az network nsg

Manage Azure Network Security Groups (NSGs).

You can control network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols. For more information visit https://docs.microsoft.com/azure/virtual-network/virtual-networks-create-nsg-arm-cli.

Commands

az network nsg create Create a network security group.
az network nsg delete Delete a network security group.
az network nsg list List network security groups.
az network nsg rule Manage network security group rules.
az network nsg rule create Create a network security group rule.
az network nsg rule delete Delete a network security group rule.
az network nsg rule list List all rules in a network security group.
az network nsg rule show Get the details of a network security group rule.
az network nsg rule update Update a network security group rule.
az network nsg show Get information about a network security group.
az network nsg update Update a network security group.

az network nsg create

Create a network security group.

az network nsg create --name
--resource-group
[--location]
[--subscription]
[--tags]

Examples

Create an NSG in a resource group within a region with tags.

az network nsg create -g MyResourceGroup -n MyNsg --tags super_secure no_80 no_22

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

az network nsg delete

Delete a network security group.

az network nsg delete [--ids]
[--name]
[--resource-group]
[--subscription]

Examples

Delete an NSG in a resource group.

az network nsg delete -g MyResourceGroup -n MyNsg

Optional Parameters

--ids

One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network nsg list

List network security groups.

az network nsg list [--resource-group]
[--subscription]

Examples

List all NSGs in the 'westus' region.

az network nsg list --query "[?location=='westus']"

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network nsg show

Get information about a network security group.

az network nsg show [--expand]
[--ids]
[--name]
[--resource-group]
[--subscription]

Examples

Get basic information about an NSG.

az network nsg show -g MyResourceGroup -n MyNsg

Get the default security rules of an NSG and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[]" -o table

Get all default NSG rules with "Allow" access and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[?access=='Allow']" -o table

Optional Parameters

--expand

Expands referenced resources.

--ids

One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network nsg update

Update a network security group.

az network nsg update [--add]
[--force-string]
[--ids]
[--name]
[--remove]
[--resource-group]
[--set]
[--subscription]

Examples

Remove a tag of an NSG.

az network nsg update -g MyResourceGroup -n MyNsg --remove tags.no_80

Update a network security group. (autogenerated)

az network nsg update --name MyNsg --resource-group MyResourceGroup --set tags.CostCenter=MyBusinessGroup

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--ids

One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.

--name -n

Name of the network security group.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.