Hi, Yes you can leverage Azure Powershell or CLI or REST APIs to create a script where you can input the source ip, destination IP, source port, destination ports from Excel and create new rules for a NSG
Is there a way to make a large-scale NSG rule using Excel?
안 남기
181
Reputation points
Is there a way to make a large-scale NSG rule using Excel?
2 answers
Sort by: Most helpful
-
msrini-MSFT 9,251 Reputation points Microsoft Employee
2023-01-20T12:22:20.19+00:00 -
Andreas Baumgarten 94,196 Reputation points MVP
2023-01-20T18:38:36.46+00:00 @안 남기 ,
it's easy to accomplish with a CSV file and a PowerShell script (Az module required).
Create a CSV file, for instance
nsg_Rules.csv
. Content should look like this:Name,Protocol,Direction,Priority,SourceAddressPrefix,SourcePortRange,DestinationAddressPrefix,DestinationPortRange,Access Rule1,TCP,Inbound,100,*,*,*,80,Allow Rule2,TCP,Inbound,110,10.0.0.0/24,*,*,4711,Allow Rule3,TCP,Outbound,110,10.0.0.0/24,*,*,4711,Allow
The following PowerShell script will read the CSV file and creates a NSG rule per line:
$NSG = "testNSG1" $rules = Import-Csv -Path .\Junk\nsg_Rules.csv $nsgObj = Get-AzNetworkSecurityGroup -Name $NSG foreach ($rule in $rules) { $Params = @{ 'Name' = $rule.Name 'Protocol' = $rule.Protocol 'Direction' = $rule.Direction 'Priority' = $rule.Priority 'SourceAddressPrefix' = $rule.SourceAddressPrefix 'SourcePortRange' = $rule.SourcePortRange 'DestinationAddressPrefix' = $rule.DestinationAddressPrefix 'DestinationPortRange' = $rule.DestinationPortRange 'Access' = $rule.Access } $nsgObj | Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup }
Please make sure the Rule Name must be unique per NSG and the Priority must be unique per Direction (Inbound or Outbound).
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten