Connection Security Rule Processing
Applies To: Windows Server 2008 R2
Windows Firewall with Advanced Security receives connection security rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving a new or modified policy, Windows Firewall must process each rule in the applied policies to interpret what network traffic is to be protected by using Internet Protocol security (IPsec).
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Windows Firewall with Advanced Security |
A connection security rule was added to IPsec settings. %tRule ID:%t%1 %tRuleName:%t%2 %tOrigin:%t%3 %tActive:%t%4 %tProtocol:%t%5 %tEndPoint1Ports:%t%6 %tEndPoint2Ports:%t%7 %tLocalTunnelEndpointV4:%t%8 %tLocalTunnelEndpointV6:%t%9 %tRemoteTunnelEndpointV4:%t%10 %tRemoteTunnelEndpointV6:%t%11 %tPhase1AuthSetId:%t%12 %tPhase2AuthSetId:%t%13 %tPhase2CryptoSetId:%t%14 %tAction:%t%15 %tProfiles:%t%16 %tLocalAddresses:%t%17 %tRemoteAddresses:%t%18 %tEmbeddedContext:%t%20 %tIsDTM:%t%22 %tApplyAuthZ:%t%23 %tBypassTunnelIfEncrypted:%t%24 %tNoIPSecOnOutbound:%t%25 %tModifyingUser:%t%26 %tModifyingApplication:%t%27 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A connection security rule was modified in IPsec settings. %tRule ID:%t%1 %tRuleName:%t%2 %tOrigin:%t%3 %tActive:%t%4 %tProtocol:%t%5 %tEndPoint1Ports:%t%6 %tEndPoint2Ports:%t%7 %tLocalTunnelEndpointV4:%t%8 %tLocalTunnelEndpointV6:%t%9 %tRemoteTunnelEndpointV4:%t%10 %tRemoteTunnelEndpointV6:%t%11 %tPhase1AuthSetId:%t%12 %tPhase2AuthSetId:%t%13 %tPhase2CryptoSetId:%t%14 %tAction:%t%15 %tProfiles:%t%16 %tLocalAddresses:%t%17 %tRemoteAddresses:%t%18 %tEmbeddedContext:%t%20 %tIsDTM:%t%22 %tApplyAuthZ:%t%23 %tBypassTunnelIfEncrypted:%t%24 %tNoIPSecOnOutbound:%t%25 %tModifyingUser:%t%26 %tModifyingApplication:%t%27 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A connection security rule was deleted from IPsec settings. Deleted Rule: %tRule ID:%t%1 %tRule Name:%t%2 %tModifying User:%t%3 %tModifying Application:%t%4 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A main mode rule has been added in the IPsec settings. %tRule ID:%t%1 %tRuleName:%t%2 %tProfiles:%t%3 %tEndpoint1:%t%4 %tEndpoint2:%t%5 %tPhase1AuthSetId:%t%6 %tPhase1CryptoSetId:%t%7 %tFlags:%t%8 %tActive:%t%9 %tEmbeddedContext:%t%10 %tOrigin:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A main mode rule has been modified in the IPsec settings. %tRule ID:%t%1 %tRuleName:%t%2 %tProfiles:%t%3 %tEndpoint1:%t%4 %tEndpoint2:%t%5 %tPhase1AuthSetId:%t%6 %tPhase1CryptoSetId:%t%7 %tFlags:%t%8 %tActive:%t%9 %tEmbeddedContext:%t%10 %tOrigin:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A main mode rule has been deleted in the IPsec settings. Deleted Rule: %tRule ID:%t%1 %tRule Name:%t%2 %tModifying User:%t%3 %tModifying Application:%t%4" |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 1 crypto set was added to IPsec settings. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tFlags:%t%6 %tNumSuites:%t%7 %tTimeOutMinutes:%t%10 %tTimeOutSessions:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 1 crypto set was modified in IPsec settings. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tFlags:%t%6 %tNumSuites:%t%7 %tTimeOutMinutes:%t%10 %tTimeOutSessions:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 1 crypto set was deleted from IPsec settings. Deleted Rule: %tRule ID:%t%1 %tRule Name:%t%2 %tModifying User:%t%3 %tModifying Application:%t%4 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 2 crypto set was added to IPsec settings. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tPfs:%t%6 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 2 crypto set was modified in IPsec settings. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tPfs:%t%6 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 2 crypto set was deleted from IPsec settings. Deleted Rule: %tRule ID:%t%1 %tRule Name:%t%2 %tModifying User:%t%3 %tModifying Application:%t%4 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
An authentication set has been added to IPsec settings. %tSet ID:%t%1 %tSet Name:%t%2 %tIPsecPhase:%t%3 %tOrigin:%t%5 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
An authentication set has been modified in IPsec settings. %tSet ID:%t%1 %tSet Name:%t%2 %tIPsecPhase:%t%3 %tOrigin:%t%5 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
An authentication set has been deleted from IPsec settings. Deleted Rule: %tRule ID:%t%1 %tRule Name:%t%2 %tModifying User:%t%3 %tModifying Application:%t%4 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
All connection security rules have been deleted from the IPsec configuration on this computer. %tStore Type:%t%1 %tModifyingUser:%t%2 %tModifyingApplication:%t%3 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
All main mode rules have been deleted from the IPsec configuration on this computer. %tStore Type:%t%1 %tModifyingUser:%t%2 %tModifyingApplication:%t%3 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
All authentication sets have been deleted from the IPsec configuration on this computer. %tIPsec Phase:%t%1 %tStore Type:%t%2 %tModifyingUser:%t%3 %tModifyingApplication:%t%4 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
All crypto sets have been deleted from the IPsec configuration on this computer. %tIPsec Phase:%t%1 %tStore Type:%t%2 %tModifyingUser:%t%3 %tModifyingApplication:%t%4 |