Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Log into both old and new Azure
Login-AzureRmAccount
#Choose subscription 'new' Azure
$subscription = (Get-AzureRmSubscription | Out-GridView -Title "Select the Azure subscription that you want to use ..." -PassThru).SubscriptionName
Select-AzureRmSubscription -SubscriptionName $subscription
##########################################################################
############################# NSG DMZ #############################
##########################################################################
$mode = "DMZ"
$RGName = "Show-NSG-$mode"
$location = "australiaeast"
####################### | Create the Resource Group | ####################### | @marckean
cls
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
#region
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
New-AzureRmResourceGroup -Name $RGName -Location $location -Force}
$DemoNSGname = "Demo-NSG-$mode"
#Virtual Network
$vNetRGName = "Show-vNet"
### Create security rule allowing access from the Internet
$DMZrule1 = New-AzureRmNetworkSecurityRuleConfig `
-Name rdp-int-rule `
-Description "Allow RDP" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 100 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 65234
### Create security rule allowing access from the Internet
$DMZrule2 = New-AzureRmNetworkSecurityRuleConfig `
-Name web-int-rule `
-Description "Allow HTTP" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 101 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 80
### Add the rules to a new NSG
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $DMZrule1,$DMZrule2
### Select VNET
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName
### Select Subnet
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName
### Associate NSG to selected Subnet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg |
Set-AzureRmVirtualNetwork
##########################################################################
############################# NSG Int #############################
##########################################################################
$mode = "Int"
$RGName = "Show-NSG-$mode"
$location = "australiaeast"
####################### | Create the Resource Group | ####################### | @marckean
cls
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
#region
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
New-AzureRmResourceGroup -Name $RGName -Location $location -Force}
$DemoNSGname = "Demo-NSG-$mode"
#Virtual Network
$vNetRGName = "Show-vNet"
### Create security rule allowing access from the Internet
$INTrule1 = New-AzureRmNetworkSecurityRuleConfig `
-Name rdp-int-rule `
-Description "Allow RDP" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 100 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389
### Create security rule allowing access from the Internet
$INTrule2 = New-AzureRmNetworkSecurityRuleConfig `
-Name web-int-rule `
-Description "Allow HTTP" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 101 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 80
### Add the rules to a new NSG
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $INTrule1,$INTrule2
### Select vNET
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName
### Select Subnet
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName
### Associate NSG to selected Subnet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg |
Set-AzureRmVirtualNetwork
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.