az network nsg
Manage Azure Network Security Groups (NSGs).
You can control network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols. For more information visit https://docs.microsoft.com/azure/virtual-network/virtual-networks-create-nsg-arm-cli.
Commands
Name | Description | Type | Status |
---|---|---|---|
az network nsg create |
Create a network security group. |
Core | GA |
az network nsg delete |
Delete a network security group. |
Core | GA |
az network nsg list |
List network security groups. |
Core | GA |
az network nsg rule |
Manage network security group rules. |
Core | GA |
az network nsg rule create |
Create a network security group rule. |
Core | GA |
az network nsg rule delete |
Delete a network security group rule. |
Core | GA |
az network nsg rule list |
List all rules in a network security group. |
Core | GA |
az network nsg rule show |
Get the details of a network security group rule. |
Core | GA |
az network nsg rule update |
Update a network security group rule. |
Core | GA |
az network nsg rule wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network nsg show |
Get information about a network security group. |
Core | GA |
az network nsg update |
Update a network security group. |
Core | GA |
az network nsg wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network nsg create
Create a network security group.
az network nsg create --name
--resource-group
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--tags]
Examples
Create an NSG in a resource group within a region with tags.
az network nsg create -g MyResourceGroup -n MyNsg --tags foo=bar
Required Parameters
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Location. Values from: az account list-locations
. You can configure the default location using az configure --defaults location=<location>
.
Do not wait for the long-running operation to finish.
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg delete
Delete a network security group.
az network nsg delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
Examples
Delete an NSG in a resource group.
az network nsg delete -g MyResourceGroup -n MyNsg
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the network security group.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg list
List network security groups.
az network nsg list [--resource-group]
Examples
List all NSGs in the 'westus' region.
az network nsg list --query "[?location=='westus']"
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg show
Get information about a network security group.
az network nsg show [--expand]
[--ids]
[--name]
[--resource-group]
[--subscription]
Examples
Get basic information about an NSG.
az network nsg show -g MyResourceGroup -n MyNsg
Get the default security rules of an NSG and format the output as a table.
az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[]" -o table
Get all default NSG rules with "Allow" access and format the output as a table.
az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[?access=='Allow']" -o table
Optional Parameters
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg update
Update a network security group.
This command can only be used to update the tags of an NSG. Name and resource group are immutable and cannot be updated.
az network nsg update [--add]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--location]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]
Examples
Remove a tag of an NSG.
az network nsg update -g MyResourceGroup -n MyNsg --remove tags.no_80
Update a network security group. (autogenerated)
az network nsg update --name MyNsg --resource-group MyResourceGroup --set tags.CostCenter=MyBusinessGroup
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Location. Values from: az account list-locations
. You can configure the default location using az configure --defaults location=<location>
.
Name of the network security group.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg wait
Place the CLI in a waiting state until a condition is met.
az network nsg wait [--created]
[--custom]
[--deleted]
[--exists]
[--expand]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI