Manage Network Security Groups with PowerShell

Manage Network Security Groups with PowerShell

Q. How do I manage ARM Network Security Groups with PowerShell?

A. Below is example PowerShell I have commented that walks through the various actions of managing Network Security Groups in ARM with PowerShell.

#Set variables for the Resource Group and the location
$RGName = 'RG-SCUSA'
$Location = 'South Central US'

#Create a new rule to allow traffic from the Internet to port 443
$NSGRule1 = New-AzureRmNetworkSecurityRuleConfig -Name 'WEB' -Direction Inbound -Priority 100 `
    -Access Allow -SourceAddressPrefix 'INTERNET' -SourcePortRange '*' `
    -DestinationAddressPrefix '*' -DestinationPortRange '443' -Protocol TCP

$Create a new NSG using the Rule created
New-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -Location $Location -ResourceGroupName $RGName `
    -SecurityRules $NSGRule1 #could use array of rules or separate by comma, e.g. $Rule1, $Rule2

$NSG = Get-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName

#Add rule to existing to allow RDP 
Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $NSG -Name 'RDP' -Direction Inbound -Priority 101 `
    -Access Allow -SourceAddressPrefix 'INTERNET' -SourcePortRange '*' `
    -DestinationAddressPrefix '*' -DestinationPortRange '3389' -Protocol TCP
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG #Apply the change to the in memory object

#Remove a rule
Get-AzurermNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName | 
    Remove-AzureRmNetworkSecurityRuleConfig -Name 'RDP' |

#NSG must be same region as the resource
#Associate a NSG to a Virtual machine NIC
$NICName = 'dummyvm292'
$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $RGname
$NIC.NetworkSecurityGroup = $NSG
Set-AzureRmNetworkInterface -NetworkInterface $NIC

#Remove a NSG from a VM NIC
$NIC.NetworkSecurityGroup = $null
Set-AzureRmNetworkInterface -NetworkInterface $NIC

#Associate a NSG to a subnet
$VNetName = 'vnetRG-SCUSA'
$SubnetNm = 'Subnet2'
$VNET = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $VNET -Name $SubnetNm `
    -AddressPrefix -NetworkSecurityGroup $NSG
Set-AzureRmVirtualNetwork -VirtualNetwork $VNET

#Remove a NSG from the subnet
$VNET = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG
$VNSubnet = Get-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $VNET -Name $SubnetNm
$VNSubnet.NetworkSecurityGroup = $null
Set-AzureRmVirtualNetwork -VirtualNetwork $VNET

#Delete a NSG
Remove-AzureRmNetworkSecurityGroup -Name "NSGFrontEnd" -ResourceGroupName $RGName


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.