Share via


Netsh AdvFirewall Monitor Commands

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Typing the command monitor at the netsh advfirewall context changes to the Netsh AdvFirewall Monitor context, where you can view the IPsec security associations (SAs) that exist on your computer. This context is the command-line equivalent to the Monitoring section of the Windows Firewall with Advanced Security MMC snap-in.

The following commands are available at the netsh advfirewall monitor> prompt.

To view the command syntax, click a command:

  • delete

  • show

delete

Deletes the specified Main Mode or Quick Mode security associations.

Syntax

delete

mmsa | qmsa }

IPv4AddressPair | IPv6AddressPair | all }

Parameters

  • mmsa | qmsa
    Required. Specifies the type of SA to delete.

    • mmsa specifies that main mode SAs matching the specified addresses are deleted.

    • qmsa specifies that quick mode SAs matching the specified addresses are deleted.

  • IPv4AddressPair | IPv6AddressPair | all
    Specifies the SAs to delete by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

    You can specify a wildcard for either address to indicate a match for any address:

    • IPv4:    0.0.0.0

    • IPv6:    ::0

    If you use the keyword all, then all SAs of the specified type are deleted.

Examples

  • The following command deletes all Main Mode SAs active on the local computer:

    delete mmsa all

  • The following command deletes any existing Quick Mode SA between two specific IP addresses:

    delete qmsa 192.168.1.1 192.168.2.2

show

Displays state information about the firewall and IPsec configuration of the computer.

The show command supports the following options:

  • show consec

  • show currentprofile

  • show firewall

  • show mainmode

  • show mmsa

  • show qmsa

Note

The netsh command in Windows Vista and Windows Server 2008 support only the show mmsa and show qmsa. The consec, currentprofile, firewall, and mainmode commands are supported on computers that are running Windows 7 and Windows Server 2008 R2 only.

show consec

Displays the currently configured connection security (IPsec) settings. By default, the output is in summary form.

Note

The show consec command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

Syntax

show consec

rule name = { all | RuleName }

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

     [ verbose ]

Parameters

  • name =all | RuleName }
    Causes the output to include connection security rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
  • profile = { public | private | domain | active | any } [ ,… ] ]
    Specifies that only rules defined for the selected profiles are to be included in the output.
  • verbose ]
    Includes information about rule sources, security associations, and other more detailed output than the default option.

Examples

  • The following command displays the basic connection security configuration for the local computer:

    show consec

  • The following command displays detailed information about rules in that are assigned to currently active network profiles:

    show consec rule name=all profile=active verbose

show currentprofile

Displays the current active network profiles and the network connections that are associated with each.

Note

The show currentprofile command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

Syntax

show currentprofile

show firewall

Displays the currently configured firewall settings. By default, the output is in summary form.

Note

The show firewall command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

Syntax

show firewall

rule name = { all | RuleName }

     [ dir = { in | out } ]

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

Parameters

  • name =all | RuleName }
    Causes the output to include firewall rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
  • dir = { in | out } ]
    Specifies that only firewall rules defined for the selected direction are to be included in the output.
  • profile = { public | private | domain | active | any } [ ,… ] ]
    Specifies that only rules defined for the selected profiles are to be included in the output.
  • verbose ]
    Includes information about rule sources, security associations, and other more detailed output than the default option.

Examples

  • The following command displays the basic firewall configuration for the local computer:

    show firewall

  • The following command displays detailed information about inbound rules in that are assigned to currently active network profiles:

    show consec rule name=all dir=in profile=active verbose

show mainmode

Displays the current main mode IPsec configuration. By default, the output is in summary form.

Note

The show mainmode command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

Syntax

show mainmode

rule name = { all | RuleName }

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

verbose ]

Parameters

  • name =all | RuleName }
    Causes the output to include rules that match the specified rule name. If you specify all, then all currently active rules are displayed.
  • profile = { public | private | domain | active | any } [ ,… ] ]
    Specifies that only rules defined for the selected profiles are to be included in the output.
  • verbose ]
    Includes more detailed output than the default option.

Examples

  • The following command displays the basic main mode configuration for the local computer:

    show mainmode

  • The following command displays detailed information about main mode rules in that are assigned to currently active network profiles:

    show consec rule name=all profile=active verbose

show mmsa

Displays a list of the currently active main mode security associations.

Syntax

show mmsa

IPv4AddressPair | IPv6AddressPair | all }

Parameters

  • IPv4AddressPair | IPv6AddressPair | all
    Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

    You can specify a wildcard for either address to indicate a match for any address:

    • Wildcard for IPv4:    0.0.0.0

    • Wildcard for IPv6:    ::0

    If you use the keyword all, then all SAs of the indicated type are displayed.

Examples

  • The following command displays all main mode SAs active on the local computer:

    show mmsa all

  • The following command displays any existing main mode SA between two specified IP addresses:

    show mmsa 192.168.1.1 192.168.2.2

  • The following command displays any existing main mode SAs that exist between a specified IP address and any other:

    show mmsa 192.168.1.1 0.0.0.0

show qmsa

Displays a list of the currently active quick mode security associations.

Syntax

show

IPv4AddressPair | IPv6AddressPair | all }

Parameters

  • IPv4AddressPair | IPv6AddressPair | all
    Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

    You can specify a wildcard for either address to indicate a match for any address:

    • Wildcard for IPv4:    0.0.0.0

    • Wildcard for IPv6:    ::0

    If you use the keyword all, then all SAs of the indicated type are displayed.

Examples

  • The following command displays all quick mode SAs active on the local computer:

    show qmsa all

  • The following command displays any existing quick mode SA between two specified IP addresses:

    show qmsa 192.168.1.1 192.168.2.2

  • The following command displays any existing quick mode SAs that exist between a specified IP address and any other:

    show qmsa 192.168.1.1 0.0.0.0