Is there a way to make a large-scale NSG rule using Excel?

안 남기 181 Reputation points
2023-01-04T06:48:19.447+00:00

Is there a way to make a large-scale NSG rule using Excel?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,089 questions
{count} votes

2 answers

Sort by: Most helpful
  1. msrini-MSFT 9,251 Reputation points Microsoft Employee
    2023-01-20T12:22:20.19+00:00

    Hi, Yes you can leverage Azure Powershell or CLI or REST APIs to create a script where you can input the source ip, destination IP, source port, destination ports from Excel and create new rules for a NSG

    0 comments No comments

  2. Andreas Baumgarten 94,196 Reputation points MVP
    2023-01-20T18:38:36.46+00:00

    @안 남기 ,

    it's easy to accomplish with a CSV file and a PowerShell script (Az module required).

    Create a CSV file, for instance nsg_Rules.csv . Content should look like this:

    Name,Protocol,Direction,Priority,SourceAddressPrefix,SourcePortRange,DestinationAddressPrefix,DestinationPortRange,Access
    Rule1,TCP,Inbound,100,*,*,*,80,Allow
    Rule2,TCP,Inbound,110,10.0.0.0/24,*,*,4711,Allow
    Rule3,TCP,Outbound,110,10.0.0.0/24,*,*,4711,Allow
    

    The following PowerShell script will read the CSV file and creates a NSG rule per line:

    $NSG = "testNSG1"
    $rules = Import-Csv -Path .\Junk\nsg_Rules.csv
    $nsgObj = Get-AzNetworkSecurityGroup -Name $NSG
    foreach ($rule in $rules) {
      $Params = @{
        'Name'                     = $rule.Name
        'Protocol'                 = $rule.Protocol
        'Direction'                = $rule.Direction
        'Priority'                 = $rule.Priority
        'SourceAddressPrefix'      = $rule.SourceAddressPrefix
        'SourcePortRange'          = $rule.SourcePortRange
        'DestinationAddressPrefix' = $rule.DestinationAddressPrefix
        'DestinationPortRange'     = $rule.DestinationPortRange
        'Access'                   = $rule.Access
      }
      $nsgObj | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup
    }
    

    Please make sure the Rule Name must be unique per NSG and the Priority must be unique per Direction (Inbound or Outbound).


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten