PowerShell Logo Small

Set-NetIPsecRule



This is the built-in help made by Microsoft for the command 'Set-NetIPsecRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing IPsec rules.

SYNTAX


Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>]
[-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>]
[-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode <IPsecMode>] [-NewDisplayName
<String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform <String[]>] [-Profile <Profile>] [-Protocol
<String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>] [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>]
[-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>]
[-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>]
[-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode
<IPsecMode>] [-NewDisplayName <String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform <String[]>]
[-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>] [-RemoteTunnelEndpoint
<String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] -DisplayGroup <String[]> [-Confirm] [-WhatIf]
[<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>]
[-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>]
[-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode
<IPsecMode>] [-NewDisplayName <String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform <String[]>]
[-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>] [-RemoteTunnelEndpoint
<String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] -Group <String[]> [-Confirm] [-WhatIf]
[<CommonParameters>]
Set-NetIPsecRule [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>]
[-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias <WildcardPattern[]>]
[-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine <String>] [-Mode
<IPsecMode>] [-NewDisplayName <String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform <String[]>]
[-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>] [-RemoteTunnelEndpoint
<String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] -DisplayName <String[]> [-Confirm] [-WhatIf]
[<CommonParameters>]
Set-NetIPsecRule [-IPsecRuleName] <String[]> [-AllowSetKey <Boolean>] [-AllowWatchKey <Boolean>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled
<Enabled>] [-EncryptedTunnelBypass <Boolean>] [-ForwardPathLifetime <UInt32>] [-GPOSession <String>] [-InboundSecurity <SecurityPolicy>] [-InterfaceAlias
<WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-KeyModule <KeyModule>] [-LocalAddress <String[]>] [-LocalPort <String[]>] [-LocalTunnelEndpoint <String[]>] [-Machine
<String>] [-Mode <IPsecMode>] [-NewDisplayName <String>] [-OutboundSecurity <SecurityPolicy>] [-PassThru] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-Platform
<String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-Protocol <String>] [-QuickModeCryptoSet <String>] [-RemoteAddress <String[]>] [-RemotePort <String[]>]
[-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-RequireAuthorization <Boolean>] [-ThrottleLimit <Int32>] [-User <String>] [-Confirm] [-WhatIf]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecRule cmdlet modifies existing IPsec rules. This cmdlet gets one or more IPsec rules to be modified with the IPsecRuleName parameter (default), the
DisplayName parameter, or by group association using the DisplayGroup or Group parameter. The rules cannot be queried by property in this cmdlet. The Get-NetIPsecRule cmdlet
returns the queried rules and pipes the rules into this cmdlet. The remaining parameters specify the properties of the rule to be modified. When the DisplayGroup or Group
parameter is specified, then all of the sets associated with the group receive the same modifications. The rule parameters modified using the dot-notation are committed with
this cmdlet.


To move a rule to a new GPO, copy the existing rule by running the Copy-NetIPsecRule cmdlet with the NewPolicyStore parameter, then remove the old rule by running the
Remove-NetIPsecRule cmdlet.


This cmdlet modifies one or more authentication or cryptographic configurations to use the default settings including the NetIPsecPhase1AuthSet, NetIPsecPhase2AuthSet, or
NetIPsecQuickModeCryptoSet object with the Default flag enabled must be done by using dot-notation



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288375
Copy-NetIPsecRule
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetIPsecRule
Remove-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$kerbComputer = New-NetIPsecAuthProposal -Kerberos -Machine



PS C:\>$Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Computer Kerb Auth" -Proposal $kerbComputer



PS C:\>Set-NetIPsecRule -DisplayName "SecureNet Rule" –Phase1AuthSet $Phase1AuthSet.Name



This example replaces the proposals of an existing IPsec rule.




EXAMPLE 2

PS C:\>Set-NetIPsecRule -DisplayGroup "DA Client" -Enabled True



PS C:\>Enable-NetIPsecRule -DisplayGroup "DA Client"



This example shows two ways to enables all of the IPsec rules in a predefined group.




EXAMPLE 3

PS C:\>Set-NetIPsecRule -DisplayName "Tunnel Mode - (DA Client)" –NewDisplayName "Tunnel Mode - Americas (DA Client)"



This example changes the display name of an IPsec rule




EXAMPLE 4

PS C:\>$rule = Get-NetIPsecRule –DisplayName "IPsec Rule"



PS C:\>$rule.QuickModeCryptoSet = "Default"



PS C:\>Set-NetIPsecRule –InputObject $rule



This example modifies an IPsec rule to use the default encryption method for main mode if a custom main mode has been previously set to the rule.