This is the built-in help made by Microsoft for the command 'Set-NetIPsecRule', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies existing IPsec rules.
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description
<String>] [-Enabled <Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity
<SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>]
[-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName <String>]
[-OutboundSecurity <SecurityPolicy>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform
<String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>]
[-RemotePort <String[]>] [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit
<Int32>] [-User <String>] -Group <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description
<String>] [-Enabled <Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-InboundSecurity <SecurityPolicy>]
[-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort
<String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName <String>] [-OutboundSecurity
<SecurityPolicy>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform <String[]>] [-Profile
<Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>] [-RemoteTunnelEndpoint
<String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] -InputObject
<CimInstance[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description
<String>] [-Enabled <Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity
<SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>]
[-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName <String>]
[-OutboundSecurity <SecurityPolicy>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform
<String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>]
[-RemotePort <String[]>] [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit
<Int32>] [-User <String>] -DisplayGroup <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecRule [-IPsecRuleName] <String[]> [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob [<SwitchParameter>]] [-CimSession
<CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession
<String>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>]
[-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName
<String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform
<String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>]
[-RemotePort <String[]>] [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit
<Int32>] [-User <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description
<String>] [-Enabled <Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity
<SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>]
[-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName <String>]
[-OutboundSecurity <SecurityPolicy>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform
<String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>]
[-RemotePort <String[]>] [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit
<Int32>] [-User <String>] -DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
The Set-NetIPsecRule cmdlet modifies existing IPsec rules. This cmdlet gets one or more IPsec rules to be modified with the IPsecRuleName
parameter (default), the DisplayName parameter, or by group association using the DisplayGroup or Group parameter. The rules cannot be queried
by property in this cmdlet. The Get-NetIPsecRule cmdlet returns the queried rules and pipes the rules into this cmdlet. The remaining
parameters specify the properties of the rule to be modified. When the DisplayGroup or Group parameter is specified, then all of the sets
associated with the group receive the same modifications. The rule parameters modified using the dot-notation are committed with this cmdlet.
To move a rule to a new GPO, copy the existing rule by running the Copy-NetIPsecRule cmdlet with the NewPolicyStore parameter, then remove the
old rule by running the Remove-NetIPsecRule cmdlet.
This cmdlet modifies one or more authentication or cryptographic configurations to use the default settings including the
NetIPsecPhase1AuthSet, NetIPsecPhase2AuthSet, or NetIPsecQuickModeCryptoSet object with the Default flag enabled must be done by using
dot-notation
<
Copy-NetIPsecRule
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetIPsecRule
Remove-NetIPsecRule
New-GPO
<
EXAMPLE 1
PS C:\> $kerbComputer = New-NetIPsecAuthProposal -Kerberos -Machine
PS C:\> $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Computer Kerb Auth" -Proposal $kerbComputer
PS C:\> Set-NetIPsecRule -DisplayName "SecureNet Rule" –Phase1AuthSet $Phase1AuthSet.Name
This example replaces the proposals of an existing IPsec rule.
EXAMPLE 2
PS C:\> Set-NetIPsecRule -DisplayGroup "DA Client" -Enabled True
PS C:\> Enable-NetIPsecRule -DisplayGroup "DA Client"
This example shows two ways to enables all of the IPsec rules in a predefined group.
EXAMPLE 3
PS C:\> Set-NetIPsecRule -DisplayName "Tunnel Mode - (DA Client)" –NewDisplayName "Tunnel Mode - Americas (DA Client)"
This example changes the display name of an IPsec rule
EXAMPLE 4
PS C:\> $rule = Get-NetIPsecRule –DisplayName "IPsec Rule"
PS C:\> $rule.QuickModeCryptoSet = "Default"
PS C:\> Set-NetIPsecRule –InputObject $rule
This example modifies an IPsec rule to use the default encryption method for main mode if a custom main mode has been previously set to the
rule.