< Back
Set-AzureRmNetworkSecurityRuleConfig
Post
NAME Set-AzureRmNetworkSecurityRuleConfig
SYNOPSIS
Sets the goal state for a network security rule configuration.
SYNTAX
Set-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroup
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>] [-DestinationPortRange
<System.Collections.Generic.List`1[System.String]>] [-Direction {Inbound | Outbound}] -Name <String> -NetworkSecurityGroup
<PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}] [-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
Set-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-DestinationPortRange <System.Collections.Generic.List`1[System.String]>] [-Direction
{Inbound | Outbound}] -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-SourceApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
DESCRIPTION
The Set-AzureRmNetworkSecurityRuleConfig cmdlet sets the goal state for an Azure network security rule configuration.
PARAMETERS
-Access <String>
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a description for a rule configuration. The maximum size is 140 characters.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address
You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationPortRange <System.Collections.Generic.List`1[System.String]>
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Direction <String>
Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Specifies the name of the network security rule configuration that this cmdlet sets.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-NetworkSecurityGroup <PSNetworkSecurityGroup>
Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Priority <Int32>
Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096.
The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <String>
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
--Tcp - Udp
- A wildcard character (*) to match both
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address
You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourcePortRange <System.Collections.Generic.List`1[System.String]>
Specifies the source port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSNetworkSecurityGroup
Parameter 'NetworkSecurityGroup' accepts value of type 'PSNetworkSecurityGroup' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkSecurityGroup
NOTES
Example 1: Change the access configuration in a network security rule
PS C:\\>$nsg = Get-AzureRmNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
PS C:\\> $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule"
PS C:\\> Set-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"
The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg.
The second command uses the pipeline operator to pass the security group in $nsg to Get-AzureRmNetworkSecurityRuleConfig, which gets the security
rule configuration named rdp-rule.
The third command changes the access configuration of rdp-rule to Deny.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ruleconfig
Add-AzureRmNetworkSecurityRuleConfig
Get-AzureRmNetworkSecurityRuleConfig
New-AzureRmNetworkSecurityRuleConfig
Remove-AzureRmNetworkSecurityRuleConfig
SYNOPSIS
Sets the goal state for a network security rule configuration.
SYNTAX
Set-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroup
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>] [-DestinationPortRange
<System.Collections.Generic.List`1[System.String]>] [-Direction {Inbound | Outbound}] -Name <String> -NetworkSecurityGroup
<PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}] [-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
Set-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-DestinationPortRange <System.Collections.Generic.List`1[System.String]>] [-Direction
{Inbound | Outbound}] -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-SourceApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
DESCRIPTION
The Set-AzureRmNetworkSecurityRuleConfig cmdlet sets the goal state for an Azure network security rule configuration.
PARAMETERS
-Access <String>
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a description for a rule configuration. The maximum size is 140 characters.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address
You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationPortRange <System.Collections.Generic.List`1[System.String]>
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Direction <String>
Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Specifies the name of the network security rule configuration that this cmdlet sets.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-NetworkSecurityGroup <PSNetworkSecurityGroup>
Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Priority <Int32>
Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096.
The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <String>
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
--Tcp - Udp
- A wildcard character (*) to match both
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address
You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourcePortRange <System.Collections.Generic.List`1[System.String]>
Specifies the source port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSNetworkSecurityGroup
Parameter 'NetworkSecurityGroup' accepts value of type 'PSNetworkSecurityGroup' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkSecurityGroup
NOTES
Example 1: Change the access configuration in a network security rule
PS C:\\>$nsg = Get-AzureRmNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
PS C:\\> $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule"
PS C:\\> Set-AzureRmNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"
The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg.
The second command uses the pipeline operator to pass the security group in $nsg to Get-AzureRmNetworkSecurityRuleConfig, which gets the security
rule configuration named rdp-rule.
The third command changes the access configuration of rdp-rule to Deny.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ruleconfig
Add-AzureRmNetworkSecurityRuleConfig
Get-AzureRmNetworkSecurityRuleConfig
New-AzureRmNetworkSecurityRuleConfig
Remove-AzureRmNetworkSecurityRuleConfig