cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Create a Network Security Group (NSG) with PowerShell in Azure and assign it to an existing subnet!

TomWechsler
MVP

‎Nov 27 2020 06:22 AM

‎Nov 27 2020 06:22 AM

Create a Network Security Group (NSG) with PowerShell in Azure and assign it to an existing subnet!

 

Hi Azure friends,

 

I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):

 

#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE

Set-Location C:\Temp
Clear-Host

 

#So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules)

Install-Module -Name Az -Force -AllowClobber -Verbose

 

#Some variables
$location = "westeurope"

#Log into Azure
Connect-AzAccount

#Select the correct subscription
Get-AzSubscription
Get-AzSubscription -SubscriptionName "Visual Studio Enterprise-Abonnement" | Select-AzSubscription
Get-AzContext

#List existing network security groups
Get-AzNetworkSecurityGroup
(Get-AzNetworkSecurityGroup).Name

#Search for ResourceGroups
(Get-AzResourceGroup).ResourceGroupName

#Create a detailed network security group
$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 300 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

$rule2 = New-AzNetworkSecurityRuleConfig -Name web-rule -Description "Allow HTTP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 400 -SourceAddressPrefix `
    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80, 443

$nsg = New-AzNetworkSecurityGroup -ResourceGroupName tw-azuredemo-rg -Location $location -Name `
    "NSG-FrontEnd" -SecurityRules $rule1,$rule2

#List all Vnets in the Subscription
(Get-AzVirtualNetwork).Name

#Let's create a variable
$VNet = Get-AzVirtualNetwork -Name 'tw-vnet-workload'

#We need the name of the subnet
Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $VNet | Select-Object Name,AddressPrefix

#We save the information in a variable
$VNetSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $VNet -Name workload

#We associate the nsg to the subnet
Set-AzVirtualNetworkSubnetConfig -Name $VNetSubnet.Name -VirtualNetwork $VNet -AddressPrefix $VNetSubnet.AddressPrefix -NetworkSecurityGroup $nsg

#Update our virtual network 
$VNet | Set-AzVirtualNetwork

#Let's check the configuration
(Get-AzVirtualNetwork -Name 'tw-vnet-workload').Subnets
 

Now you have used the PowerShell to create a Network Security Group (NSG) and assign it to an existing subnet! Congratulations!

 

I hope this article was useful. Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

 
Labels:
4,962 Views
0 Likes
0 Replies
Reply
0 Replies