Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

January 26, 2017 07:14PM

CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

Here I had got a task to clone or copy existing NSG in the Azure Powershell. I already have created one Template Network Security Group and all rules are created in it. As I required Rules, Need to run below command to know store all the rule in powershell variable. This will not copy default firewall rules, Only manually created rules information are stored.

$TemplateNSGRules =  Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' | Get-AzureRmNetworkSecurityRuleConfig

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, Get-azurermNetworkSecurityGroup, Get-AzureRmNetworkSecurityRuleConfig

As I need rules only I will create new NSG.

$NSG = New-AzureRmNetworkSecurityGroup -ResourceGroupName 'POC-VPN' -Location 'East US 2' -Name 'Copy-of-Windows-NSG'

Next with the help of foreach loop I will copy inject all the rules from Template NSG to newly created rules.

foreach ($rule in $TemplateNSGRules) {
    $NSG | Add-AzureRmNetworkSecurityRuleConfig -Name $rule.Name -Direction $rule.Direction -Priority $rule.Priority -Access $rule.Access -SourceAddressPrefix $rule.SourceAddressPrefix -SourcePortRange $rule.SourcePortRange -DestinationAddressPrefix $rule.DestinationAddressPrefix -DestinationPortRange $rule.DestinationPortRange -Protocol $rule.Protocol # -Description $rule.Description
    $NSG | Set-AzureRmNetworkSecurityGroup
}

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, New-AzureRmNetworkSecurityGroup, Add-AzureRmNetworkSecurityRuleConfig, direction, source.png

Sane way importing NSG from excel file will work. follow this article to create CSV excel file - POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL.to import.

$TemplateNSGRules = Import-CSV -Path C:\Temp\TestNSG01.csv 

Create new empty NSG firewall, and run the foreach script block as shown above.

Go Back

Chung,
Instead using '*' use 'any'.

Hi Kunal,

The original value for my "Source port ranges" setting is "*"

Using command:
Get-AzureRmNetworkSecurityGroup -Name -ResourceGroupName | Get-AzureRmNetworkSecurityRuleConfig | Select * | Export-Csv -NoTypeInformation -Path C:\Temp\TestNSG01.csv

The exported CSV contains value "System.Collections.Generic.List`1[System.String]" for that, which seems to be not acceptable by Set-AzureRmNetworkSecurityGroup ...

Hi Chung, As pasted error it looks like "Security rule has invalid Port range", check you CSV file once.

When import NSG from CSV I got the following Error:

Set-AzureRmNetworkSecurityGroup : Security rule has invalid Port range. Value provided:
System.Collections.Generic.List`1[System.String]. Value should be an integer OR integer range with '-' delimiter.
Valid range 0-65535.
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : '1258b0ff-17e0-450f-861c-bd74a4c380fa'
At line:3 char:12
+ $NSG | Set-AzureRmNetworkSecurityGroup
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmNetworkSecurityGroup], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureNetworkSecurityGroupCommand

The original value for my "Source port ranges" setting is "*", and the exported CSV use value "System.Collections.Generic.List`1[System.String]" for that, which seems to be not acceptable by Set-AzureRmNetworkSecurityGroup ...

Very helpful! You rock!!! A+++++

I can't believe how difficult it is to clone / copy NSG rules in azure. I have been searching for days on how to do this. What is a simple 5 second copy 'n paste in most firewalls, is a full on development process in azure NSGs.

Thank you so much for putting this together, so lucky I stumbled across it.

very helpful, it save hours work!!!!!!!!!!!!!!!!



Comment