SecurityRules

Copy Security Rules From One Azure Network Security Group To Another Using PowerShell

Network Security Group Azure Network Security Group is used to manage the flow of the network traffic and the direction as well, besides the default inbound and outbound security rules there can be none or many security rules to define the security within in the Azure Virtual Network. Purpose of copying Security Rules There are many scenarios where you need to clone Network Security Group and its security rules to a new Network Security Group or copy the security rules to an existing Network Security Group, it could be as part of the migration, testing, cloning the same security measures for different project, or for a disaster recovery site and etc., You can’t move the Network Security Group from one region to an another. You can only use the method of copy, paste and delete. Copy Security Rules using PowerShell I have created a PowerShell script to copy the security rules from one Network Security Group to another and also it has some other abilities like… Copy security rules from one Network Security Group to another. Creates a new Network Security Group and copy the security rules. Accepts the Network Security Group by name or as an object as well. By default the script merges the security rules, and it has an option to overwrite the existing NSG security rules. Code  View the code in GitHub   Syntax This function will accept the following Parameter Sets… Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceResourceGroupName <string> -SourceNSGName <string> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetResourceGroupName <string> -TargetNSGName <string> -TargetLocation <string> [<CommonParameters>] Copy-AzNSGSecurityRules -SourceNSG <psobject> -TargetNSG <psobject> [-Overwrite] [<CommonParameters>] Example 01 To copy security rules from the existing source NSG to existing target NSG using NSG name… PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetResourceGroupName 'rg2' -TargetNSGName 'nsg2' Output: Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 02 To create a new NSG and then copy security rules from the existing source NSG PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> Copy-AzNSGSecurityRules -SourceResourceGroupName 'rg1' -SourceNSGName 'nsg1' -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia' Output: New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer If the target NSG is already existed… The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 03 To copy security rules from the existing source NSG to existing target NSG (When direct NSG objects are provided) PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1' PS C:\> $nsg2 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg2' -Name 'nsg2' PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSG $nsg2 Output: Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Example 04 To create a new NSG and then copy security rules from the existing source NSG (When direct source NSG object is provided) PS C:\> . .\Scripts\Copy-AzNSGSecurityRules.ps1 PS C:\> $nsg1 = Get-AzNetworkSecurityGroup -ResourceGroupName 'rg1' -Name 'nsg1' PS C:\> Copy-AzNSGSecurityRules -SourceNSG $nsg1 -TargetNSGName 'nsg2' -TargetResourceGroupName 'rg2' -TargetLocation 'southindia' Output: New NSG 'nsg2' has been created in resource group 'rg2' in 'southindia' location. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer If the target NSG is already existed… The NSG 'nsg2' is already existed, so vomiting the '-TagetLocation' parameter value and skiping the NSG creation. Following 2 security rule(s) is/are copied from source NSG 'rg1\nsg1' to target NSG 'rg2\nsg2' Deny_Internet, Allow_SqlServer Code  View the code in GitHub