Share via

Powershell Script update NSG Rules

Jeff Fazio 0 Reputation points
2023-08-17T02:27:36.9033333+00:00

Hi,

I have a powershell script that I created that will update NSG rules. The problem is I have to create a separate rule for each RG and NSG in every subscription and since we have hundreds of them it takes a lot of time and then also I have to keep track if one is added or deleted. Is there a way to just set the subscription and then apply the rule to every NSG that is within that subscription?

I have very basic knowledge of powershell but this is kind of what I have and I did this for every Resource group and NSG in every subscription.

$RGname="RGName"
$port= "*"
$rulename="Test"
$nsgname="NSGName"

# Get the NSG resource
$nsg = Get-AzNetworkSecurityGroup -Name $nsgname -ResourceGroupName $RGname

# Add the inbound security rule.
$nsg | Add-AzNetworkSecurityRuleConfig -Name $rulename -Description "NSG-Test" -Access Allow `
    -Protocol * -Direction Outbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * `
    -DestinationAddressPrefix "VirtualNetwork" -DestinationPortRange $port

# Update the NSG.
$nsg | Set-AzNetworkSecurityGroup
Windows for business Windows Server User experience PowerShell
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-08-17T13:07:47.6666667+00:00

    Hello there,

    Found this script online and might help you out.

    Specify your Azure resource details

    $subscriptionId = "your-subscription-id"

    $resourceGroupName = "your-resource-group-name"

    $nsgName = "your-nsg-name"

    Authenticate to Azure (if not already authenticated)

    Connect-AzAccount

    Get the NSG object

    $nsg = Get-AzNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Name $nsgName

    Define the updated rule parameters

    $ruleNameToUpdate = "rule-name-to-update"

    $newRulePriority = 110

    Find the rule to update

    $ruleToUpdate = $nsg.SecurityRules | Where-Object { $_.Name -eq $ruleNameToUpdate }

    Update the rule priority

    $ruleToUpdate.Priority = $newRulePriority

    Update the NSG with the modified rule

    $nsg | Set-AzNetworkSecurityGroup

    Print a message indicating the rule has been updated

    Write-Host "NSG rule '$ruleNameToUpdate' has been updated with new priority: $newRulePriority"

    Make sure to replace the placeholders (your-subscription-id, your-resource-group-name, your-nsg-name, rule-name-to-update, and 110) with your actual values.

    Before running the script, please ensure you have the Azure PowerShell module installed, and you've authenticated using Connect-AzAccount.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments
  2. Jeff Fazio 0 Reputation points
    2023-08-17T13:50:27.03+00:00

    Thanks for this. It actually helps with something else I was trying to figure out. The only thing with this one is I still will need to add each individual RG and NSG to the script

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.