az network nsg

Manage Azure Network Security Groups (NSGs).

You can control network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols. For more information visit https://docs.microsoft.com/azure/virtual-network/virtual-networks-create-nsg-arm-cli.

Commands

Name	Description	Type	Status
az network nsg create	Create a network security group.	Core	GA
az network nsg delete	Delete a network security group.	Core	GA
az network nsg list	List network security groups.	Core	GA
az network nsg rule	Manage network security group rules.	Core	GA
az network nsg rule create	Create a network security group rule.	Core	GA
az network nsg rule delete	Delete a network security group rule.	Core	GA
az network nsg rule list	List all rules in a network security group.	Core	GA
az network nsg rule show	Get the details of a network security group rule.	Core	GA
az network nsg rule update	Update a network security group rule.	Core	GA
az network nsg rule wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az network nsg show	Get information about a network security group.	Core	GA
az network nsg update	Update a network security group.	Core	GA
az network nsg wait	Place the CLI in a waiting state until a condition is met.	Core	GA

az network nsg create

Create a network security group.

az network nsg create --name
                      --resource-group
                      [--location]
                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                      [--tags]

Examples

Create an NSG in a resource group within a region with tags.

az network nsg create -g MyResourceGroup -n MyNsg --tags foo=bar

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--tags

Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network nsg delete

Delete a network security group.

az network nsg delete [--ids]
                      [--name]
                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                      [--resource-group]
                      [--subscription]

Examples

Delete an NSG in a resource group.

az network nsg delete -g MyResourceGroup -n MyNsg

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the network security group.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network nsg list

List network security groups.

az network nsg list [--resource-group]

Examples

List all NSGs in the 'westus' region.

az network nsg list --query "[?location=='westus']"

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network nsg show

Get information about a network security group.

az network nsg show [--expand]
                    [--ids]
                    [--name]
                    [--resource-group]
                    [--subscription]

Examples

Get basic information about an NSG.

az network nsg show -g MyResourceGroup -n MyNsg

Get the default security rules of an NSG and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[]" -o table

Get all default NSG rules with "Allow" access and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[?access=='Allow']" -o table

Optional Parameters

--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network nsg update

Update a network security group.

This command can only be used to update the tags of an NSG. Name and resource group are immutable and cannot be updated.

az network nsg update [--add]
                      [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                      [--ids]
                      [--location]
                      [--name]
                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                      [--remove]
                      [--resource-group]
                      [--set]
                      [--subscription]
                      [--tags]

Examples

Remove a tag of an NSG.

az network nsg update -g MyResourceGroup -n MyNsg --remove tags.no_80

Update a network security group. (autogenerated)

az network nsg update --name MyNsg --resource-group MyResourceGroup --set tags.CostCenter=MyBusinessGroup

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

Name of the network security group.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network nsg wait

Place the CLI in a waiting state until a condition is met.

az network nsg wait [--created]
                    [--custom]
                    [--deleted]
                    [--exists]
                    [--expand]
                    [--ids]
                    [--interval]
                    [--name]
                    [--resource-group]
                    [--subscription]
                    [--timeout]
                    [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False

--exists

Wait until the resource exists.

default value: False

--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.