Netsh AdvFirewall Monitor Commands
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Typing the command monitor at the netsh advfirewall context changes to the Netsh AdvFirewall Monitor context, where you can view the IPsec security associations (SAs) that exist on your computer. This context is the command-line equivalent to the Monitoring section of the Windows Firewall with Advanced Security MMC snap-in.
The following commands are available at the netsh advfirewall monitor> prompt.
To view the command syntax, click a command:
delete
show
delete
Deletes the specified Main Mode or Quick Mode security associations.
Syntax
delete
{ mmsa | qmsa }
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
mmsa | qmsa
Required. Specifies the type of SA to delete.mmsa specifies that main mode SAs matching the specified addresses are deleted.
qmsa specifies that quick mode SAs matching the specified addresses are deleted.
IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to delete by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.You can specify a wildcard for either address to indicate a match for any address:
IPv4: 0.0.0.0
IPv6: ::0
If you use the keyword all, then all SAs of the specified type are deleted.
Examples
The following command deletes all Main Mode SAs active on the local computer:
delete mmsa all
The following command deletes any existing Quick Mode SA between two specific IP addresses:
delete qmsa 192.168.1.1 192.168.2.2
show
Displays state information about the firewall and IPsec configuration of the computer.
The show command supports the following options:
show consec
show currentprofile
show firewall
show mainmode
show mmsa
show qmsa
Note
The netsh command in Windows Vista and Windows Server 2008 support only the show mmsa and show qmsa. The consec, currentprofile, firewall, and mainmode commands are supported on computers that are running Windows 7 and Windows Server 2008 R2 only.
show consec
Displays the currently configured connection security (IPsec) settings. By default, the output is in summary form.
Note
The show consec command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.
Syntax
show consec
[ rule name = { all | RuleName }
[ profile = { public | private | domain | active | any } [ ,… ] ] ]
[ verbose ]
Parameters
- name = { all | RuleName }
Causes the output to include connection security rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
- [ profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.
- [ verbose ]
Includes information about rule sources, security associations, and other more detailed output than the default option.
Examples
The following command displays the basic connection security configuration for the local computer:
show consec
The following command displays detailed information about rules in that are assigned to currently active network profiles:
show consec rule name=all profile=active verbose
show currentprofile
Displays the current active network profiles and the network connections that are associated with each.
Note
The show currentprofile command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.
Syntax
show currentprofile
show firewall
Displays the currently configured firewall settings. By default, the output is in summary form.
Note
The show firewall command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.
Syntax
show firewall
[ rule name = { all | RuleName }
[ dir = { in | out } ]
[ profile = { public | private | domain | active | any } [ ,… ] ] ]
Parameters
- name = { all | RuleName }
Causes the output to include firewall rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
- [ dir = { in | out } ]
Specifies that only firewall rules defined for the selected direction are to be included in the output.
- [ profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.
- [ verbose ]
Includes information about rule sources, security associations, and other more detailed output than the default option.
Examples
The following command displays the basic firewall configuration for the local computer:
show firewall
The following command displays detailed information about inbound rules in that are assigned to currently active network profiles:
show consec rule name=all dir=in profile=active verbose
show mainmode
Displays the current main mode IPsec configuration. By default, the output is in summary form.
Note
The show mainmode command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.
Syntax
show mainmode
[ rule name = { all | RuleName }
[ profile = { public | private | domain | active | any } [ ,… ] ] ]
[ verbose ]
Parameters
- name = { all | RuleName }
Causes the output to include rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
- [ profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.
- [ verbose ]
Includes more detailed output than the default option.
Examples
The following command displays the basic main mode configuration for the local computer:
show mainmode
The following command displays detailed information about main mode rules in that are assigned to currently active network profiles:
show consec rule name=all profile=active verbose
show mmsa
Displays a list of the currently active main mode security associations.
Syntax
show mmsa
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.You can specify a wildcard for either address to indicate a match for any address:
Wildcard for IPv4: 0.0.0.0
Wildcard for IPv6: ::0
If you use the keyword all, then all SAs of the indicated type are displayed.
Examples
The following command displays all main mode SAs active on the local computer:
show mmsa all
The following command displays any existing main mode SA between two specified IP addresses:
show mmsa 192.168.1.1 192.168.2.2
The following command displays any existing main mode SAs that exist between a specified IP address and any other:
show mmsa 192.168.1.1 0.0.0.0
show qmsa
Displays a list of the currently active quick mode security associations.
Syntax
show
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.You can specify a wildcard for either address to indicate a match for any address:
Wildcard for IPv4: 0.0.0.0
Wildcard for IPv6: ::0
If you use the keyword all, then all SAs of the indicated type are displayed.
Examples
The following command displays all quick mode SAs active on the local computer:
show qmsa all
The following command displays any existing quick mode SA between two specified IP addresses:
show qmsa 192.168.1.1 192.168.2.2
The following command displays any existing quick mode SAs that exist between a specified IP address and any other:
show qmsa 192.168.1.1 0.0.0.0