Microsoft.Network networkSecurityGroups 2019-11-01

Template format

To create a Microsoft.Network/networkSecurityGroups resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/networkSecurityGroups",
  "apiVersion": "2019-11-01",
  "location": "string",
  "tags": {},
  "properties": {
    "securityRules": [
      {
        "id": "string",
        "properties": {
          "description": "string",
          "protocol": "string",
          "sourcePortRange": "string",
          "destinationPortRange": "string",
          "sourceAddressPrefix": "string",
          "sourceAddressPrefixes": [
            "string"
          ],
          "sourceApplicationSecurityGroups": [
            {
              "id": "string",
              "location": "string",
              "tags": {},
              "properties": {}
            }
          ],
          "destinationAddressPrefix": "string",
          "destinationAddressPrefixes": [
            "string"
          ],
          "destinationApplicationSecurityGroups": [
            {
              "id": "string",
              "location": "string",
              "tags": {},
              "properties": {}
            }
          ],
          "sourcePortRanges": [
            "string"
          ],
          "destinationPortRanges": [
            "string"
          ],
          "access": "string",
          "priority": "integer",
          "direction": "string"
        },
        "name": "string"
      }
    ]
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/networkSecurityGroups object

Name Type Required Value
name string Yes The name of the network security group.
type enum Yes Microsoft.Network/networkSecurityGroups
apiVersion enum Yes 2019-11-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the network security group. - NetworkSecurityGroupPropertiesFormat object
resources array No securityRules

NetworkSecurityGroupPropertiesFormat object

Name Type Required Value
securityRules array No A collection of security rules of the network security group. - SecurityRule object

SecurityRule object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the security rule. - SecurityRulePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

SecurityRulePropertiesFormat object

Name Type Required Value
description string No A description for this rule. Restricted to 140 chars.
protocol enum Yes Network protocol this rule applies to. - Tcp, Udp, Icmp, Esp, *, Ah
sourcePortRange string No The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRange string No The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourceAddressPrefix string No The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes array No The CIDR or source IP ranges. - string
sourceApplicationSecurityGroups array No The application security group specified as source. - ApplicationSecurityGroup object
destinationAddressPrefix string No The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes array No The destination address prefixes. CIDR or destination IP ranges. - string
destinationApplicationSecurityGroups array No The application security group specified as destination. - ApplicationSecurityGroup object
sourcePortRanges array No The source port ranges. - string
destinationPortRanges array No The destination port ranges. - string
access enum Yes The network traffic is allowed or denied. - Allow or Deny
priority integer No The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
direction enum Yes The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. - Inbound or Outbound

ApplicationSecurityGroup object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No Properties of the application security group. - ApplicationSecurityGroupPropertiesFormat object

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Network Security Group

Deploy to Azure
This template creates a Network Security Group
Apply a NSG to an existing subnet

Deploy to Azure
This template applies a newly created NSG to an existing subnet
Multi tier VNet with NSGs and DMZ

Deploy to Azure
This template deploys a Virtual Network with 3 subnets, 3 Network Security Groups and appropriate security rules to make the FrontEnd subnet a DMZ
Create 2 VMs in LB and a SQL Server VM with NSG.

Deploy to Azure
This template creates 2 Windows VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using RDP on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group.
Create 2 VMs Linux with LB and SQL Server VM with SSD.

Deploy to Azure
This template creates 2 Linux VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using SSH on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. All VMs storage can use Premium Storage (SSD) and you can choose to creare VMs with all DS sizes
Deploy a 3 Nodetype Secure Cluster with NSGs enabled

Deploy to Azure
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups.