http://vcloud-lab.com/entries/microsoft-azure/microsoft-azure-powershell-cloning-coping-or-importing-existing-nsg-network-security-group-from-excelComments on post: MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCELVivitiCMS2018-04-19T14:43:46+05:30Virtual Geektag:vcloud-lab.com,2017-09-10:/entries/104373#comment_97226Comment by mustafa2017-09-10T06:28:59+05:302017-09-10T06:28:59+05:30very helpful, it save hours work!!!!!!!!!!!!!!!! tag:vcloud-lab.com,2017-09-15:/entries/104373#comment_97345Comment by velvetmidget2017-09-15T22:46:25+05:302017-09-15T22:46:25+05:30I can't believe how difficult it is to clone / copy NSG rules in azure. I have been searching for days on how to do this. What is a simple 5 second copy 'n paste in most firewalls, is a full on development process in azure NSGs.
Thank you so much for putting this together, so lucky I stumbled across it.tag:vcloud-lab.com,2017-12-03:/entries/104373#comment_97771Comment by Thy2017-12-03T17:00:16+05:302017-12-03T17:00:16+05:30Very helpful! You rock!!! A+++++tag:vcloud-lab.com,2018-01-09:/entries/104373#comment_97907Comment by Chung2018-01-09T09:10:49+05:302018-01-09T09:10:49+05:30When import NSG from CSV I got the following Error:
Set-AzureRmNetworkSecurityGroup : Security rule has invalid Port range. Value provided:
System.Collections.Generic.List`1[System.String]. Value should be an integer OR integer range with '-' delimiter.
Valid range 0-65535.
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : '1258b0ff-17e0-450f-861c-bd74a4c380fa'
At line:3 char:12
+ $NSG | Set-AzureRmNetworkSecurityGroup
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmNetworkSecurityGroup], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureNetworkSecurityGroupCommand
The original value for my "Source port ranges" setting is "*", and the exported CSV use value "System.Collections.Generic.List`1[System.String]" for that, which seems to be not acceptable by Set-AzureRmNetworkSecurityGroup ...
tag:vcloud-lab.com,2018-01-09:/entries/104373#comment_97912Comment by Kunal2018-01-09T12:44:52+05:302018-01-09T12:44:52+05:30Hi Chung, As pasted error it looks like "Security rule has invalid Port range", check you CSV file once.tag:vcloud-lab.com,2018-01-09:/entries/104373#comment_97913Comment by Chung2018-01-09T13:49:28+05:302018-01-09T13:49:28+05:30Hi Kunal,
The original value for my "Source port ranges" setting is "*"
Using command:
Get-AzureRmNetworkSecurityGroup -Name -ResourceGroupName | Get-AzureRmNetworkSecurityRuleConfig | Select * | Export-Csv -NoTypeInformation -Path C:\Temp\TestNSG01.csv
The exported CSV contains value "System.Collections.Generic.List`1[System.String]" for that, which seems to be not acceptable by Set-AzureRmNetworkSecurityGroup ...
tag:vcloud-lab.com,2018-01-11:/entries/104373#comment_97925Comment by Kunal2018-01-11T14:45:58+05:302018-01-11T14:45:58+05:30Chung,
Instead using '*' use 'any'.tag:vcloud-lab.com,2018-02-08:/entries/104373#comment_98026Comment by Jijos2018-02-08T11:11:05+05:302018-02-08T11:11:05+05:30Hi Chung,
How do we can create a new NSG rule and import all the rules from CSV ?
Thanks,
Jijostag:vcloud-lab.com,2018-03-01:/entries/104373#comment_98081Comment by James2018-03-01T19:42:48+05:302018-03-01T19:42:48+05:30Something has changed recently, these scripts and others like it are now returning: System.Collections.Generic.List`1[System.String]
So all my scripts and tools for exporting and importing NSG's are CSVs are now broken.
tag:vcloud-lab.com,2018-03-02:/entries/104373#comment_98082Comment by Mike2018-03-02T04:20:46+05:302018-03-02T04:20:46+05:30Yes, it does appear this has recently changed. these fields now appear to be multivalued arrays. I was able to get my results by doing something like this:
$report = @()
foreach ($nsg in Get-AzureRmNetworkSecurityGroup){
foreach($rule in $nsg.SecurityRules){
$info = "" | select-object nsg, rule, description, protocol, SourcePortRange, DestinationPortRange, SourceApplicationSecurityGroups, DestinationApplicationSecurityGroups, SourceAddressPrefix, DestinationAddressPrefix, Access, Priority, Direction
$info.nsg = $nsg.Name
$info.rule = $rule.name
$info.Description = $rule.Description
$info.Protocol = $rule.Protocol
$info.SourcePortRange = $rule.SourcePortRange[0]
$info.DestinationPortRange = $rule.DestinationPortRange[0]
$info.SourceAddressPrefix = $rule.SourceAddressPrefix[0]
$info.DestinationAddressPrefix = $rule.DestinationAddressPrefix[0]
$info.SourceApplicationSecurityGroups = $rule.SourceApplicationSecurityGroups[0]
$info.DestinationApplicationSecurityGroups = $rule.DestinationApplicationSecurityGroups[0]
$info.Access = $rule.Access
$info.Priority = $rule.Priority
$info.Direction = $rule.Direction
$report += $info
}
}
$reporttag:vcloud-lab.com,2018-03-02:/entries/104373#comment_98084Comment by Kunal2018-03-02T23:58:54+05:302018-03-02T23:58:54+05:30Nice work @Mike.tag:vcloud-lab.com,2018-04-19:/entries/104373#comment_98214Comment by cyberbastion2018-04-19T14:43:46+05:302018-04-19T14:43:46+05:30Hi Mike,
Thanks your script. But i found out if the source/destination address/port having multiple value. It will only return first IP/port due to the SourcePortRange"[0] ". Do you have any idea how to change the coding on export and import too?
Thanks
Cyberbastion