Created
October 17, 2016 02:24
-
-
Save marckean/e81df40e920fcf4a0591fc8676cbe657 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Log into both old and new Azure | |
Login-AzureRmAccount | |
#Choose subscription 'new' Azure | |
$subscription = (Get-AzureRmSubscription | Out-GridView -Title "Select the Azure subscription that you want to use ..." -PassThru).SubscriptionName | |
Select-AzureRmSubscription -SubscriptionName $subscription | |
########################################################################## | |
############################# NSG DMZ ############################# | |
########################################################################## | |
$mode = "DMZ" | |
$RGName = "Show-NSG-$mode" | |
$location = "australiaeast" | |
####################### | Create the Resource Group | ####################### | @marckean | |
cls | |
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan | |
#region | |
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){ | |
New-AzureRmResourceGroup -Name $RGName -Location $location -Force} | |
$DemoNSGname = "Demo-NSG-$mode" | |
#Virtual Network | |
$vNetRGName = "Show-vNet" | |
### Create security rule allowing access from the Internet | |
$DMZrule1 = New-AzureRmNetworkSecurityRuleConfig ` | |
-Name rdp-int-rule ` | |
-Description "Allow RDP" ` | |
-Access Allow ` | |
-Protocol Tcp ` | |
-Direction Inbound ` | |
-Priority 100 ` | |
-SourceAddressPrefix Internet ` | |
-SourcePortRange * ` | |
-DestinationAddressPrefix * ` | |
-DestinationPortRange 65234 | |
### Create security rule allowing access from the Internet | |
$DMZrule2 = New-AzureRmNetworkSecurityRuleConfig ` | |
-Name web-int-rule ` | |
-Description "Allow HTTP" ` | |
-Access Allow ` | |
-Protocol Tcp ` | |
-Direction Inbound ` | |
-Priority 101 ` | |
-SourceAddressPrefix Internet ` | |
-SourcePortRange * ` | |
-DestinationAddressPrefix * ` | |
-DestinationPortRange 80 | |
### Add the rules to a new NSG | |
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $DMZrule1,$DMZrule2 | |
### Select VNET | |
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru | |
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName | |
### Select Subnet | |
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru | |
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName | |
### Associate NSG to selected Subnet | |
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg | | |
Set-AzureRmVirtualNetwork | |
########################################################################## | |
############################# NSG Int ############################# | |
########################################################################## | |
$mode = "Int" | |
$RGName = "Show-NSG-$mode" | |
$location = "australiaeast" | |
####################### | Create the Resource Group | ####################### | @marckean | |
cls | |
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan | |
#region | |
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){ | |
New-AzureRmResourceGroup -Name $RGName -Location $location -Force} | |
$DemoNSGname = "Demo-NSG-$mode" | |
#Virtual Network | |
$vNetRGName = "Show-vNet" | |
### Create security rule allowing access from the Internet | |
$INTrule1 = New-AzureRmNetworkSecurityRuleConfig ` | |
-Name rdp-int-rule ` | |
-Description "Allow RDP" ` | |
-Access Allow ` | |
-Protocol Tcp ` | |
-Direction Inbound ` | |
-Priority 100 ` | |
-SourceAddressPrefix Internet ` | |
-SourcePortRange * ` | |
-DestinationAddressPrefix * ` | |
-DestinationPortRange 3389 | |
### Create security rule allowing access from the Internet | |
$INTrule2 = New-AzureRmNetworkSecurityRuleConfig ` | |
-Name web-int-rule ` | |
-Description "Allow HTTP" ` | |
-Access Allow ` | |
-Protocol Tcp ` | |
-Direction Inbound ` | |
-Priority 101 ` | |
-SourceAddressPrefix Internet ` | |
-SourcePortRange * ` | |
-DestinationAddressPrefix * ` | |
-DestinationPortRange 80 | |
### Add the rules to a new NSG | |
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $INTrule1,$INTrule2 | |
### Select vNET | |
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru | |
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName | |
### Select Subnet | |
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru | |
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName | |
### Associate NSG to selected Subnet | |
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg | | |
Set-AzureRmVirtualNetwork |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment