PowerShell Logo Small

Enable-NetIPsecRule



This is the built-in help made by Microsoft for the command 'Enable-NetIPsecRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Enables a previously disabled IPsec rule.

SYNTAX


Enable-NetIPsecRule [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
[-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AllowSetKey <Boolean[]>] [-AllowWatchKey <Boolean[]>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>]
[-Enabled <Enabled[]>] [-EncryptedTunnelBypass <Boolean[]>] [-ForwardPathLifetime <UInt32[]>] [-GPOSession <String>] [-Group <String[]>] [-InboundSecurity
<SecurityPolicy[]>] [-KeyModule <KeyModule[]>] [-Machine <String[]>] [-Mode <IPsecMode[]>] [-OutboundSecurity <SecurityPolicy[]>] [-PassThru] [-Phase1AuthSet <String[]>]
[-Phase2AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>]
[-QuickModeCryptoSet <String[]>] [-RemoteTunnelHostname <String[]>] [-RequireAuthorization <Boolean[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
[-User <String[]>] [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecQuickModeCryptoSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecPhase2AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallProfile <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallPortFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-DisplayName <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallInterfaceFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-PassThru] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-NetIPsecRule [-IPsecRuleName] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Enable-NetIPsecRule cmdlet enables a previously disabled IPsec rule to be active within the computer or a group policy organizational unit.


This cmdelt gets one or more IPsec rules to be enabled with the IPsecRuleName parameter (default), the DisplayName parameter, rule properties, or by associated filters or
objects. The Enabled parameter value for the resulting queried rules is set to True.


Enabling firewall and IPsec rules can be useful for debugging IPsec policy mismatch issues, but is easier when the rules are in the local, or persistent, store. Enabling
rules in a Group Policy Object (GPO) container will not take effect until the next time the client applies the GPO. To troubleshoot GPO-based IPsec policy, consider copying
all the rules, and authorization and cryptographic sets from the GPO to a computer that does not have the GPO policy applied using the corresponding Copy-NetIPsecRule
cmdlets. This is the way to locally modify the policy, in order to troubleshoot any IPsec failures.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=229105
Copy-NetIPsecRule
Disable-NetIPsecRule
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetIPsecPhase1AuthSet
Get-NetIPsecPhase2AuthSet
Get-NetIPsecQuickModeCryptoSet
Get-NetIPsecRule
New-NetIPsecRule
Open-NetGPO
Remove-NetIPsecRule
Save-NetGPO
Set-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Enable-NetIPsecRule -DisplayName "Require Outbound Authentication" -PolicyStore domain.contoso.com\gpo_name



This example enables an IPsec rule in a GPO by specifying the localized name.




EXAMPLE 2

PS C:\>Enable-NetIPsecRule –Group "Ipsec-DirectAccess-Traffic" –Mode Transport -PolicyStore ActiveStore



This example enables all transport mode DA rules on the local computer.




EXAMPLE 3

PS C:\>$Phase1AuthSet = Get-NetIPsecPhase1AuthSet –DisplayName "Computer Kerb, CA Auth"



PS C:\>Enable-NetIPsecRule –InputObject $Phase1AuthSet



This example enables the IPsec rules associated with the specified phase 1 authentication set.