Create NSG in Azure using PowerShell

jeffythampi — Fri, 14 Aug 2020 13:12:01 +0000

This article is about how to create a Network Security Group in Azure Cloud. NSG (a very basic firewall) is a service provided by Azure cloud to manage the traffic flow in Azure virtual network and resources.
The traffic management is done by access control lists (ACL). The security rules defines the protocol (TCP, UDP, ICMP), source, source port, destination, destination port, allow/deny and priority. NSG can be attached to the subnet or virtual machines NIC and the security rules are applied to the whole subnet or the virtual machines accordingly.

NSG is stateful, which means if an incoming port is open and when a connection hits the port, outgoing port is automatically opened to allow the return traffic.

In the previous post, we saw how to create virtual network and subnets in Azure.

Create Virtual Network in Azure using PowerShell

Existing infrastructure diagram (refer the above mentioned article)

Virtual network and Subnets

This article will describe how to create two network security group for the internal and DMZ subnet.

For the subnets, two NSG is required to manage the traffic.


#Connect to azure network
Connect-AzAccount 

#virtual network information
$resource_locaton_main = 'West US'
$resourceGroup_Name = "RG-HOSite"
$vnet_Name = "vnet-ho"

#Fetching information about resource group and virtual network
$rg = Get-AzResourceGroup $resourceGroup_Name
$vnet = Get-AzVirtualNetwork -Name $vnet_Name -ResourceGroupName $rg.ResourceGroupName

#Getting subnet information from the virtual network object
$subnet_INT = $vnet.Subnets[0]
$subnet_DMZ = $vnet.Subnets[1]


#Creating internal network NSG
$nsg_int = New-AzNetworkSecurityGroup -Name "nsg-int" `
-Location $rg.Location `
-ResourceGroupName $rg.ResourceGroupName

#Adding the nsg to VNET INT
Set-AzVirtualNetworkSubnetConfig -NetworkSecurityGroup $nsg_int `
-Name $subnet_INT.Name `
-VirtualNetwork $vnet `
-AddressPrefix $subnet_INT.AddressPrefix | Set-AzVirtualNetwork

#Creating DMZ network NSG
$nsg_dmz = New-AzNetworkSecurityGroup -Name "nsg-dmz" `
-Location $vnet.Location `
-ResourceGroupName $rg.ResourceGroupName

#adding the DMZ NSG to subnet
Set-AzVirtualNetworkSubnetConfig -Name $subnet_DMZ.Name  `
-VirtualNetwork $vnet  `
-NetworkSecurityGroup $nsg_dmz `
-AddressPrefix $subnet_DMZ.AddressPrefix | Set-AzVirtualNetwork

Executing the above script will create two NSG and attach to the internal and DMZ subnet as shown below.

Hope this is informative and thank you for reading.

Create Virtual Network in Azure using PowerShell

jeffythampi — Sun, 02 Aug 2020 17:53:18 +0000

In Azure IaaS, Virtual network is required to enable communications between resources such as VM’s, load balancers, gateways etc.

This article shows how to create a virtual network resource and subnets in Azure.

Create Azure Virtual Network and Subnet using PowerShell

Create a Virtual network with address prefix 172.17.0.0/16 with 2 subnets. One subnet having network 172.17.1.0/24 and second network 172.17.10.0/24

Step – 1: Login to Azure

Connect-AzAccount

Executing the above cmdlet brings a browser popup. Enter the azure credential to complete the login.

Step – 2: Create a Resource Group

$resource_locaton_main = 'Central US'
$resourceGroup_Name = "RG-MainSite"

#Create new Resource Group
New-AzResourceGroup -Name $resourceGroup_Name -Location $resource_locaton_main

Resource group named “RG-MainSite will be created in Central US location”

Step -3: Create virtual network with one subnet(internal subnet). Second subnet(DMZ) will be added after creating the virtual network.

Note: Both the subnets can be created along with virtual network.

$vnet_Name = "vnet-main"
$vnet_Prefix = "172.17.0.0/16"
$vsubnet_int = "172.17.1.0/24"

#Create a Vnet and Subnet
$subnetInternal = New-AzVirtualNetworkSubnetConfig -Name "v-subnet-int" `
-AddressPrefix $vsubnet_int

New-AzVirtualNetwork -Name $vnet_Name -AddressPrefix $vnet_Prefix `
-Subnet $subnetInternal -ResourceGroupName RG-MainSite `
-Location $resource_locaton_main

Step – 4: Add second subnet to virtual network

$vsubnet_dmz = "172.17.10.0/24"

#Fetch virtual network details
$vnet = Get-AzVirtualNetwork -Name $vnet_Name

#Add a subnet to existing vnet
Add-AzVirtualNetworkSubnetConfig -Name "v-subnet-dmz" -VirtualNetwork $vnet `
-AddressPrefix $vsubnet_dmz | Set-AzVirtualNetwork

Full Script:

#Connect to Azure
Connect-AzAccount

#Variable Declaration
$vnet_Name = "vnet-main"
$vnet_Prefix = "172.17.0.0/16"
$vsubnet_int = "172.17.1.0/24"
$vsubnet_dmz = "172.17.10.0/24"
$resource_locaton_main = 'Central US'
$resourceGroup_Name = "RG-MainSite"

#Create new Resource Group
New-AzResourceGroup -Name $resourceGroup_Name -Location $resource_locaton_main

#Create a Vnet and Subnet
$subnetInternal = New-AzVirtualNetworkSubnetConfig -Name "v-subnet-int" `
-AddressPrefix $vsubnet_int

New-AzVirtualNetwork -Name $vnet_Name -AddressPrefix $vnet_Prefix `
-Subnet $subnetInternal -ResourceGroupName RG-MainSite `
-Location $resource_locaton_main

#Fetch virtual network details
$vnet = Get-AzVirtualNetwork -Name $vnet_Name

#Add a subnet to existing vnet
Add-AzVirtualNetworkSubnetConfig -Name "v-subnet-dmz" -VirtualNetwork $vnet `
-AddressPrefix $vsubnet_dmz | Set-AzVirtualNetwork

Executing the above script will create a resource group, virtual network and 2 subnets.

Hope this is informative and thank you for reading the article.

Azure | TekCookie

Create NSG in Azure using PowerShell

Create Virtual Network in Azure using PowerShell

Create Azure Virtual Network and Subnet using PowerShell