Create an Inbound NSG rule and propogate to all NSG

Question

Create an Inbound NSG rule and propogate to all NSG

Anonymous

Hi There
We have a requirement were we need to create an ALLOW rule in NSG and have the same rule applied to all NSG within a subscription, Is this possible at all? I have tried various methods to no avail. Just wondering if anyone else has come across a similar situation.

Thank you in advance.

Regards
Parul

Accepted answer

8 additional answers

Your answer

Answer 1

Hi @Anonymous ,

this script is working here with the two NSGs (testNSG1 and testNSG2):

$NSGs = "testNSG1", "testNSG2"  
$Params = @{  
  'Name'                     = 'Allow_NessusScanner_IN'  
  'Protocol'                 = '*'  
  'Direction'                = 'Inbound'  
  'Priority'                 = 2970  
  'SourceAddressPrefix'      = '10.96.2.69'  
  'SourcePortRange'          = '1234'  
  'DestinationAddressPrefix' = 'VirtualNetwork'  
  'DestinationPortRange'     = '*'  
  'Access'                   = 'Allow'  
}  
foreach ($NSG in $NSGs) {  
  Get-AzNetworkSecurityGroup -Name $NSG | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup  
}

The result looks like this:

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

Anonymous

Thaks @Andreas Baumgarten will try now cheers

Answer 3

Anonymous

Hi @Andreas Baumgarten
Just tried your script, no errors however nothing happened, the rule did not get created at all.
Any other ideas?
Cheers
Parul

Andreas Baumgarten 123.9K Reputation points MVP Volunteer Moderator

2023-01-06T00:12:19.86+00:00

Hi @Anonymous ,

sometimes it needs a "few seconds" until the new rule is listed in the Azure Portal even if you refresh the list.

Here the script works with my 2 test-NSGs.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Anonymous

2023-01-06T00:57:33.623+00:00

@Andreas Baumgarten Just checked again and nothing
this is my exact script which i am running, do you see anything wrong here?
Connect-AzAccount
$NSGs = Get-AzNetworkSecurityGroup
$Params = @{
'Name' = 'Allow_NessusScanner_IN'
'Protocol' = ''
'Direction' = 'Inbound'
'Priority' = 2970
'SourceAddressPrefix' = '10.96.2.69'
'SourcePortRange' = ''
'DestinationAddressPrefix' = 'VirtualNetwork'
'DestinationPortRange' = '*'
'Access' = 'Allow'
}
foreach ($NSG in $NSGs) {
Get-AzNetworkSecurityGroup -Name $NSG | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup
}
Anonymous

2023-01-06T01:03:37.12+00:00

Hi @Andreas Baumgarten Just tried again and cannot see anything
below is the exact script i am running, do you see anything wrong here?
Connect-AzAccount
$NSGs = Get-AzNetworkSecurityGroup
$Params = @{
'Name' = 'Allow_NessusScanner_IN'
'Protocol' = ''
'Direction' = 'Inbound'
'Priority' = 2970
'SourceAddressPrefix' = '10.96.2.69'
'SourcePortRange' = ''
'DestinationAddressPrefix' = 'VirtualNetwork'
'DestinationPortRange' = '*'
'Access' = 'Allow'
}
foreach ($NSG in $NSGs) {
Get-AzNetworkSecurityGroup -Name $NSG | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup
}
Andreas Baumgarten 123.9K Reputation points MVP Volunteer Moderator

2023-01-06T01:05:53.077+00:00

Hi @Anonymous ,

first of all ....

Could you please use the Code Sample option of the editor to post scripts (the icon with the 101010). The Q&A editor sometimes removes characters in scripts if you post the code in the "normal" editor.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Andreas Baumgarten 123.9K Reputation points MVP Volunteer Moderator

2023-01-06T01:11:22.93+00:00

Hi @Anonymous ,

please use the Code Sample (Ctrl +K) to post your code.

'Protocol' = '' is empty
'SourcePortRange' = '' is empty

Both parameters require a value.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Anonymous

2023-01-06T01:12:05+00:00

Hi @Andreas Baumgarten
it works now a small change i did and it worked per below highlighted in yellow

Many thanks for your guidance and help. i really appreciate it

Best Regards

Parul

Answer 4

Anonymous

@Andreas Baumgarten Thanks will wait 30 Mins odd to see if it applies, will keep you posted, I appreciate your help.

Answer 5

Connect-AzAccount  
$NSGs = Get-AzNetworkSecurityGroup  
 $Params = @{  
   'Name' = 'Allow_NessusScanner_IN'  
   'Protocol' = '*'  
   'Direction' = 'Inbound'  
   'Priority' = 2970  
   'SourceAddressPrefix' = '10.96.2.69'  
   'SourcePortRange' = '*'  
   'DestinationAddressPrefix' = 'VirtualNetwork'  
   'DestinationPortRange' = '*'  
   'Access' = 'Allow'  
   }  
   foreach ($NSG in $NSGs) {  
     Get-AzNetworkSecurityGroup -Name $NSG.Name | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup  
   }

Thanks @Andreas Baumgarten it works now, thank you for your help and guidance.

Share via

Create an Inbound NSG rule and propogate to all NSG

8 additional answers

Your answer