Allow and deny Azure Firewall Rule on a specific VM using powershell

Question

Allow and deny Azure Firewall Rule on a specific VM using powershell

Geraldo Peralta 86

Hello, people. I have a Azure VM called VM1 and it is associated to a NSG. I want to automatically (using a runbook with powershell script or something else that helps) allow a inbound rule in a specific time range each day. Then deny that inbound rule after the time is over. Thanks in advanced. Regards,

ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator

2023-04-12T01:33:12.8166667+00:00

@Geraldo Peralta If I understood the question correctly, you wish to add a NSG inbound rule for your VM and not a Azure Firewall rule. Can you please confirm my understanding here? so that I can provide a solution accordingly. Thank you!
Geraldo Peralta 86 Reputation points

2023-04-12T02:10:19.49+00:00

Thanks for your follow up. The rule is already created. I just need to enable/disabled it with using powershell or any other language. Then schedule it. Regards,

Accepted answer

0 additional answers

Your answer

ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator

2023-04-12T01:33:12.8166667+00:00

@Geraldo Peralta If I understood the question correctly, you wish to add a NSG inbound rule for your VM and not a Azure Firewall rule. Can you please confirm my understanding here? so that I can provide a solution accordingly. Thank you!
Geraldo Peralta 86 Reputation points

2023-04-12T02:10:19.49+00:00

Thanks for your follow up. The rule is already created. I just need to enable/disabled it with using powershell or any other language. Then schedule it. Regards,

Answer 1

Hi, You can try this script:

# Import the AzureRM module
Import-Module AzureRM

# Authenticate to your Azure account
$connection = Get-AutomationConnection -Name 'AzureRunAsConnection'
Connect-AzureRmAccount -ServicePrincipal -TenantId $connection.TenantId `
    -ApplicationId $connection.ApplicationId -CertificateThumbprint $connection.CertificateThumbprint

# Get the VM and NSG details
$vmName = 'VM1'
$resourceGroupName = 'YourResourceGroupName'
$nsgName = 'YourNSGName'

# Get the current time
$currentTime = Get-Date

# Define the time range for allowing the inbound rule
$allowStartTime = Get-Date -Year $currentTime.Year -Month $currentTime.Month -Day $currentTime.Day `
    -Hour 9 -Minute 0 -Second 0  # Change to the desired start time
$allowEndTime = Get-Date -Year $currentTime.Year -Month $currentTime.Month -Day $currentTime.Day `
    -Hour 17 -Minute 0 -Second 0  # Change to the desired end time

# Check if the current time is within the time range for allowing the inbound rule
if ($currentTime -ge $allowStartTime -and $currentTime -lt $allowEndTime) {
    # Allow the inbound rule in the NSG
    $nsg = Get-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Name $nsgName
    $ruleName = 'AllowInboundRule'  # Change to the desired rule name
    $rule = Get-AzureRmNetworkSecurityRuleConfig -Name $ruleName -Access Allow -Direction Inbound `
        -Priority 100 -SourceAddressPrefix '*' -SourcePortRange '*' -DestinationAddressPrefix '*' `
        -DestinationPortRange '*' -Protocol '*'  # Change to the desired rule configuration
    $nsg | Set-AzureRmNetworkSecurityRuleConfig -NetworkSecurityRule $rule | Set-AzureRmNetworkSecurityGroup

    Write-Output 'Inbound rule has been allowed.'
} else {
    # Deny the inbound rule in the NSG
    $nsg = Get-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Name $nsgName
    $ruleName = 'AllowInboundRule'  # Change to the desired rule name
    $nsg | Remove-AzureRmNetworkSecurityRuleConfig -Name $ruleName | Set-AzureRmNetworkSecurityGroup

    Write-Output 'Inbound rule has been denied.'
}

Geraldo Peralta 86 Reputation points

2023-04-18T19:29:13.5333333+00:00

Thanks for you help, msrini-MSFT.

Share via

Allow and deny Azure Firewall Rule on a specific VM using powershell

0 additional answers

Your answer