PowerShell Logo Small

Copy-NetIPsecRule



This is the built-in help made by Microsoft for the command 'Copy-NetIPsecRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Copies an entire IPsec rule, and the associated filters, to the same or to a different policy store.

SYNTAX


Copy-NetIPsecRule [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AllowSetKey <Boolean[]>] [-AllowWatchKey <Boolean[]>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>]
[-Enabled <Enabled[]>] [-EncryptedTunnelBypass <Boolean[]>] [-ForwardPathLifetime <UInt32[]>] [-GPOSession <String>] [-Group <String[]>] [-InboundSecurity
<SecurityPolicy[]>] [-KeyModule <KeyModule[]>] [-Machine <String[]>] [-Mode <IPsecMode[]>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>]
[-OutboundSecurity <SecurityPolicy[]>] [-PassThru] [-Phase1AuthSet <String[]>] [-Phase2AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>]
[-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-QuickModeCryptoSet <String[]>] [-RemoteTunnelHostname <String[]>] [-RequireAuthorization
<Boolean[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [-User <String[]>] [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetIPsecPhase2AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -DisplayName <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-IPsecRuleName] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore
<String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru] [-ThrottleLimit <Int32>]
-InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetIPsecQuickModeCryptoSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetFirewallPortFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetFirewallProfile <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetFirewallInterfaceFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru]
[-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Copy-NetIPsecRule cmdlet copies an IPsec rule and the associated filters to a policy store, making a complete clone. When a new policy store is not specified, it is
copied to the same policy store with a new name specified by the user.


This cmdlet gets one or more IPsec rules to be duplicated with the IPsecRuleName parameter (default), the DisplayName parameter, rule properties, or by associated filters or
objects. The resulting queried rule is copied to a new policy store using the NewPolicyStore parameter, a new GPO session using the NewGPOSession parameter, or to the same
policy store using the NewName parameter. Note: Only one IPsec rule can be copied at a time when copying to the same policy store. This is because only a single IPsec rule
can use the unique identifier, or name, specified by the NewName parameter.


When copying a rule to a new policy store, the unique name of the set is preserved. This means that if the same set is attempted to be copied twice, then an error is
displayed for the second attempt indicating that the object already exists. To overwrite the target set, run the Remove-NetIPsecRule cmdlet first. If it is possible that the
object may already exist, then specify the ErrorAction parameter to silently ignore these errors, instead of running the Remove-NetIPsecRule cmdlet.


When copying rules between different policy stores, the authentication and cryptographic sets referenced in each rule must be copied separately. See the
Copy-NetIPsecPhase1AuthSet, Copy-NetIPsecPhase2AuthSet, and Copy-NetIPsecQuickModeCryptoSet cmdlets for more information. When copying an IPsec rule that has associated
authentication or cryptographic sets from GPO-A to GPO-B, the newly created authentication and cryptographic set fields of the rule will maintain the IPsecRuleName parameter
values of the source. This is desirable because after the sets are copied separately, the sets will be associated with the newly copied rule.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=216655
Copy-NetIPsecPhase1AuthSet
Copy-NetIPsecPhase2AuthSet
Copy-NetIPsecQuickModeCryptoSet
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetIPsecPhase1AuthSet
Get-NetIPsecPhase2AuthSet
Get-NetIPsecQuickModeCryptoSet
Get-NetIPsecRule
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecQuickModeCryptoSet
New-NetIPsecRule
Open-NetGPO
Remove-NetIPsecRule
Save-NetGPO
Set-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Copy-NetIPsecRule -DisplayName "IPsec Rule" –NewName "Alternate IPsec Rule"



This example copies an IPsec rule, found by specifying the localized name, to the current policy store under a new unique identifier.




EXAMPLE 2

PS C:\>Copy-NetIPsecRule -Group "Telnet Management" –Enabled False –PolicyStore domain.contoso.com\GPO_name –NewPolicyStore domain.contoso.com\new_gpo



This example copies a group of IPsec rules that are currently disabled to a new Policy Store.




EXAMPLE 3

PS C:\>$nfwProfile = Get-NetFirewallProfile -Profile Domain –PolicyStore domain.contoso.com\GPO_name



PS C:\>Copy-NetIPsecRule –InputObject $nfwProfile–NewPolicyStore domain.example.com\new_gpo


This is an alternate way to perform the same using only the pipeline.
PS C:\>Get-NetFirewallProfile -Profile Domain –PolicyStore domain.contoso.com\GPO_name | Copy-NetIPsecRule –NewPolicyStore domain.example.com\new_gpo



This example copies all domain IPsec rules to a new policy store.




EXAMPLE 4

PS C:\>$mMrule = Get-NetIPsecMainModeRule –DisplayName "Main Mode Rule: P1Auth + Crypto" –PolicyStore domain.contoso.com\GPO_name



PS C:\>Copy-NetIPsecPhase1AuthSet –InputObject $mMrule -NewPolicyStore domain.contoso.com\new_GPO)



PS C:\>Copy-NetIPsecMainModeCryptoSet –InputObject $mMrule -NewPolicyStore domain.contoso.com\new_GPO)



PS C:\>Set-NetIPsecMainModeRule –InputObject $mMrule –Phase1AuthSet $copiedCryptoSet.Name


The following cmdlets accomplish the same task but take advantage of caching the GPO to apply the changes locally.
PS C:\>$mMrule = Get-NetIPsecMainModeRule –DisplayName "Main Mode Rule: P1Auth + Crypto" –PolicyStore domain.contoso.com\GPO_name



PS C:\>$newGPO = Open-NetGPO –PolicyStore domain.contoso.com\new_GPO



PS C:\>Copy-NetIPsecPhase1AuthSet –InputObject $mMrule –GPOSession $newGPO



PS C:\>Copy-NetIPsecMainModeCryptoSet –InputObject $mMrule –GPOSession $newGPO



PS C:\>Copy-NetIPsecMainModeRule –InputObject $mMrule –GPOSession $newGPO



PS C:\>Save-NetGPO –GPOSession $newGPO



This example copies an entire IPsec main mode rule and the associated authentication and cryptographic sets to a new policy store. There is no need to link the newly copied
sets to the newly copied rule since the set fields of the rule maintain the IPsecRuleName parameter value of the source.