Share via

NSG creation using Powershell

WinTechie 286 Reputation points
2023-10-31T18:53:45.1366667+00:00

Hi

I have been working on creating NSG using powershell.

I am using New-AzNetworkSecurityRuleConfig to define rule parameters and then using it in New-AzNetworkSecurityGroup to create NSG

However, defining CIDR values for "SourceAddressPrefix" in a powershell variable giving me "Invalid address prefix"

It looks like it is not expecting string value, I tried using different ways like

$saddressprefix = "10.10.10.1/29"

$saddressprefix = @("10.10.10.1/29")

[String[]]$saddressprefix = "10.10.10.1/29" and using it $saddressprefix[0] in the rule config

But none of them work and it fails with invalid address prefix error.

Although defining static CIDR value in rule config does work fine but I want to use variable for more flexibility

Looking for some assistance on this.

PS: defining $saddressprefix = 10.10.10.1/29 stores 0 value in the variable

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,762 questions
Windows for business | Windows Server | User experience | PowerShell
Accepted answer
  1. Dillon Silzer 57,826 Reputation points Volunteer Moderator
    2023-11-01T16:09:19.64+00:00

    Hello WinTechie,

    You need to be utilizing the proper CIDR structure:

    $sap = @("10.10.10.0/29")
$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix $sap -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName "cloudaen-test" -Location "eastus" -Name "nsg" -SecurityRules $rule1

    Note that I used 10.10.10.0/29 when setting up the $sap variable. I'd recommend replacing "cloudaen-test" with your RG name.

    Hope this helps.

    How to (for future use):

    Azure NSG Creation Error - Invalid Address Prefix - PowerShell

    https://www.cloudaen.com/blogs/view/nsg_creation_error

    If this is helpful please accept answer.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2023-10-31T19:17:09.4833333+00:00

    Hi @WinTechie ,

    I'm not sure what you want to achieve. In my opinion 10.10.10.1 is a host IP (the first one) in the 10.10.10.0/29 network.

    How did you define the virtual network and the related subnet(s)?

    If you want to define one host as SourceAddressPrefix than it should be 10.10.10.1/32.

    If you want to define a n address range than it should be 10.10.10.0/29

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.