PowerShell Logo Small

Set-NetIPsecMainModeRule



This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing main mode rules.

SYNTAX


Set-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>]
[-NewDisplayName <String>] [-PassThru] [-Phase1AuthSet <String>] [-Platform <String[]>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>]
-InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession <String>] [-LocalAddress <String[]>]
[-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>]
[-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession <String>] [-LocalAddress <String[]>]
[-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>]
[-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession <String>] [-LocalAddress <String[]>]
[-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>]
[-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeRule [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession <String>] [-LocalAddress
<String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile
<Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecMainModeRule cmdlet modifies firewall properties of exsisting main mode rules. This cmdlet gets one or more main mode rules to be modified with the Name
parameter (default), the DisplayName parameter, or by group association using the DisplayGroup or Group parameters. The rules cannot be queried by property in this cmdlet.
The Get-NetIPsecMainModeRule cmdlet returns the queried objects and pipes the objects into this cmdlet. The remaining parameters specify the properties of the rule to be
modified. When the DisplayGroup or Group parameter is specified, then all of the sets associated with the group receive the same modifications. The rule parameters modified
using the dot-notation are committed using this cmdlet.


To move a rule to a new GPO, copy the existing rule by running the Copy-NetIPsecMainModeRule cmdlet with the NewPolicyStore parameter, then removing the old rule with the
Remove-NetIPsecMainModeRule cmdlet.


Modifying authentication or cryptographic configurations to use the default settings including NetIPsecPhase1AuthSet, NetIPsecMainModeCryptoSet, or with Default flag enabled
must be done by using dot-notation



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288371
Copy-NetIPsecMainModeRule
Enable-NetIPsecMainModeRule
Get-NetFirewallAddressFilter
Get-NetIPsecMainModeRule
Open-NetGPO
Remove-NetIPsecMainModeRule
Save-NetGPO
New-NetIPsecAuthProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128



PS C:\>$EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3



PS C:\>$cryptoset = New-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3



PS C:\>Set-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset



This example replaces the proposals for an existing main mode rule.




EXAMPLE 2

PS C:\>Set-NetIPsecMainModeRule -DisplayGroup "DA Client" -Enabled True



PS C:\>Enable-NetIPsecMainModeRule -DisplayGroup "DA Client"



This example shows two ways to enable all of the main mode rules in a predefined group.




EXAMPLE 3

PS C:\>Set-NetFirewallRule -DisplayName "Tunnel Mode - (DA Client)" –NewDisplayName "Tunnel Mode - Americas (DA Client)"



This example changes the display name for a main mode rule




EXAMPLE 4

PS C:\>$rule = Get-NetIPsecMainModeRule –DisplayName "Tunnel Mode - (DA Client)"



PS C:\>$rule.MainModeModeCryptoSet = "Default"



PS C:\>Set-NetIPsecMainModeRule –InputObject $rule



This example modifies a main mode rule to use the default encryption method for main mode if a custom one has been previously set to the rule.