| Name | Data Type | Qualifiers |
| Name | Data Type | Value | Scope | Flavors |
| Granularity | uint16 |
| Description | string | Granularity controls whether proposed selectors for an SA should be:
- the subnet mask (Subnet)
- the IP address (Address)
- the IP address & the IP protocol (Protocol)
- the IP address, the IP protocol & the layer 4 port (Port)
as derived from the traffic that triggered the FilterList of the Condition(s) that matched the rule. | None | TRANSLATABLE= true |
| ValueMap | string | 1, 2, 3, 4 | None | None |
| Values | string | Subnet, Address, Protocol, Port | None | TRANSLATABLE= true |
| GroupId | uint16 |
| Description | string | GroupId specifies the PFS group ID to use. This value is only used if PFS is True and UseIKEGroup is False. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412 are:
0='Not Applicable', 1='DH768', 2='DH1024', 3='ECC2N155', 4='ECC2N185', and 5='DH1536' | None | TRANSLATABLE= true |
| ModelCorrespondence | string | CIM_IPsecAction.VendorID | None | None |
| UseIKEGroup | boolean |
| Description | string | UseIKEGroup indicates that the phase 2 GroupId should be the same as that used in the phase 1 protecting this phase 2 exchange. IF PFS is False, UseIKEGroup is ignored. | None | TRANSLATABLE= true |
| UsePFS | boolean |
| Description | string | UsePFS indicates whether perfect forward secrecy is required when refreshing keys. | None | TRANSLATABLE= true |
| VendorID | string |
| Description | string | The VendorID property is used to identify vendor-defined key exchange GroupIDs. | None | TRANSLATABLE= true |
| ModelCorrespondence | string | CIM_IPsecAction.GroupId | None | None |