i typed in netsh advfirewall set global StatefullFTP disable . I do not understand the response
Posted: 2020-04-14 11:01
Greetings to all, I have a Windows 10 64--bit and all the updates. I do understand because I an learning.
What does CRL checking mean ? What does specified value is not valid mean? Could someone please what all this means ? Thank you
PS C:\Windows\system32> netsh advfirewall set global StatefullFTP disable
A specified value is not valid.
Usage: set global statefulftp|statefulpptp enable|disable|notconfigured
set global ipsec (parameter) (value)
set global mainmode (parameter) (value) | notconfigured
IPsec Parameters:
strongcrlcheck - Configures how CRL checking is enforced.
0: Disable CRL checking (default)
1: Fail if cert is revoked
2: Fail on any error
notconfigured: Returns the value to its not
configured state.
saidletimemin - Configures the security association idle time in
minutes.
- Usage: 5-60|notconfigured (default=5)
defaultexemptions - Configures the default IPsec exemptions. Default is
to exempt IPv6 neighbordiscovery protocol and
DHCP from IPsec.
- Usage: none|neighbordiscovery|icmp|dhcp|notconfigured
ipsecthroughnat - Configures when security associations can be
established with a computer behind a network
address translator.
- Usage: never|serverbehindnat|
serverandclientbehindnat|
notconfigured(default=never)
authzcomputergrp - Configures the computers that are authorized to
establish tunnel mode connections.
- Usage: none|<SDDL string>|notconfigured
authzusergrp - Configures the users that are authorized to establish
tunnel mode connections.
- Usage: none|<SDDL string>|notconfigured
Main Mode Parameters:
mmkeylifetime - Sets main mode key lifetime in minutes
or sessions, or both.
- Usage: <num>min,<num>sess
minlifetime: <1> min,
maxlifetime: <2880> min
minsessions: <0> sessions,
maxsessions: <2,147,483,647> sessions
mmsecmethods - configures the main mode list of proposals
- Usage:
keyexch:enc-integrity,keyexch:enc-integrity[,...]|default
- keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24|
ecdhp256|ecdhp384
- enc=3des|des|aes128|aes192|aes256
- integrity=md5|sha1|sha256|sha384
mmforcedh - configures the option to use DH to secure key exchange.
- Usage:
yes|no (default=no)
Remarks:
- Configures global settings, including advanced IPsec options.
- The use of DES, MD5 and DHGroup1 is not recommended. These
cryptographic algorithms are provided for backward compatibility
only.
- The mmsecmethods keyword default sets the policy to:
dhgroup2-aes128-sha1,dhgroup2-3des-sha1
Examples:
Disable CRL checking:
netsh advfirewall set global ipsec strongcrlcheck 0
Turn on the Firewall support for stateful FTP:
netsh advfirewall set global statefulftp enable
Set global main mode proposals to the default value:
netsh advfirewall set global mainmode mmsecmethods default
Set global main mode proposals to a customer list:
netsh advfirewall set global mainmode mmsecmethods
dhgroup1:des-md5,dhgroup1:3des-sha1
PS C:\Windows\system32>
What does CRL checking mean ? What does specified value is not valid mean? Could someone please what all this means ? Thank you
PS C:\Windows\system32> netsh advfirewall set global StatefullFTP disable
A specified value is not valid.
Usage: set global statefulftp|statefulpptp enable|disable|notconfigured
set global ipsec (parameter) (value)
set global mainmode (parameter) (value) | notconfigured
IPsec Parameters:
strongcrlcheck - Configures how CRL checking is enforced.
0: Disable CRL checking (default)
1: Fail if cert is revoked
2: Fail on any error
notconfigured: Returns the value to its not
configured state.
saidletimemin - Configures the security association idle time in
minutes.
- Usage: 5-60|notconfigured (default=5)
defaultexemptions - Configures the default IPsec exemptions. Default is
to exempt IPv6 neighbordiscovery protocol and
DHCP from IPsec.
- Usage: none|neighbordiscovery|icmp|dhcp|notconfigured
ipsecthroughnat - Configures when security associations can be
established with a computer behind a network
address translator.
- Usage: never|serverbehindnat|
serverandclientbehindnat|
notconfigured(default=never)
authzcomputergrp - Configures the computers that are authorized to
establish tunnel mode connections.
- Usage: none|<SDDL string>|notconfigured
authzusergrp - Configures the users that are authorized to establish
tunnel mode connections.
- Usage: none|<SDDL string>|notconfigured
Main Mode Parameters:
mmkeylifetime - Sets main mode key lifetime in minutes
or sessions, or both.
- Usage: <num>min,<num>sess
minlifetime: <1> min,
maxlifetime: <2880> min
minsessions: <0> sessions,
maxsessions: <2,147,483,647> sessions
mmsecmethods - configures the main mode list of proposals
- Usage:
keyexch:enc-integrity,keyexch:enc-integrity[,...]|default
- keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24|
ecdhp256|ecdhp384
- enc=3des|des|aes128|aes192|aes256
- integrity=md5|sha1|sha256|sha384
mmforcedh - configures the option to use DH to secure key exchange.
- Usage:
yes|no (default=no)
Remarks:
- Configures global settings, including advanced IPsec options.
- The use of DES, MD5 and DHGroup1 is not recommended. These
cryptographic algorithms are provided for backward compatibility
only.
- The mmsecmethods keyword default sets the policy to:
dhgroup2-aes128-sha1,dhgroup2-3des-sha1
Examples:
Disable CRL checking:
netsh advfirewall set global ipsec strongcrlcheck 0
Turn on the Firewall support for stateful FTP:
netsh advfirewall set global statefulftp enable
Set global main mode proposals to the default value:
netsh advfirewall set global mainmode mmsecmethods default
Set global main mode proposals to a customer list:
netsh advfirewall set global mainmode mmsecmethods
dhgroup1:des-md5,dhgroup1:3des-sha1
PS C:\Windows\system32>