Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input validation in New/Set-AzureRmNetworkSecurityRuleConfig #2814

Open
ShuheiUda opened this issue Aug 22, 2016 · 2 comments
Open

Input validation in New/Set-AzureRmNetworkSecurityRuleConfig #2814

ShuheiUda opened this issue Aug 22, 2016 · 2 comments
Assignees
@chandrasekarsrinivasan
Labels
Network - Virtual Network Service Attention This issue is responsible by Azure service team.

Comments

@ShuheiUda
Copy link
Contributor

Could you validate Input parameter in New/Set-AzureRmNetworkSecurityRuleConfig cmdlets?
In spite of incorrect Address Prefix, following commands return no sign of error.

NSG permits or denies unexpected packets when I link these rules to NIC or Subnet.
It is difficult to find misconfiguration in case if these cmdlets doesn't return any errors.

  • Creating NSG with incorrect Address Prefix (192.168.0.0/34 and 10.0.0/0/16)

    $rule1 = New-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix 192.168.0.0/34 -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
    $rule2 = New-AzureRmNetworkSecurityRuleConfig -Name web-rule -Description "Allow HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix 10.0.0/0/16 -DestinationPortRange 80
    $nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName TestRG -Location westus -Name "NSG-FrontEnd" -SecurityRules $rule1,$rule2

  • In Azure portal, these parameters are validated
    nsg
@cormacpayne
Copy link
Member

@DeepakRajendranMsft Hey Deepak, would you mind taking a look at this issue?

@maddieclayton
Copy link
Contributor

@avijitgupta @chandrasekarsrinivasan Can you take a look at this issue?

@bsiegel bsiegel added the Service Attention This issue is responsible by Azure service team. label Sep 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chandrasekarsrinivasan chandrasekarsrinivasan

Labels
Network - Virtual Network Service Attention This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@bsiegel @avijitgupta @cormacpayne @DeepakRajendranMsft @maddieclayton @ShuheiUda @mozehgir @chandrasekarsrinivasan @KarenHammons