Export (0) Print
Expand All

Netsh AdvFirewall Monitor Commands

Updated: June 1, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Typing the command monitor at the netsh advfirewall context changes to the Netsh AdvFirewall Monitor context, where you can view the IPsec security associations (SAs) that exist on your computer. This context is the command-line equivalent to the Monitoring section of the Windows Firewall with Advanced Security MMC snap-in.

The following commands are available at the netsh advfirewall monitor> prompt.

To view the command syntax, click a command:

Deletes the specified Main Mode or Quick Mode security associations.

delete

mmsa | qmsa }

IPv4AddressPair | IPv6AddressPair | all }

mmsa | qmsa
Required. Specifies the type of SA to delete.

  • mmsa specifies that main mode SAs matching the specified addresses are deleted.

  • qmsa specifies that quick mode SAs matching the specified addresses are deleted.

IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to delete by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

You can specify a wildcard for either address to indicate a match for any address:

  • IPv4:    0.0.0.0

  • IPv6:    ::0

If you use the keyword all, then all SAs of the specified type are deleted.

  • The following command deletes all Main Mode SAs active on the local computer:

    delete mmsa all

  • The following command deletes any existing Quick Mode SA between two specific IP addresses:

    delete qmsa 192.168.1.1 192.168.2.2

Displays state information about the firewall and IPsec configuration of the computer.

The show command supports the following options:

noteNote
The netsh command in Windows Vista and Windows Server 2008 support only the show mmsa and show qmsa. The consec, currentprofile, firewall, and mainmode commands are supported on computers that are running Windows 7 and Windows Server 2008 R2 only.

Displays the currently configured connection security (IPsec) settings. By default, the output is in summary form.

noteNote
The show consec command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

show consec

rule name = { all | RuleName }

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

     [ verbose ]

name =all | RuleName }
Causes the output to include connection security rules that match the specified rule name. If you specify all, then all currently active rules are displayed.

profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.

verbose ]
Includes information about rule sources, security associations, and other more detailed output than the default option.

  • The following command displays the basic connection security configuration for the local computer:

    show consec

  • The following command displays detailed information about rules in that are assigned to currently active network profiles:

    show consec rule name=all profile=active verbose

Displays the current active network profiles and the network connections that are associated with each.

noteNote
The show currentprofile command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

show currentprofile

Displays the currently configured firewall settings. By default, the output is in summary form.

noteNote
The show firewall command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

show firewall

rule name = { all | RuleName }

     [ dir = { in | out } ]

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

name =all | RuleName }
Causes the output to include firewall rules that match the specified rule name. If you specify all, then all currently active rules are displayed.

dir = { in | out } ]
Specifies that only firewall rules defined for the selected direction are to be included in the output.

profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.

verbose ]
Includes information about rule sources, security associations, and other more detailed output than the default option.

  • The following command displays the basic firewall configuration for the local computer:

    show firewall

  • The following command displays detailed information about inbound rules in that are assigned to currently active network profiles:

    show consec rule name=all dir=in profile=active verbose

Displays the current main mode IPsec configuration. By default, the output is in summary form.

noteNote
The show mainmode command is supported only on computers that are running Windows 7 or Windows Server 2008 R2.

show mainmode

rule name = { all | RuleName }

     [ profile = { public | private | domain | active | any } [ ,… ] ] ]

verbose ]

name =all | RuleName }
Causes the output to include rules that match the specified rule name. If you specify all, then all currently active rules are displayed.

profile = { public | private | domain | active | any } [ ,… ] ]
Specifies that only rules defined for the selected profiles are to be included in the output.

verbose ]
Includes more detailed output than the default option.

  • The following command displays the basic main mode configuration for the local computer:

    show mainmode

  • The following command displays detailed information about main mode rules in that are assigned to currently active network profiles:

    show consec rule name=all profile=active verbose

Displays a list of the currently active main mode security associations.

show mmsa

IPv4AddressPair | IPv6AddressPair | all }

IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

You can specify a wildcard for either address to indicate a match for any address:

  • Wildcard for IPv4:    0.0.0.0

  • Wildcard for IPv6:    ::0

If you use the keyword all, then all SAs of the indicated type are displayed.

  • The following command displays all main mode SAs active on the local computer:

    show mmsa all

  • The following command displays any existing main mode SA between two specified IP addresses:

    show mmsa 192.168.1.1 192.168.2.2

  • The following command displays any existing main mode SAs that exist between a specified IP address and any other:

    show mmsa 192.168.1.1 0.0.0.0

Displays a list of the currently active quick mode security associations.

show

IPv4AddressPair | IPv6AddressPair | all }

IPv4AddressPair | IPv6AddressPair | all
Specifies the SAs to display by matching source and destination IP addresses. The address pairs are a single IP source address and a single IP destination address. The order does not matter. The IP version of both addresses must match.

You can specify a wildcard for either address to indicate a match for any address:

  • Wildcard for IPv4:    0.0.0.0

  • Wildcard for IPv6:    ::0

If you use the keyword all, then all SAs of the indicated type are displayed.

  • The following command displays all quick mode SAs active on the local computer:

    show qmsa all

  • The following command displays any existing quick mode SA between two specified IP addresses:

    show qmsa 192.168.1.1 192.168.2.2

  • The following command displays any existing quick mode SAs that exist between a specified IP address and any other:

    show qmsa 192.168.1.1 0.0.0.0

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft