I've been trying to push Azure NetworkSecurityGroup rules through powershell.
Using the console I seem to be able to create what I want, however using powershell I am having little success.
Using the following syntax:
Get-AzureRmNetworkSecurityGroup -Name $SecGroup -ResourceGroupName $RGName
| Set-AzureRmNetworkSecurityGroup
| Add-AzureRmNetworkSecurityRuleConfig
-Name 'MSTSC'
-Direction Inbound
-Priority 100
-Access Allow
-SourceAddressPrefix 'INTERNET'
-SourcePortRange '65456'
-DestinationAddressPrefix '*'
-DestinationPortRange '3389'
-Protocol '*'
I am getting an output window that seems to indicate that the security rule has been created:
However, if I then check the portal, or do
Get-AzureRmNetworkSecurityGroup -Name $SecGroup -ResourceGroupName $RGName
The newly added rule is not there.
If I however add the rule with the portal, and try to create it using my powershell command, I receive the following error:
Add-AzureRmNetworkSecurityRuleConfig : Rule with the specified name already exists
I'm missing something, but what?
This was actually a very silly issue.
The steps you should be taking when adding a new rule to a security group:
Get-AzureRmNetworkSecurityGroup
Add-AzureRmNetworkSecurityRuleConfig
Set-AzureRmNetworkSecurityGroup
My lack of comprehending these steps and simply copy pasting from the internet caused my mistake.
When it reaches the second pipe, it sets the not yet updated securitygroup (So I'm simply pushing the group exactly as I pulled it) and gives me the success message.
After which I
Add
the new group in my cache, which is a local copy of the rules without publishing it.So a correct way to do it is: