From cda5ec2cf3e9e79160db089b9a19bcacb7691225 Mon Sep 17 00:00:00 2001
From: Dallas Brooks <47010213+dallasbrooks@users.noreply.github.com>
Date: Wed, 5 Nov 2025 11:10:57 -0800
Subject: [PATCH 1/3] Document TunnelType parameter for New-NetIPsecRule

Added TunnelType parameter to New-NetIPsecRule documentation.
---
 .../NetSecurity/New-NetIPsecRule.md           | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
index 05ff0d65c8..ccbdfc4523 100644
--- a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
+++ b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
@@ -19,7 +19,7 @@ Creates an IPsec rule that defines security requirements for network connections
 New-NetIPsecRule [-PolicyStore <String>] [-GPOSession <String>] [-IPsecRuleName <String>] -DisplayName <String>
  [-Description <String>] [-Group <String>] [-Enabled <Enabled>] [-Profile <Profile>] [-Platform <String[]>]
  [-Mode <IPsecMode>] [-InboundSecurity <SecurityPolicy>] [-OutboundSecurity <SecurityPolicy>]
- [-QuickModeCryptoSet <String>] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-KeyModule <KeyModule>]
+ [-QuickModeCryptoSet <String>] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-KeyModule <KeyModule>] [-TunnelType <TunnelType>]
  [-AllowWatchKey <Boolean>] [-AllowSetKey <Boolean>] [-LocalTunnelEndpoint <String[]>]
  [-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-ForwardPathLifetime <UInt32>]
  [-EncryptedTunnelBypass <Boolean>] [-RequireAuthorization <Boolean>] [-User <String>] [-Machine <String>]
@@ -445,6 +445,28 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -TunnelType
+Specifies that matching IPsec rules of the indicated tunnel type are created.
+This parameter specifies which tunnel type to negotiate.
+The acceptable value for this parameter is: PointToSite.
+
+- PointToSite: Indicates that the IPsec rule applies only to point-to-site tunnels, typically used for connecting an individual client to a network.
+
+The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 do not support explicit tunnel type configuration.
+
+```yaml
+Type: TunnelType
+Parameter Sets: (All)
+Aliases:
+Accepted values: PointToSite
+
+Required: False
+Position: Named
+Default value: PointToSite
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -LocalAddress
 Specifies that network packets with matching IP addresses match this rule.
 This parameter value is the first end point of an IPsec rule and specifies the computers that are subject to the requirements of this rule.

From 1157849b0252396d6fea54912092b6060afb49e3 Mon Sep 17 00:00:00 2001
From: Dallas Brooks <47010213+dallasbrooks@users.noreply.github.com>
Date: Wed, 26 Nov 2025 08:10:03 -0800
Subject: [PATCH 2/3] Update
 docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md

Co-authored-by: dknappettmsft <49432665+dknappettmsft@users.noreply.github.com>
---
 docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
index ccbdfc4523..dfb1f9d886 100644
--- a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
+++ b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
@@ -452,7 +452,7 @@ The acceptable value for this parameter is: PointToSite.
 
 - PointToSite: Indicates that the IPsec rule applies only to point-to-site tunnels, typically used for connecting an individual client to a network.
 
-The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 do not support explicit tunnel type configuration.
+The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 don't support explicit tunnel type configuration.
 
 ```yaml
 Type: TunnelType

From fd0cfcc8b28f1a8100473390eca9bdcbb7090e71 Mon Sep 17 00:00:00 2001
From: Dallas Brooks <47010213+dallasbrooks@users.noreply.github.com>
Date: Wed, 26 Nov 2025 08:11:58 -0800
Subject: [PATCH 3/3] Reorganize TunnelType section in documentation

---
 .../NetSecurity/New-NetIPsecRule.md           | 41 +++++++++----------
 1 file changed, 19 insertions(+), 22 deletions(-)

diff --git a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
index dfb1f9d886..ac9aa34dff 100644
--- a/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
+++ b/docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
@@ -445,28 +445,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -TunnelType
-Specifies that matching IPsec rules of the indicated tunnel type are created.
-This parameter specifies which tunnel type to negotiate.
-The acceptable value for this parameter is: PointToSite.
-
-- PointToSite: Indicates that the IPsec rule applies only to point-to-site tunnels, typically used for connecting an individual client to a network.
-
-The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 don't support explicit tunnel type configuration.
-
-```yaml
-Type: TunnelType
-Parameter Sets: (All)
-Aliases:
-Accepted values: PointToSite
-
-Required: False
-Position: Named
-Default value: PointToSite
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -LocalAddress
 Specifies that network packets with matching IP addresses match this rule.
 This parameter value is the first end point of an IPsec rule and specifies the computers that are subject to the requirements of this rule.
@@ -907,6 +885,25 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -TunnelType
+Specifies that matching IPsec rules of the indicated tunnel type are created.
+This parameter specifies which tunnel type to negotiate.
+The acceptable value for this parameter is: PointToSite.
+- PointToSite: Indicates that the IPsec rule applies only to point-to-site tunnels, typically used for connecting an individual client to a network.
+The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 do not support explicit tunnel type configuration.
+```yaml
+Type: TunnelType
+Parameter Sets: (All)
+Aliases:
+Accepted values: PointToSite
+
+Required: False
+Position: Named
+Default value: PointToSite
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -User
 Specifies that matching IPsec rules of the indicated user accounts are created.
 This parameter specifies that only network packets that are authenticated as incoming from or outgoing to a user identified in the list of user accounts match this rule.