PowerShell Logo Small

Set-NetIPsecMainModeRule



This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeRule', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing main mode rules.

SYNTAX


Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>]
-DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>]
-DisplayGroup <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-Name] <String[]> [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled
<Enabled>] [-GPOSession <String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru
[<SwitchParameter>]] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>]
[-ThrottleLimit <Int32>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-LocalAddress
<String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Platform
<String[]>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm
[<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -Group
<String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecMainModeRule cmdlet modifies firewall properties of exsisting main mode rules. This cmdlet gets one or more main mode rules to
be modified with the Name parameter (default), the DisplayName parameter, or by group association using the DisplayGroup or Group parameters.
The rules cannot be queried by property in this cmdlet. The Get-NetIPsecMainModeRule cmdlet returns the queried objects and pipes the objects
into this cmdlet. The remaining parameters specify the properties of the rule to be modified. When the DisplayGroup or Group parameter is
specified, then all of the sets associated with the group receive the same modifications. The rule parameters modified using the dot-notation
are committed using this cmdlet.


To move a rule to a new GPO, copy the existing rule by running the Copy-NetIPsecMainModeRule cmdlet with the NewPolicyStore parameter, then
removing the old rule with the Remove-NetIPsecMainModeRule cmdlet.


Modifying authentication or cryptographic configurations to use the default settings including NetIPsecPhase1AuthSet,
NetIPsecMainModeCryptoSet, or with Default flag enabled must be done by using dot-notation



<

RELATED LINKS

Copy-NetIPsecMainModeRule
Enable-NetIPsecMainModeRule
Get-NetFirewallAddressFilter
Get-NetIPsecMainModeRule
Open-NetGPO
Remove-NetIPsecMainModeRule
Save-NetGPO
New-NetIPsecAuthProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\> $EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128


PS C:\> $EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3


PS C:\> $cryptoset = New-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3


PS C:\> Set-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset



This example replaces the proposals for an existing main mode rule.




EXAMPLE 2

PS C:\> Set-NetIPsecMainModeRule -DisplayGroup "DA Client" -Enabled True


PS C:\> Enable-NetIPsecMainModeRule -DisplayGroup "DA Client"



This example shows two ways to enable all of the main mode rules in a predefined group.




EXAMPLE 3

PS C:\> Set-NetFirewallRule -DisplayName "Tunnel Mode - (DA Client)" –NewDisplayName "Tunnel Mode - Americas (DA Client)"



This example changes the display name for a main mode rule




EXAMPLE 4

PS C:\> $rule = Get-NetIPsecMainModeRule –DisplayName "Tunnel Mode - (DA Client)"


PS C:\> $rule.MainModeModeCryptoSet = "Default"


PS C:\> Set-NetIPsecMainModeRule –InputObject $rule



This example modifies a main mode rule to use the default encryption method for main mode if a custom one has been previously set to the rule.