Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

Get-AzNetworkSecurityGroup

Gets a network security group.

Syntax

NoExpand 

Get-AzNetworkSecurityGroup
 [-Name <String>]
 [-ResourceGroupName <String>]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Expand 

Get-AzNetworkSecurityGroup
 -Name <String>
 -ResourceGroupName <String>
 -ExpandResource <String>
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Description

The Get-AzNetworkSecurityGroup cmdlet gets an Azure network security group.

Examples

Example 1: Retrieve an existing network security group

Get-AzNetworkSecurityGroup -Name nsg1 -ResourceGroupName "rg1"

Name : nsg1
ResourceGroupName : rg1
Location : eastus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provider
 s/Microsoft.Network/networkSecurityGroups/nsg1
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid : 00000000-0000-0000-0000-000000000000
ProvisioningState : Succeeded
Tags :
FlushConnection : False
SecurityRules : []
DefaultSecurityRules : [
 {
 "Name": "AllowVnetInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetInBound",
 "Description": "Allow inbound traffic from all VMs in VNET",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "VirtualNetwork"
 ],
 "DestinationAddressPrefix": [
 "VirtualNetwork"
 ],
 "Access": "Allow",
 "Priority": 65000,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowAzureLoadBalancerInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowAzureLoadBalancerInBou
 nd",
 "Description": "Allow inbound traffic from azure load balancer",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "AzureLoadBalancer"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Allow",
 "Priority": 65001,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "DenyAllInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/DenyAllInBound",
 "Description": "Deny all inbound traffic",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Deny",
 "Priority": 65500,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowVnetOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetOutBound",
 "Description": "Allow outbound traffic from all VMs to all VMs in VNET",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "VirtualNetwork"
 ],
 "DestinationAddressPrefix": [
 "VirtualNetwork"
 ],
 "Access": "Allow",
 "Priority": 65000,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowInternetOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowInternetOutBound",
 "Description": "Allow outbound traffic from all VMs to Internet",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "Internet"
 ],
 "Access": "Allow",
 "Priority": 65001,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "DenyAllOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/DenyAllOutBound",
 "Description": "Deny all outbound traffic",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Deny",
 "Priority": 65500,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 }
 ]
NetworkInterfaces : []
Subnets : []

This command returns contents of Azure network security group "nsg1" in resource group "rg1"

Example 2: List existing network security groups using filtering

Get-AzNetworkSecurityGroup -Name nsg*

Name : nsg1
ResourceGroupName : rg1
Location : eastus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provider
 s/Microsoft.Network/networkSecurityGroups/nsg1
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid : 00000000-0000-0000-0000-000000000000
ProvisioningState : Succeeded
Tags :
FlushConnection : False
SecurityRules : []
DefaultSecurityRules : [
 {
 "Name": "AllowVnetInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetInBound",
 "Description": "Allow inbound traffic from all VMs in VNET",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "VirtualNetwork"
 ],
 "DestinationAddressPrefix": [
 "VirtualNetwork"
 ],
 "Access": "Allow",
 "Priority": 65000,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowAzureLoadBalancerInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowAzureLoadBalancerInBou
 nd",
 "Description": "Allow inbound traffic from azure load balancer",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "AzureLoadBalancer"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Allow",
 "Priority": 65001,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "DenyAllInBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/DenyAllInBound",
 "Description": "Deny all inbound traffic",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Deny",
 "Priority": 65500,
 "Direction": "Inbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowVnetOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetOutBound",
 "Description": "Allow outbound traffic from all VMs to all VMs in VNET",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "VirtualNetwork"
 ],
 "DestinationAddressPrefix": [
 "VirtualNetwork"
 ],
 "Access": "Allow",
 "Priority": 65000,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "AllowInternetOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowInternetOutBound",
 "Description": "Allow outbound traffic from all VMs to Internet",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "Internet"
 ],
 "Access": "Allow",
 "Priority": 65001,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 },
 {
 "Name": "DenyAllOutBound",
 "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
 "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/provide
 rs/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/DenyAllOutBound",
 "Description": "Deny all outbound traffic",
 "Protocol": "*",
 "SourcePortRange": [
 "*"
 ],
 "DestinationPortRange": [
 "*"
 ],
 "SourceAddressPrefix": [
 "*"
 ],
 "DestinationAddressPrefix": [
 "*"
 ],
 "Access": "Deny",
 "Priority": 65500,
 "Direction": "Outbound",
 "ProvisioningState": "Succeeded",
 "SourceApplicationSecurityGroups": [],
 "DestinationApplicationSecurityGroups": []
 }
 ]
NetworkInterfaces : []
Subnets : []

This command returns contents of Azure network security groups that start with "nsg"

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:IAzureContextContainer
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzContext, AzureRmContext, AzureCredential

Parameter sets

-ExpandResource

The resource reference to be expanded.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

-Name

Specifies the name of the network security group that this cmdlet gets.

Parameter properties

Type:String
Default value:None
Supports wildcards:True
DontShow:False
Aliases:ResourceName

Parameter sets

-ResourceGroupName

Specifies the name of the resource group that the network security group belongs to.

Parameter properties

Type:String
Default value:None
Supports wildcards:True
DontShow:False

Parameter sets

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

String

Outputs

PSNetworkSecurityGroup

Related Links

Feedback

Was this page helpful?