New-AzNetworkSecurityRuleConfig

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Module:

Az.Network

Creates a network security rule configuration.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

New-AzNetworkSecurityRuleConfig
   -Name <String>
   [-Description <String>]
   [-Protocol <String>]
   [-SourcePortRange <String[]>]
   [-DestinationPortRange <String[]>]
   [-SourceAddressPrefix <String[]>]
   [-DestinationAddressPrefix <String[]>]
   [-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
   [-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
   [-Access <String>]
   [-Priority <Int32>]
   [-Direction <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

New-AzNetworkSecurityRuleConfig
   -Name <String>
   [-Description <String>]
   [-Protocol <String>]
   [-SourcePortRange <String[]>]
   [-DestinationPortRange <String[]>]
   [-SourceAddressPrefix <String[]>]
   [-DestinationAddressPrefix <String[]>]
   [-SourceApplicationSecurityGroupId <String[]>]
   [-DestinationApplicationSecurityGroupId <String[]>]
   [-Access <String>]
   [-Priority <Int32>]
   [-Direction <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzNetworkSecurityRuleConfig cmdlet creates an Azure network security rule configuration for a network security group.

Examples

Example 1: Create a network security rule to allow RDP

$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

This command creates a security rule allowing access from the Internet to port 3389

Example 2: Create a network security rule that allows HTTP

$rule2 = New-AzNetworkSecurityRuleConfig -Name web-rule -Description "Allow HTTP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80

This command creates a security rule allowing access from the Internet to port 80

Parameters

-Access

Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.

Type:	String
Accepted values:	Allow, Deny
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Description

Specifies a description of the network security rule configuration to create.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DestinationAddressPrefix

Specifies a destination address prefix. The acceptable values for this parameter are:

• A Classless Interdomain Routing (CIDR) address
• A destination IP address range
• A wildcard character (*) to match any IP address You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DestinationApplicationSecurityGroup

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type:	PSApplicationSecurityGroup[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DestinationApplicationSecurityGroupId

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DestinationPortRange

Specifies a destination port or range. The acceptable values for this parameter are:

• An integer
• A range of integers between 0 and 65535
• A wildcard character (*) to match any port

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Direction

Specifies whether a rule is evaluated on incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.

Type:	String
Accepted values:	Inbound, Outbound
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Specifies the name of the network security rule configuration that this cmdlet creates.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Priority

Specifies the priority of a rule configuration. The acceptable values for this parameter are: An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Protocol

Specifies the network protocol that a new rule configuration applies to. The acceptable values for this parameter are:

• Tcp
• Udp
• wildcard character (*) to match both.

Type:	String
Accepted values:	Tcp, Udp, *
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SourceAddressPrefix

Specifies a source address prefix. The acceptable values for this parameter are:

• A CIDR
• A source IP range
• A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SourceApplicationSecurityGroup

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type:	PSApplicationSecurityGroup[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SourceApplicationSecurityGroupId

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SourcePortRange

Specifies the source port or range. The acceptable values for this parameter are:

• An integer
• A range of integers between 0 and 65535
• A wildcard character (*) to match any port

Type:	String[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

None

Outputs

PSSecurityRule

Related Links

• Add-AzNetworkSecurityRuleConfig
• Get-AzNetworkSecurityRuleConfig
• Remove-AzNetworkSecurityRuleConfig
• Set-AzNetworkSecurityRuleConfig