Share via

Add Security Rules to Multiple NSG at Once using PowerShell

Dhanalakshmi 20 Reputation points
2023-09-18T17:52:53.1533333+00:00

Is there any PowerShell script to add Security Rules to Multiple NSG at Once

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,509 questions
0 comments
Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2023-09-20T22:15:38.6533333+00:00

    @Dhanalakshmi

    Thank you for reaching out.

    I understand you want to add Security Rules to Multiple NSG at Once using PowerShell.

    I have modified the script above and was successfully able to run it at my end. Please find the modified script below.

    Please do not forget to add your NSG Names, Subscription ID and resource group name in the script below.

    # Define the list of NSG names you want to update
$NSGNames = @("EnterNSG1", "EnterNSG2", "EnterNSG3")
Connect-AzAccount
Set-AzContext -Subscription "EnteryourSubscriptionID"
# Define the security rule parameters
$RuleName = "Allow-Example-Rule"
$Priority = 100
$SourceAddressPrefix = "Internet"
$SourcePortRange = "*"
$DestinationAddressPrefix = "*"
$DestinationPortRange = "443"
$Protocol = "Tcp"
$Action = "Allow"
$Direction = "Inbound"

# Loop through each NSG and add the security rule
foreach ($NSGName in $NSGNames) {
    # Get the NSG
    $NSG = Get-AzNetworkSecurityGroup -ResourceGroupName YourResourceGroup -Name $NSGName

    # Add the security rule
    $NSG | Add-AzNetworkSecurityRuleConfig `
        -Name $RuleName `
        -Priority $Priority `
        -SourceAddressPrefix $SourceAddressPrefix `
        -SourcePortRange $SourcePortRange `
        -DestinationAddressPrefix $DestinationAddressPrefix `
        -DestinationPortRange $DestinationPortRange `
        -Protocol $Protocol `
        -Access $Action `
        -Direction $Direction

    # Update the NSG
   Set-AzNetworkSecurityGroup -NetworkSecurityGroup $NSG
}

    I was able to execute the script successfully at my end and add the Allow-Example-Rule as shown below.

    User's image

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ---------------------------​​

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vahid Ghafarpour 21,725 Reputation points
    2023-09-18T18:11:39.2233333+00:00

    I hope this template can help you:

    # Define the list of NSG names you want to update
$NSGNames = @("NSG1", "NSG2", "NSG3")

# Define the security rule parameters
$RuleName = "Allow-Example-Rule"
$Priority = 100
$SourceAddressPrefix = "Internet"
$SourcePortRange = "*"
$DestinationAddressPrefix = "*"
$DestinationPortRange = "80"
$Protocol = "Tcp"
$Action = "Allow"

# Loop through each NSG and add the security rule
foreach ($NSGName in $NSGNames) {
    # Get the NSG
    $NSG = Get-AzNetworkSecurityGroup -ResourceGroupName YourResourceGroup -Name $NSGName

    # Create the security rule
    $SecurityRule = New-AzNetworkSecurityRuleConfig `
        -Name $RuleName `
        -Priority $Priority `
        -SourceAddressPrefix $SourceAddressPrefix `
        -SourcePortRange $SourcePortRange `
        -DestinationAddressPrefix $DestinationAddressPrefix `
        -DestinationPortRange $DestinationPortRange `
        -Protocol $Protocol `
        -Access $Action

    # Add the security rule to the NSG
    $NSG | Add-AzNetworkSecurityRuleConfig -NetworkSecurityRule $SecurityRule

    # Update the NSG
    $NSG | Set-AzNetworkSecurityGroup
}
  2. msrini-MSFT 9,286 Reputation points Microsoft Employee
    2023-09-19T03:00:33.3433333+00:00

    Hi,

    I tried to fix the error in the above mentioned PS script:

    # Define the list of NSG names you want to update
$NSGNames = @("NSG1", "NSG2", "NSG3")

# Define the security rule parameters
$RuleName = "Allow-Example-Rule"
$Priority = 100
$SourceAddressPrefix = "Internet"
$SourcePortRange = "*"
$DestinationAddressPrefix = "*"
$DestinationPortRange = "80"
$Protocol = "Tcp"
$Action = "Allow"

# Loop through each NSG and add the security rule
foreach ($NSGName in $NSGNames) {
    # Get the NSG
    $NSG = Get-AzNetworkSecurityGroup -ResourceGroupName YourResourceGroup -Name $NSGName

    # Create the security rule
    $SecurityRule = New-AzNetworkSecurityRuleConfig `
        -Name $RuleName `
        -Priority $Priority `
        -SourceAddressPrefix $SourceAddressPrefix `
        -SourcePortRange $SourcePortRange `
        -DestinationAddressPrefix $DestinationAddressPrefix `
        -DestinationPortRange $DestinationPortRange `
        -Protocol $Protocol `
        -Access $Action

    # Add the security rule to the NSG
    $NSG | Add-AzNetworkSecurityRuleConfig -Name $NSGName -NetworkSecurityGroup $SecurityRule

    # Update the NSG
   Set-AzNetworkSecurityGroup -NetworkSecurityGroup $NSG
}

Regards, 
Karthik Srinivas

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.