az network nsg

Manage Azure Network Security Groups (NSGs).

You can control network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols. For more information visit https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-create-nsg-arm-cli.

Commands

az network nsg create Create a network security group.
az network nsg delete Delete a network security group.
az network nsg list List network security groups.
az network nsg rule Manage network security group rules.
az network nsg rule create Create a network security group rule.
az network nsg rule delete Delete a network security group rule.
az network nsg rule list List all rules in a network security group.
az network nsg rule show Get the details of a network security group rule.
az network nsg rule update Update a network security group rule.
az network nsg show Get information about a network security group.
az network nsg update Update a network security group.

az network nsg create

Create a network security group.

az network nsg create --name
--resource-group
[--location]
[--tags]

Examples

Create an NSG in a resource group within a region with tags.

az network nsg create -g MyResourceGroup -n MyNsg --tags super_secure no_80 no_22

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

az network nsg delete

Delete a network security group.

az network nsg delete --name
--resource-group

Examples

Delete an NSG in a resource group.

az network nsg delete -g MyResourceGroup -n MyNsg

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network nsg list

List network security groups.

az network nsg list [--resource-group]

Examples

List all NSGs in the 'westus' region.

az network nsg list --query "[?location=='westus']"

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network nsg show

Get information about a network security group.

az network nsg show --name
--resource-group
[--expand]

Examples

Get basic information about an NSG.

az network nsg show -g MyResourceGroup -n MyNsg

Get the default security rules of an NSG and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[]" -o table

Get all default NSG rules with "Allow" access and format the output as a table.

az network nsg show -g MyResourceGroup -n MyNsg --query "defaultSecurityRules[?access=='Allow']" -o table

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--expand

Expands referenced resources.

az network nsg update

Update a network security group.

This command can only be used to update the tags of an NSG. Name and resource group are immutable and cannot be updated.

az network nsg update --name
--resource-group
[--add]
[--remove]
[--set]

Examples

Remove a tag of an NSG.

az network nsg update -g MyResourceGroup -n MyNsg --remove tags.no_80

Required Parameters

--name -n

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.