az network manager security-admin-config rule-collection rule
Note
This reference is part of the virtual-network-manager extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network manager security-admin-config rule-collection rule command. Learn more about extensions.
Manage admin rule with network.
Commands
Name | Description | Type | Status |
---|---|---|---|
az network manager security-admin-config rule-collection rule create |
Create a network manager security configuration admin rule. |
Extension | GA |
az network manager security-admin-config rule-collection rule delete |
Delete an admin rule. |
Extension | GA |
az network manager security-admin-config rule-collection rule list |
List all network manager security configuration admin rules. |
Extension | GA |
az network manager security-admin-config rule-collection rule show |
Get a network manager security configuration admin rule. |
Extension | GA |
az network manager security-admin-config rule-collection rule update |
Update a network manager security configuration admin rule in a subscription. |
Extension | GA |
az network manager security-admin-config rule-collection rule create
Create a network manager security configuration admin rule.
az network manager security-admin-config rule-collection rule create --access {Allow, AlwaysAllow, Deny}
--configuration-name
--direction {Inbound, Outbound}
--name
--priority
--protocol {Ah, Any, Esp, Icmp, Tcp, Udp}
--resource-group
--rule-collection-name
--rule-name
[--description]
[--dest-port-ranges]
[--destinations]
[--flag]
[--kind {Custom, Default}]
[--source-port-ranges]
[--sources]
Examples
Create security admin rules
az network manager security-admin-config rule-collection rule create --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule" --kind "Custom" --protocol "Tcp" --access "Allow" --priority 32 --direction "Inbound" --destinations address-prefix="*" address-prefix-type="IPPrefix" --dest-port-ranges 22
Required Parameters
Indicates the access allowed for this particular rule.
The name of the network manager security Configuration.
Indicates if the traffic matched against the rule in inbound or outbound.
The name of the network manager.
The priority of the rule.
Network protocol this rule applies to.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the admin rule collection.
The name of the rule.
Optional Parameters
A description for this rule. Restricted to 140 chars.
The destination port ranges.
The destination address prefixes. CIDR or destination IP ranges.
Usage: --destination address-prefix=XX address-prefix-type=XX
address-prefix: Address prefix. address-prefix-type: Address prefix type. Address prefix type is an enum with values IPPrefix or ServiceTag.
Multiple actions can be specified by using more than one --destination argument.
Default rule flag.
Required. Whether the rule is custom or default.Constant filled by server.
The source port ranges.
The CIDR or source IP ranges.
Usage: --sources address-prefix=XX address-prefix-type=XX
address-prefix: Address prefix. address-prefix-type: Address prefix type. Address prefix type is an enum with values IPPrefix or ServiceTag.
Multiple actions can be specified by using more than one --sources argument.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network manager security-admin-config rule-collection rule delete
Delete an admin rule.
az network manager security-admin-config rule-collection rule delete [--config]
[--force {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--rc]
[--resource-group]
[--rule-name]
[--subscription]
[--yes]
Examples
Deletes an admin rule.
az network manager security-admin-config rule-collection rule delete --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule"
Optional Parameters
Name of the network manager security configuration.
Deletes the resource even if it is part of a deployed configuration. If the configuration has been deployed, the service will do a cleanup deployment in the background, prior to the delete.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the network manager.
Do not wait for the long-running operation to finish.
The name of the network manager security Configuration rule collection.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the rule.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network manager security-admin-config rule-collection rule list
List all network manager security configuration admin rules.
az network manager security-admin-config rule-collection rule list --config
--name
--rc
--resource-group
[--max-items]
[--next-token]
[--skip-token]
[--top]
Examples
List security admin rules
az network manager security-admin-config rule-collection rule list --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection"
Required Parameters
Name of the network manager security configuration.
The name of the network manager.
The name of the network manager security Configuration rule collection.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token
argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
SkipToken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skipToken parameter that specifies a starting point to use for subsequent calls.
An optional query parameter which specifies the maximum number of records to be returned by the server.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network manager security-admin-config rule-collection rule show
Get a network manager security configuration admin rule.
az network manager security-admin-config rule-collection rule show [--config]
[--ids]
[--name]
[--rc]
[--resource-group]
[--rule-name]
[--subscription]
Examples
Get security admin rule
az network manager security-admin-config rule-collection rule show --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule"
Optional Parameters
Name of the network manager security configuration.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the network manager.
The name of the network manager security Configuration rule collection.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the rule.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network manager security-admin-config rule-collection rule update
Update a network manager security configuration admin rule in a subscription.
az network manager security-admin-config rule-collection rule update --rule-collection-name
[--access {Allow, AlwaysAllow, Deny}]
[--configuration-name]
[--description]
[--dest-port-ranges]
[--destinations]
[--direction {Inbound, Outbound}]
[--flag]
[--ids]
[--kind {Custom, Default}]
[--name]
[--priority]
[--protocol {Ah, Any, Esp, Icmp, Tcp, Udp}]
[--resource-group]
[--rule-name]
[--source-port-ranges]
[--sources]
[--subscription]
Examples
Update security admin rule
az network manager security-admin-config rule-collection rule update --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule" --access "Deny"
Required Parameters
The name of the admin rule collection.
Optional Parameters
Indicates the access allowed for this particular rule.
The name of the network manager security Configuration.
A description for this rule. Restricted to 140 chars.
The destination port ranges.
The destination address prefixes. CIDR or destination IP ranges.
Usage: --destination address-prefix=XX address-prefix-type=XX
address-prefix: Address prefix. address-prefix-type: Address prefix type.
Multiple actions can be specified by using more than one --destination argument.
Indicates if the traffic matched against the rule in inbound or outbound.
Default rule flag.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Required. Whether the rule is custom or default.Constant filled by server.
The name of the network manager.
The priority of the rule.
Network protocol this rule applies to.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the rule.
The source port ranges.
The CIDR or source IP ranges.
Usage: --sources address-prefix=XX address-prefix-type=XX
address-prefix: Address prefix. address-prefix-type: Address prefix type.
Multiple actions can be specified by using more than one --sources argument.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.