Edit

Share via


New-AzNetworkSecurityRuleConfig

Creates a network security rule configuration.

Syntax

SetByResource (Default)

New-AzNetworkSecurityRuleConfig
    -Name <String>
    [-Description <String>]
    [-Protocol <String>]
    [-SourcePortRange <String[]>]
    [-DestinationPortRange <String[]>]
    [-SourceAddressPrefix <String[]>]
    [-DestinationAddressPrefix <String[]>]
    [-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
    [-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
    [-Access <String>]
    [-Priority <Int32>]
    [-Direction <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

SetByResourceId

New-AzNetworkSecurityRuleConfig
    -Name <String>
    [-Description <String>]
    [-Protocol <String>]
    [-SourcePortRange <String[]>]
    [-DestinationPortRange <String[]>]
    [-SourceAddressPrefix <String[]>]
    [-DestinationAddressPrefix <String[]>]
    [-SourceApplicationSecurityGroupId <String[]>]
    [-DestinationApplicationSecurityGroupId <String[]>]
    [-Access <String>]
    [-Priority <Int32>]
    [-Direction <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

Description

The New-AzNetworkSecurityRuleConfig cmdlet creates an Azure network security rule configuration for a network security group.

Examples

Example 1: Create a network security rule to allow RDP

$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

This command creates a security rule allowing access from the Internet to port 3389

Example 2: Create a network security rule that allows HTTP

$rule2 = New-AzNetworkSecurityRuleConfig -Name web-rule -Description "Allow HTTP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80

This command creates a security rule allowing access from the Internet to port 80

Parameters

-Access

Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.

Parameter properties

Type:String
Default value:None
Accepted values:Allow, Deny
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Parameter properties

Type:IAzureContextContainer
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Description

Specifies a description of the network security rule configuration to create.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DestinationAddressPrefix

Specifies a destination address prefix. The acceptable values for this parameter are:

  • A Classless Interdomain Routing (CIDR) address
  • A destination IP address range
  • A wildcard character (*) to match any IP address You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DestinationApplicationSecurityGroup

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Parameter properties

Type:

PSApplicationSecurityGroup[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SetByResource
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DestinationApplicationSecurityGroupId

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SetByResourceId
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DestinationPortRange

Specifies a destination port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Direction

Specifies whether a rule is evaluated on incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.

Parameter properties

Type:String
Default value:None
Accepted values:Inbound, Outbound
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Name

Specifies the name of the network security rule configuration that this cmdlet creates.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Priority

Specifies the priority of a rule configuration. The acceptable values for this parameter are: An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Parameter properties

Type:Int32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Protocol

Specifies the network protocol that a new rule configuration applies to. The acceptable values for this parameter are:

  • Tcp
  • Udp
  • wildcard character (*) to match both.

Parameter properties

Type:String
Default value:None
Accepted values:Tcp, Udp, Icmp, Esp, Ah, *
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceAddressPrefix

Specifies a source address prefix. The acceptable values for this parameter are:

  • A CIDR
  • A source IP range
  • A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceApplicationSecurityGroup

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Parameter properties

Type:

PSApplicationSecurityGroup[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SetByResource
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceApplicationSecurityGroupId

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SetByResourceId
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourcePortRange

Specifies the source port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

Outputs

PSSecurityRule