PowerShell Logo Small

Sync-NetIPsecRule



This is the built-in help made by Microsoft for the command 'Sync-NetIPsecRule', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Gets the list of IP addresses to be added and deleted to an IPsec rule based on the differences detected between the existing rule IP addresses and the specified IP addresses.

SYNTAX


Sync-NetIPsecRule [-AddressType <AddressVersion>] [-All [<SwitchParameter>]] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>]
[-DnsServers <String[]>] [-Domains <String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers
<String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore [<SwitchParameter>]] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Sync-NetIPsecRule [-IPsecRuleName] <String[]> [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>]
[-DnsServers <String[]>] [-Domains <String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers
<String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore [<SwitchParameter>]] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetFirewallProfile <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AllowSetKey <Boolean[]>] [-AllowWatchKey <Boolean[]>] [-AsJob [<SwitchParameter>]]
[-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>] [-DnsServers <String[]>] [-Domains <String[]>] [-Enabled
<Enabled[]>] [-EncryptedTunnelBypass <Boolean[]>] [-EndpointType <EndpointType>] [-ForwardPathLifetime <UInt32[]>] [-GPOSession <String>]
[-Group <String[]>] [-InboundSecurity <SecurityPolicy[]>] [-KeyModule <KeyModule[]>] [-Machine <String[]>] [-Mode <IPsecMode[]>]
[-OutboundSecurity <SecurityPolicy[]>] [-Phase1AuthSet <String[]>] [-Phase2AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource
<String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-QuickModeCryptoSet <String[]>]
[-RemoteTunnelHostname <String[]>] [-RequireAuthorization <Boolean[]>] [-Servers <String[]>] [-Status <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] [-User <String[]>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-Servers <String[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm
[<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetIPsecQuickModeCryptoSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetIPsecPhase2AuthSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetFirewallPortFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetFirewallInterfaceFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Sync-NetIPsecRule [-AddressType <AddressVersion>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-DnsServers <String[]>] [-Domains
<String[]>] [-EndpointType <EndpointType>] [-GPOSession <String>] [-PolicyStore <String>] [-Servers <String[]>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] -AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Sync-NetIPsecRule cmdlet detects changes in IPsec addresses retrieved from current IPsec addresses and input values, returns the
addresses, and then updates the IPsec rule end points.


The first tunnel policy is defined by IP addresses that are derived from domain names and servers. Running this cmdlet resolves the IP
addresses for the DirectAccess (DA) first tunnel and updates the Group Policy Objects (GPOs) appropriately. The specified DNS server, using
the DnsServers parameter, will be used to resolve the domain name and server names.


A list of IP addresses is retrieved based on the derived values from input parameters like the Domains and Servers parameters. This cmdlet
will output delta collection objects and the associated actions: to Add or Delete the change in IP addresses, the actual list of changes
detected, and a list of fully qualified domain names (FQDNs) that did not resolve. When there are multiple rules that match the same name, the
cmdlet fails with an error.


This parameter updates on per-rule basis with greater flexibility in rule selection or querying. Rules can be obtained using parameter values
including IPsecRuleName (default), DisplayName, rule properties, or by associated NetFirewall filters or NetIPsec objects. The resultant
specified end point of the queried rule is immediately updated.



<

RELATED LINKS

Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetIPsecPhase1AuthSet
Get-NetIPsecPhase2AuthSet
Get-NetIPsecQuickModeCryptoSet
New-NetIPsecRule
Open-NetGPO
Save-NetGPO
Set-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\> $serverPolicyStore = domain.contoso.com/server_GPO


PS C:\> $serverRuleName = "Any-Traffic-Win8DA-Rule"


PS C:\> $domains = "corp.contoso.com", "corp.contoso2.com"


PS C:\> $servers = "server2.corp.contoso.com"


PS C:\> $primaryDns64 = 1.2.2.1


PS C:\> Sync-NetIPsecRule -PolicyStore $serverPolicyStore -IPsecRuleName $serverRuleName -EndpointType endpoint1 -Domains $domains -Servers
$servers -DnsServers $primaryDns64 -AddressType IPv6 –Confirm



This example gets the list of IP addresses that need to be added and deleted to an IPsec rule based on the differences detected between the
existing rule IP addresses and the IP addresses derived from the input parameters, and then makes the updates. Specify the Confirm parameter
to see which rules are being updated.