New-NetFirewallHyperVVMSetting

Configures Hyper-V firewall per-VM settings on the target computer.

Syntax

New-NetFirewallHyperVVMSetting
   [-PolicyStore <string>]
   [-GPOSession <string>]
   [-Name <string>]
   [-Enabled {False | True | NotConfigured}]
   [-DefaultInboundAction {NotConfigured | Allow | Block}]
   [-DefaultOutboundAction {NotConfigured | Allow | Block}]
   [-LoopbackEnabled {False | True | NotConfigured}]
   [-AllowHostPolicyMerge {False | True | NotConfigured}]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <int>]
   [-AsJob]
   [-WhatIf]
   [-Confirm] 
   [<CommonParameters>]

Description

The New-NetFirewallHyperVVMSetting cmdlet configures settings for the Hyper-V firewall per-VM settings on the system. These settings are applicable to all Hyper-V firewall ports created by a specific Hyper-V firewall VM creator.

This cmdlet should be used when none of the following are true: a Hyper-V VM creator has registered its VM creator ID with the system, when another Hyper-V setting is already configured for the specified VM creator ID, or when a Hyper-V firewall port is created with the specified VM creator ID. If any of these is true, the Set-NetFirewallHyperVVMSetting cmdlet should be used. In other words, this cmdlet can be used to configure policy prior to the application corresponding to the specific VM creator ID running on the system.

Examples

EXAMPLE 1

PS C:\> New-NetFirewallHyperVVMSetting -Name '{9E288F02-CE00-4D9E-BE2B-14CE463B0298}' -LoopbackEnabled True

This example configures the LoopbackEnabled setting for all Hyper-V firewall ports created by the Hyper-V firewall VM creator specified.

Parameters

-AllowHostPolicyMerge

Specifies that the host firewall policy should be merged into the effective policy.

This setting controls whether host firewall profile settings (DefaultInboundAction, DefaultOutboundAction, Enabled, AllowLocalFirewallRules) as well as host firewall rules (only rules that are IP 5-tuple based, that is, not having any local conditions such as application) should be applicable to Hyper-V firewall.

Policy configurations may come from many stores. If this setting is True, the following order of precedence is used for determining the effective policy (highest priority to lowest priority):

  • Host Firewall Group Policy
  • Hyper-V Firewall MDM
  • Host Firewall MDM
  • Hyper-V Firewall Local
  • Host Firewall Local

The acceptable values for this parameter are: False, True, or NotConfigured.

  • True: Host firewall rules and settings are applied to the Hyper-V firewall.

  • False: Host firewall rules and settings are not applied to Hyper-V firewall

  • NotConfigured: Resets this value back to its default.

The default setting is True.

Type:GpoBoolean
Accepted values:False, True, NotConfigured
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultInboundAction

Specifies how to filter inbound traffic which does not match any Hyper-V firewall rules. The acceptable values for this parameter are: NotConfigured, Allow, or Block.

This setting applies the configuration to all profiles. For configuring at a per-profile granularity, use the New-NetFirewallHyperVProfile cmdlet.

  • Block: Blocks inbound network traffic that does not match an inbound rule.
  • Allow: Allows all inbound network traffic, whether or not it matches an inbound rule.
  • NotConfigured: Resets this value back to its default.

The default setting is Block.

Type:Action
Accepted values:NotConfigured, Allow, Block
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultOutboundAction

Specifies how to filter outbound traffic which does not match any Hyper-V firewall rules. The acceptable values for this parameter are: NotConfigured, Allow, or Block.

This setting applies the configuration to all profiles. For configuring at a per-profile granularity, use the New-NetFirewallHyperVProfile cmdlet.

  • Block: Blocks outbound network traffic that does not match an outbound rule.
  • Allow: Allows all outbound network traffic, whether or not it matches an outbound rule.
  • NotConfigured: Resets this value back to its default.

The default setting is Block.

Type:Action
Accepted values:NotConfigured, Allow, Block
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Enabled

Determines whether or not the Hyper-V firewall is active and enforced. The acceptable values for this parameter are: False, True, or NotConfigured.

This setting applies the configuration to all profiles. For configuring at a per-profile granularity, use the New-NetFirewallHyperVProfile cmdlet.

  • True: Enables Windows Hyper-V firewall.
  • False: Disables Windows Hyper-V firewall.
  • NotConfigured: Resets this value back to its default.

The default setting is True.

Type:GpoBoolean
Accepted values:False, True, NotConfigured
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LoopbackEnabled

Determines whether or not guest-host loopback traffic is allowed.

The acceptable values for this parameter are: False, True, or NotConfigured.

  • True: Hyper-V firewall allows traffic between guest and host.
  • False: Hyper-V firewall blocks traffic between guest and host.
  • NotConfigured: Resets this value back to its default.

The default setting is False.

Type:GpoBoolean
Accepted values:False, True, NotConfigured
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies that the settings are applicable only to the Hyper-V firewall VM creator with the matching ID.

The format for this value is a GUID enclosed in brackets: '{9E288F02-CE00-4D9E-BE2B-14CE463B0298}'.

Type:String
Aliases:VMCreatorId
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.

The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.