Add-AzNetworkSecurityRuleConfig
Adds a network security rule configuration to a network security group.
Syntax
SetByResource (Default)
Add-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
SetByResourceId
Add-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroupId <String[]>]
[-DestinationApplicationSecurityGroupId <String[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Add-AzNetworkSecurityRuleConfig cmdlet adds a network security rule configuration to an Azure network security group.
Examples
Example 1: Adding a network security group
Get-AzNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access `
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet `
-SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 |
Set-AzNetworkSecurityGroup
The first command retrieves an Azure network security group named "nsg1" from resource group "rg1". The second command adds a network security rule named "rdp-rule" that allows traffic from internet on port 3389 to the retrieved network security group object. Persists the modified Azure network security group.
Example 2: Adding a new security rule with application security groups
$srcAsg = New-AzApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name srcAsg -Location "West US"
$destAsg = New-AzApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name destAsg -Location "West US"
Get-AzNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access `
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceApplicationSecurityGroup `
$srcAsg -SourcePortRange * -DestinationApplicationSecurityGroup $destAsg -DestinationPortRange 3389 |
Set-AzNetworkSecurityGroup
First, we create two new application security groups. Then, we retrieve an Azure network security group named "nsg1" from resource group "rg1". and add a network security rule named "rdp-rule" to it. The rule allows traffic from all the IP configurations in the application security group "srcAsg" to all the IP configurations in "destAsg" on port 3389. After adding the rule, we persist the modified Azure network security group.
Parameters
-Access
Specifies whether network traffic is allowed or denied.
The acceptable values for this parameter are: Allow and Deny.
Parameter properties
Type: String
Default value: None Accepted values: Allow, Deny Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
Specifies a description of a network security rule configuration.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DestinationAddressPrefix
Specifies a destination address prefix.
The acceptable values for this parameter are:
A Classless Interdomain Routing (CIDR) address
A destination IP address range
A wildcard character (*) to match any IP address.
You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DestinationApplicationSecurityGroup
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Parameter properties
Parameter sets
SetByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DestinationApplicationSecurityGroupId
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DestinationPortRange
Specifies a destination port or range.
The acceptable values for this parameter are:
An integer
A range of integers between 0 and 65535
A wildcard character (*) to match any port
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Direction
Specifies whether a rule is evaluated on incoming or outgoing traffic.
The acceptable values for this parameter are: Inbound and Outbound.
Parameter properties
Type: String
Default value: None Accepted values: Inbound, Outbound Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Specifies the name of a network security rule configuration.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NetworkSecurityGroup
Specifies a NetworkSecurityGroup object.
This cmdlet adds a network security rule configuration to the object that this parameter specifies.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-Priority
Specifies the priority of a rule configuration.
The acceptable values for this parameter are: An integer between 100 and 4096.
The priority number must be unique for each rule in the collection.
The lower the priority number, the higher the priority of the rule.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Protocol
Specifies the network protocol that a rule configuration applies to.
The acceptable values for this parameter are:
Tcp
Udp
Icmp
Esp
Ah
Wildcard character (*) to match all
Parameter properties
Type: String
Default value: None Accepted values: Tcp, Udp, Icmp, Esp, Ah, * Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SourceAddressPrefix
Specifies a source address prefix.
The acceptable values for this parameter are:
A CIDR
A source IP range
A wildcard character (*) to match any IP address.
You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SourceApplicationSecurityGroup
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Parameter properties
Parameter sets
SetByResource
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SourceApplicationSecurityGroupId
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SourcePortRange
Specifies a source port or range.
This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
