,147,483,647 sessions.
      -The mmsecmethods keyword default sets the policy to:
       dhgroup2-aes128-sha1,dhgroup2-3des-sha1
      -Certhash specifies the thumbprint, or hash of the certificate.
      -Followrenewal specifies whether to automatically follow renewal
       links in certificates. Only applicable for certificate section
       (requires certhash).
      -Certeku specifies the comma separated list of EKU OIDs to match
       in the certificate.
      -Certname specifies the string to match for certificate name
       (requires certnametype).
      -Certnametype specifies the certificate field for the certname
       to be matched against (requires certname).
      -Certcriteriatype specifies whether to take the action with the
       certificate when selecting the local certificate, validating
       the peer certificate, or both.

Examples:

      Change the mmescmethods, description
      and keylifetime of a rule named test

      Netsh advfirewall mainmode set rule name="test" 
      new description="Mainmode for RATH2"
      Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384
      auth1=computerntlm  mmkeylifetime=2min profile=domain[	
Usage: add rule name=<string>
      mmsecmethods=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|
      ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256
      |sha384[,...]|default
      [mmforcedh=yes|no (default=no)]
      [mmkeylifetime=<num>min,<num>sess]
      [description=<string>]
      [enable=yes|no (default=yes)]
      [profile=any|current|public|private|domain[,...]]
      [endpoint1=any|<IPv4 address>|<IPv6 address>|<subnet>
      |<range>|<list>]
      [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
      <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [auth1=computerkerb|computercert|computercertecdsap256|
      computercertecdsap384|computerpsk|computerntlm|anonymous[,...]]
      [auth1psk=<string>]
      [auth1kerbproxyfqdn=<fully-qualified dns name>]
      [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1healthcert=yes|no (default=no)]
      [auth1ecdsap256ca="<CA Name> [certmapping:yes|no]
      [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1ecdsap256healthcert=yes|no (default=no)]
      [auth1ecdsap384ca="<CA Name> [certmapping:yes|no]
      [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1ecdsap384healthcert=yes|no (default=no)]
      [type=dynamic|static (default=static)]�	
Usage:
      set rule name=<String>
      [profile=public|private|domain|any[,...]]
      [type=dynamic|static (default=static)]
      new
      [name=<string>]
      [mmsecmethods= dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|
      ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256|
      sha384[,...]|default]
      [mmforcedh=yes|no (default=no)]
      [mmkeylifetime=<num>min,<num>sess]
      [description=<string>]
      [enable=yes|no]
      [profile=public|private|domain|any[,...]]
      [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway
      <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|
      <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
      [auth1=computerkerb|computercert|computercertecdsap256|
      computercertecdsap384|computerpsk|computerntlm|anonymous[,...]]
      [auth1psk=<string>]
      [auth1kerbproxyfqdn=<fully-qualified dns name>]
      [auth1ca="<CA Name> [certmapping:yes|no] [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1healthcert=yes|no (default=no)]
      [auth1ecdsap256ca="<CA Name> [certmapping:yes|no]
      [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1ecdsap256healthcert=yes|no (default=no)]
      [auth1ecdsap384ca="<CA Name> [certmapping:yes|no]
      [excludecaname:yes|no] 
      [catype:root|intermediate (default=root)]
      [certhash:<Hex hash string, with no spaces or leading 0x>]
      [followrenewal:yes|no (default=no)] [certeku:<EKU, EKU, ...>]
      [certname:<CertName>] [certnametype:<SubjectAltDNS|
      SubjectAltEmail|SubjectCN|SubjectOU|SubjectO|SubjectDC>]
      [certcriteriatype:<Selection|Validation|Both (default=both)>]
      | ..."]
      [auth1ecdsap384healthcert=yes|no (default=no)]
      [profile= any|current|domain|private|public[,...]]PA�
The store cannot be a Group Policy object when a remote machine is specified. Set the store to 'Local' or set the machine to be the local computer.
F
An unrecoverable Windows Defender Firewall error (0x%1!x!) occurred.
U
An error occurred while attempting to retrieve a Windows Defender Firewall setting.
�
An error occurred while attempting to contact the  Windows Defender Firewall service. Make sure that the service is running and try your request again.
8
The string 'all' cannot be used as the name of a rule.
>
An unrecoverable netsh advfirewall error (0x%1!x!) occurred.
(
No rules match the specified criteria.
0
The specified cryptographic set was not found.
PA�
'CurrentProfile' cannot be used to configure a Group Policy Object (GPO) store. Use 'DomainProfile', 'PrivateProfile', 'PublicProfile', or 'AllProfiles' instead.
V
This setting can only be changed when configuring a Group Policy object (GPO) store.
B
This setting can only be changed when configuring a local store.
<
Ports can only be specified if the protocol is TCP or UDP.
Z
The dynamic rule type cannot be used when configuring a Group Policy object (GPO) store.
@
The auth1 parameter is required when specifying auth1 options.
@
The auth2 parameter is required when specifying auth2 options.
1
The specified authentication set was not found.
:
The specified auth1 set is missing a required parameter.
:
The specified auth2 set is missing a required parameter.
�
Unable to export policy with error 0x%1!x!. Make sure that the file name is correct and the file is accessible. The firewall policy has not been reset.
X
The monitor context cannot be used when configuring a Group Policy object (GPO) store.
b
The specified endpoints do not have the same IP version. Specify two IPv4 or two IPv6 endpoints.
&
No SAs match the specified criteria.
n
Unable to export policy (error 0x%1!x!). Make sure that the file name is correct and the file is accessible.
�
Unable to import policy (error 0x%1!x!). Make sure that the file name is correct, that the file is accessible, and that it is a valid Windows Defender Firewall policy file.
PA�
An error occurred while attempting to connect to the remote computer. Make sure that the Windows Defender Firewall service on the remote computer is running and configured to allow remote management, and then try your request again.
�
An error occurred while attempting to configure the specified Group Policy object (GPO) store. Make sure that the GPO is valid and accessible, and then try your request again.
E
An unexpected error (0x%1!x!) occurred while performing validation.
T
The number of arguments  provided is not valid. Check help for the correct syntax.
9
A specified IP address or address keyword is not valid.
&
A specified port value is not valid.
*
A specified protocol value is not valid.
)
The specified auth1 value is not valid.
)
The specified auth2 value is not valid.
c
For 'set' commands, the 'new' keyword must be present and must not be the last argument provided.
!
A specified value is not valid.
V
The specified argument is not valid.  The only valid argument for reset is 'export'.
#
The specified store is not valid.
3
A specified firewall policy setting is not valid.
M
A numeric value was expected. The input is either non-numeric or not valid.
1
The specified mmkeylifetime value is not valid.
PA2
The specified strongcrlcheck value is not valid.
1
The specified saidletimemin value is not valid.
?
The specified statefulftp or statefulpptp value is not valid.
,
The specified security value is not valid.
l
Specify either a source and destination pair or the keyword 'all' to identify security associations (SAs).
0
The specified mmsecmethods value is not valid.
0
The specified qmsecmethods value is not valid.
4
A protocol specified in qmsecmethods is not valid.
@
The key lifetime value specified in qmsecmethods is not valid.
~
If the first protocol specified for a proposal in qmsecmethods is ESP, then no other protocols are allowed in that proposal.
|
When using both AH and ESP protocols in a qmsecmethods proposal, the same integrity value must be used for both protocols.
L
The same protocol was specified more than once in a qmsecmethods proposal.
�
The specified Group Policy object (GPO) store could not be opened because it does not exist. Create the GPO store, and then try your request again.
<
Auth2 cannot be specified when auth1 contains computerpsk.
:
The specified Group Policy object (GPO) ID is not valid.
�
Unable to open the Group Policy object (GPO) on the specified computer. Make sure that the specified GPO is valid and accessible, and then try your request again.
PA}
Unable to contact the specified domain. Make sure that the domain is valid and accessible, and then try your request again.
�
Unable to open the specified Group Policy object (GPO). Make sure that the GPO is valid and accessible, and then try your request again.
�
Multiple Group Policy objects (GPOs) with the specified name were found.  Specify the GUID of the GPO that you want to configure.
c
Localtunnelendpoint and remotetunnelendpoint must both be specified when the rule mode is tunnel.
c
Localtunnelendpoint and remotetunnelendpoint cannot be specified when the rule mode is transport.
?
Auth2 must be computercert when auth2healthcert is specified.
,
The specified interface type is not valid.
f
Unable to set log file path (error 0x%1!x!). Failed to set the security attributes on the file path.
,
Log file size must be between 1 and 32767.
q
In Common Criteria mode, the administrator cannot set anything else on the rule when setting qmsecmethods=None.
g
Auth1, auth2, qmpfs, and qmsecmethods cannot be specified when the action is set to noauthentication.
C
Computerntlm and computerpsk cannot be specifed in the same rule.
q
One or more of the specified profiles is  not valid. 'Any' cannot be specified if other profiles are specified.
A
Group cannot be specified with other identification conditions.
M
Only the enable parameter can be used to update rules specified by a group.
@
Qmpfs cannot be specified when qmsecmethods is set to default.
PAZ
Notconfigured value can only be used when configuring a Group Policy object (GPO) store.
>
Anonymous cannot be specified as the only proposal in auth2.
,
Auth1 is required when auth2 is specified.
E
'None' cannot be specified with other values for defaultexemptions.
Q
Auth1 cannot be updated to contain computerpsk when Auth2 is already specified.
E
Auth1 cannot contain the same authentication method more than once.
E
Auth2 cannot contain the same authentication method more than once.
,
The specified option is not valid: %1!ls!.
V
You must specify at least one integrity suite in addition to the AuthNoEncap option.
�
If AuthNoEncap is specified as a protocol for a proposal in qmsecmethods, then no other protocols are allowed in that proposal.
�
Group policy management tool is not available. Download the tool from - https://go.microsoft.com/fwlink/?LinkID=126644 and execute the command again.
�
Group policy management feature is not enabled. Enable group policy management through server manager and execute the command again.
{
Ports can only be specified if the protocol is TCP or UDP. Port ranges are only supported when action="noauthentication".

The SDDL string is not valid.
G
Per rule machineSDDL and userSDDL cannot be specified on tunnel rule.
PA�4VS_VERSION_INFO��
|O
|O?VStringFileInfo2040904B0LCompanyNameMicrosoft Corporation�FFileDescriptionWindows Defender Firewall with Advanced Security Configuration Helperh$FileVersion10.0.20348.1 (WinBuild.160101.0800)<InternalNameauthfwcfg.dll�.LegalCopyright� Microsoft Corporation. All rights reserved.LOriginalFilenameauthfwcfg.dll.muij%ProductNameMicrosoft� Windows� Operating System>
ProductVersion10.0.20348.1DVarFileInfo$Translation	�PADDINGX