Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Configure Network Security Groups in ARM with PowerShell.
August 13, 2016
Q. How do I manage ARM Network Security Groups with PowerShell?
A. Below is example PowerShell I have commented that walks through the various actions of managing Network Security Groups in ARM with PowerShell.
#Set variables for the Resource Group and the location$RGName = 'RG-SCUSA'$Location = 'South Central US'#Create a new rule to allow traffic from the Internet to port 443$NSGRule1 = New-AzureRmNetworkSecurityRuleConfig -Name 'WEB' -Direction Inbound -Priority 100 ` -Access Allow -SourceAddressPrefix 'INTERNET' -SourcePortRange '*' ` -DestinationAddressPrefix '*' -DestinationPortRange '443' -Protocol TCP$Create a new NSG using the Rule createdNew-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -Location $Location -ResourceGroupName $RGName ` -SecurityRules $NSGRule1 #could use array of rules or separate by comma, e.g. $Rule1, $Rule2$NSG = Get-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName#Add rule to existing to allow RDP Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $NSG -Name 'RDP' -Direction Inbound -Priority 101 ` -Access Allow -SourceAddressPrefix 'INTERNET' -SourcePortRange '*' ` -DestinationAddressPrefix '*' -DestinationPortRange '3389' -Protocol TCPSet-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG #Apply the change to the in memory object#Remove a ruleGet-AzurermNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName | Remove-AzureRmNetworkSecurityRuleConfig -Name 'RDP' | Set-AzureRmNetworkSecurityGroup#NSG must be same region as the resource#Associate a NSG to a Virtual machine NIC$NICName = 'dummyvm292'$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $RGname$NIC.NetworkSecurityGroup = $NSGSet-AzureRmNetworkInterface -NetworkInterface $NIC#Remove a NSG from a VM NIC$NIC.NetworkSecurityGroup = $nullSet-AzureRmNetworkInterface -NetworkInterface $NIC#Associate a NSG to a subnet$VNetName = 'vnetRG-SCUSA'$VNetRG = 'RG-SCUSA'$SubnetNm = 'Subnet2'$VNET = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRGSet-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $VNET -Name $SubnetNm ` -AddressPrefix 10.0.1.0/24 -NetworkSecurityGroup $NSGSet-AzureRmVirtualNetwork -VirtualNetwork $VNET#Remove a NSG from the subnet$VNET = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG$VNSubnet = Get-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $VNET -Name $SubnetNm$VNSubnet.NetworkSecurityGroup = $nullSet-AzureRmVirtualNetwork -VirtualNetwork $VNET#Delete a NSGRemove-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName
You May Also Like