Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Set-AzNetworkSecurityRuleConfig
- Module:
- Az.Network Module
Updates a network security rule configuration for a network security group.
Syntax
SetByResource (Default)
Set-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
SetByResourceId
Set-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroupId <String[]>]
[-DestinationApplicationSecurityGroupId <String[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Set-AzNetworkSecurityRuleConfig cmdlet updates a network security rule configuration for a network security group.
Examples
Example 1: Change the access configuration in a network security rule
$nsg = Get-AzNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
$nsg | Get-AzNetworkSecurityRuleConfig -Name "rdp-rule"
Set-AzNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"
The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg. The second command uses the pipeline operator to pass the security group in $nsg to Get-AzNetworkSecurityRuleConfig, which gets the security rule configuration named rdp-rule. The third command changes the access configuration of rdp-rule to Deny. However, this overwrites the rule and only sets the parameters that are passed to the Set-AzNetworkSecurityRuleConfig function. NOTE: There is no way to change a single attribute
Example 2
Updates a network security rule configuration for a network security group. (autogenerated)
Set-AzNetworkSecurityRuleConfig -Access Allow -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *
Example 3
Updates a network security rule configuration for a network security group. (autogenerated)
Set-AzNetworkSecurityRuleConfig -Access Allow -Description 'Allow RDP' -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *
Example 4
Updates a network security rule configuration for a network security group (Source IP address)
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName "MyResource" -Name "MyNsg"
($nsg.SecurityRules | Where-Object {$_.Name -eq "RuleName"}).SourceAddressPrefix = ([System.String[]] @("xxx.xxx.xxx.xxx"))
$nsg | Set-AzNetworkSecurityGroup | Get-AzNetworkSecurityRuleConfig -Name "RuleName"
Parameters
-Access
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | Allow, Deny |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-Description
Specifies a description for a rule configuration. The maximum size is 140 characters.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DestinationAddressPrefix
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address. You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DestinationApplicationSecurityGroup
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DestinationApplicationSecurityGroupId
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DestinationPortRange
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Direction
Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | Inbound, Outbound |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Specifies the name of the network security rule configuration that this cmdlet sets.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-NetworkSecurityGroup
Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.
Parameter properties
| Type: | PSNetworkSecurityGroup |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Priority
Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Protocol
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
- Tcp
- Udp
- Icmp
- Esp
- Ah
- Wildcard character (*) to match all
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | Tcp, Udp, Icmp, Esp, Ah, * |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SourceAddressPrefix
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SourceApplicationSecurityGroup
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SourceApplicationSecurityGroupId
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SourcePortRange
Specifies the source port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
PSNetworkSecurityGroup
Outputs
PSNetworkSecurityGroup
Related Links
Azure PowerShell
Feedback
Was this page helpful?