Azure Network Security Group is used to manage the flow of the network traffic and the direction as well, besides the default inbound and outbound security rules there can be none or many security rules to define the security within in the Azure Virtual Network.
There are many scenarios where you need to clone Network Security Group and its security rules to a new Network Security Group or copy the security rules to an existing Network Security Group, it could be as part of the migration, testing, cloning the same security measures for different project, or for a disaster recovery site and etc.,
You can’t move the Network Security Group from one region to an another. You can only use the method of copy, paste and delete.
I have created a PowerShell script to copy the security rules from one Network Security Group to another and also it has some other abilities like…
Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> [<CommonParameters>]
Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>]
Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>]
Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetNSG <psobject> [-Overwrite] [<CommonParameters>]
To copy security rules from the existing source NSG to existing target NSG using NSG name…
PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1
PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetResourceGroupName 'rg2' -TargetNSGName 'nsg2'
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
To create a new NSG and then copy security rules from the existing source NSG
PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1
PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia'
New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location.
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
If the target NSG is already existed…
The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation.
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
To copy security rules from the existing source NSG to existing target NSG (When direct NSG objects are provided)
PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1
PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1'
PS C:\> $nsg2 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg2' -Name 'nsg2'
PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSG $nsg2
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
To create a new NSG and then copy security rules from the existing source NSG (When direct source NSG object is provided)
PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1
PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1'
PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia'
New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location.
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
If the target NSG is already existed…
The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation.
Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2'
Deny_Internet, Allow_SqlServer
Find Azure Resources By Tags Using PowerShell
