VBStarr
Reputation: 686
Azure updating multiple NSG rules with powershell
I'd like to update multiple NSG rules at once, based on a changing IP address list. For example, I'd like to update rules named ftp,ssh,https (and several others). Here is what I have so far:
$ips = @("10.1.1.2", "10.1.1.3", "192.168.0.0/16")
$nsgName = "Dev1-nsg"
$resourceGroupName = "myResourceGrp1"
$nsg = Get-AzNetworkSecurityGroup -Name $nsgName -ResourceGroupName $resourceGroupName
Set-AzNetworkSecurityRuleConfig -Name "ftp" -NetworkSecurityGroup $nsg -SourceAddressPrefix $ips
Set-AzNetworkSecurityRuleConfig -Name "ssh" -NetworkSecurityGroup $nsg -SourceAddressPrefix $ips
Set-AzNetworkSecurityRuleConfig -Name "https" -NetworkSecurityGroup $nsg -SourceAddressPrefix $ips
Get-AzNetworkSecurityRuleConfig -Name "ftp" -NetworkSecurityGroup $nsg
Get-AzNetworkSecurityRuleConfig -Name "ssh" -NetworkSecurityGroup $nsg
Get-AzNetworkSecurityRuleConfig -Name "https" -NetworkSecurityGroup $nsg
My issues:
- When I run the above in Powershell, all seems fine, but when I go to the Azure nsg portal and refresh, the rules appear unchanged
- If I'm updating many rules (say 15), what's the best way to loop through a list of rule names to update each with the IP list?
Upvotes: 1
Views: 3630
Answers (1)
Nancy Xiong
Reputation: 28204
We could not update the NSG rules in Azure but need to modify the local PowerShell scripts then push the change to Azure, refer to this answer.
To loop through a list of rule names to update each of the IP lists, you can do it like this.
$ips = @("10.1.1.2", "10.1.1.3", "192.168.0.0/16") $nsgName = "ubun-a-nsg" $resourceGroupName = "nancy" $rule_names = @("NRMS-Rule-103","NRMS-Rule-104","NRMS-Rule-105") foreach($rule_name in $rule_names) { $nsg = Get-AzNetworkSecurityGroup -Name $nsgName -ResourceGroupName $resourceGroupName $rule= $nsg | Get-AzNetworkSecurityRuleConfig -Name $rule_name Set-AzNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg ` -Name $rule_name ` -Access $rule.Access ` -Protocol $rule.Protocol ` -Direction $rule.Direction ` -Priority $rule.Priority ` -SourceAddressPrefix $ips ` -SourcePortRange $rule.SourcePortRange ` -DestinationAddressPrefix $rule.DestinationAddressPrefix ` -DestinationPortRange $rule.DestinationPortRange ` -Description $rule.Description $nsg | Set-AzNetworkSecurityGroup }
Test Result:
Upvotes: 3
Related Questions
- Automate NSG rule creation for NSGs within azure: Type error from Get-AzNetworkSecurityGroup
- Update Azure Policy definition of allowedvalues using cli/powershell modules
- How can I provide multiple IPs in a single rule using AzureRm PowerShell?
- Unable to update Azure Network Security Group using az cli
- Add multiple CIDR to SourceAddressPrefix using powershell to Azure NSG rule
- Azure Powershell not creating NSG rules with multiple ports
- AZURE: Change the PRIORITY Rule configuration in a network security group via PowerShell
- updating NSG Rule via powershell doesnt work
- Can't delete NSG rule through powershell
- Mass creation of Azure NSG rules