Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
338 lines (267 sloc) 8.7 KB
external help file Module Name ms.assetid online version schema
Microsoft.Azure.PowerShell.Cmdlets.Network.dll-Help.xml
Az.Network
633FB5C9-BEB3-42A3-AF4F-A54CC3F9E0F7
2.0.0

New-AzNetworkSecurityRuleConfig

SYNOPSIS

Creates a network security rule configuration.

SYNTAX

SetByResource (Default)

New-AzNetworkSecurityRuleConfig -Name <String> [-Description <String>] [-Protocol <String>]
 [-SourcePortRange <String[]>] [-DestinationPortRange <String[]>] [-SourceAddressPrefix <String[]>]
 [-DestinationAddressPrefix <String[]>] [-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
 [-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>] [-Access <String>] [-Priority <Int32>]
 [-Direction <String>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]

SetByResourceId

New-AzNetworkSecurityRuleConfig -Name <String> [-Description <String>] [-Protocol <String>]
 [-SourcePortRange <String[]>] [-DestinationPortRange <String[]>] [-SourceAddressPrefix <String[]>]
 [-DestinationAddressPrefix <String[]>] [-SourceApplicationSecurityGroupId <String[]>]
 [-DestinationApplicationSecurityGroupId <String[]>] [-Access <String>] [-Priority <Int32>]
 [-Direction <String>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]

DESCRIPTION

The New-AzNetworkSecurityRuleConfig cmdlet creates an Azure network security rule configuration for a network security group.

EXAMPLES

1: Create a network security rule to allow RDP

$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" 
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix 
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

This command creates a security rule allowing access from the Internet to port 3389

2: Create a network security rule that allows HTTP

$rule2 = New-AzNetworkSecurityRuleConfig -Name web-rule -Description "Allow HTTP" 
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix 
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80

This command creates a security rule allowing access from the Internet to port 80

PARAMETERS

-Access

Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.

Type: System.String
Parameter Sets: (All)
Aliases:
Accepted values: Allow, Deny

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

Specifies a description of the network security rule configuration to create.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DestinationAddressPrefix

Specifies a destination address prefix. The acceptable values for this parameter are:

  • A Classless Interdomain Routing (CIDR) address
  • A destination IP address range
  • A wildcard character (*) to match any IP address You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Type: System.String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DestinationApplicationSecurityGroup

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type: Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup[]
Parameter Sets: SetByResource
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DestinationApplicationSecurityGroupId

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type: System.String[]
Parameter Sets: SetByResourceId
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DestinationPortRange

Specifies a destination port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port
Type: System.String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Direction

Specifies whether a rule is evaluated on incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.

Type: System.String
Parameter Sets: (All)
Aliases:
Accepted values: Inbound, Outbound

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Name

Specifies the name of the network security rule configuration that this cmdlet creates.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Priority

Specifies the priority of a rule configuration. The acceptable values for this parameter are: An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Type: System.Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Protocol

Specifies the network protocol that a new rule configuration applies to. The acceptable values for this parameter are:

  • Tcp
  • Udp
  • wildcard character (*) to match both.
Type: System.String
Parameter Sets: (All)
Aliases:
Accepted values: Tcp, Udp, *

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SourceAddressPrefix

Specifies a source address prefix. The acceptable values for this parameter are:

  • A CIDR
  • A source IP range
  • A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Type: System.String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SourceApplicationSecurityGroup

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type: Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup[]
Parameter Sets: SetByResource
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SourceApplicationSecurityGroupId

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type: System.String[]
Parameter Sets: SetByResourceId
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SourcePortRange

Specifies the source port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port
Type: System.String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

None

OUTPUTS

Microsoft.Azure.Commands.Network.Models.PSSecurityRule

NOTES

RELATED LINKS

Add-AzNetworkSecurityRuleConfig

Get-AzNetworkSecurityRuleConfig

Remove-AzNetworkSecurityRuleConfig

Set-AzNetworkSecurityRuleConfig

You can’t perform that action at this time.