Share via


az network manager security-admin-config rule-collection rule

Note

This reference is part of the virtual-network-manager extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network manager security-admin-config rule-collection rule command. Learn more about extensions.

Manage admin rule with network.

Commands

Name Description Type Status
az network manager security-admin-config rule-collection rule create

Create a network manager security configuration admin rule.

Extension GA
az network manager security-admin-config rule-collection rule delete

Delete an admin rule.

Extension GA
az network manager security-admin-config rule-collection rule list

List all network manager security configuration admin rules.

Extension GA
az network manager security-admin-config rule-collection rule show

Get a network manager security configuration admin rule.

Extension GA
az network manager security-admin-config rule-collection rule update

Update a network manager security configuration admin rule in a subscription.

Extension GA

az network manager security-admin-config rule-collection rule create

Create a network manager security configuration admin rule.

az network manager security-admin-config rule-collection rule create --access {Allow, AlwaysAllow, Deny}
                                                                     --configuration-name
                                                                     --direction {Inbound, Outbound}
                                                                     --name
                                                                     --priority
                                                                     --protocol {Ah, Any, Esp, Icmp, Tcp, Udp}
                                                                     --resource-group
                                                                     --rule-collection-name
                                                                     --rule-name
                                                                     [--description]
                                                                     [--dest-port-ranges]
                                                                     [--destinations]
                                                                     [--flag]
                                                                     [--kind {Custom, Default}]
                                                                     [--source-port-ranges]
                                                                     [--sources]

Examples

Create security admin rules

az network manager security-admin-config rule-collection rule create --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule" --kind "Custom" --protocol "Tcp" --access "Allow" --priority 32 --direction "Inbound" --destinations address-prefix="*" address-prefix-type="IPPrefix"  --dest-port-ranges 22

Required Parameters

--access

Indicates the access allowed for this particular rule.

Accepted values: Allow, AlwaysAllow, Deny
--configuration-name

The name of the network manager security Configuration.

--direction

Indicates if the traffic matched against the rule in inbound or outbound.

Accepted values: Inbound, Outbound
--name --network-manager-name -n

The name of the network manager.

--priority

The priority of the rule.

--protocol

Network protocol this rule applies to.

Accepted values: Ah, Any, Esp, Icmp, Tcp, Udp
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-collection-name

The name of the admin rule collection.

--rule-name

The name of the rule.

Optional Parameters

--description

A description for this rule. Restricted to 140 chars.

--dest-port-ranges

The destination port ranges.

--destinations

The destination address prefixes. CIDR or destination IP ranges.

Usage: --destination address-prefix=XX address-prefix-type=XX

address-prefix: Address prefix. address-prefix-type: Address prefix type. Address prefix type is an enum with values IPPrefix or ServiceTag.

Multiple actions can be specified by using more than one --destination argument.

--flag

Default rule flag.

--kind

Required. Whether the rule is custom or default.Constant filled by server.

Accepted values: Custom, Default
Default value: Custom
--source-port-ranges

The source port ranges.

--sources

The CIDR or source IP ranges.

Usage: --sources address-prefix=XX address-prefix-type=XX

address-prefix: Address prefix. address-prefix-type: Address prefix type. Address prefix type is an enum with values IPPrefix or ServiceTag.

Multiple actions can be specified by using more than one --sources argument.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network manager security-admin-config rule-collection rule delete

Delete an admin rule.

az network manager security-admin-config rule-collection rule delete [--config]
                                                                     [--force {0, 1, f, false, n, no, t, true, y, yes}]
                                                                     [--ids]
                                                                     [--name]
                                                                     [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                                     [--rc]
                                                                     [--resource-group]
                                                                     [--rule-name]
                                                                     [--subscription]
                                                                     [--yes]

Examples

Deletes an admin rule.

az network manager security-admin-config rule-collection rule delete --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule"

Optional Parameters

--config --config-name --configuration-name

Name of the network manager security configuration.

--force

Deletes the resource even if it is part of a deployed configuration. If the configuration has been deployed, the service will do a cleanup deployment in the background, prior to the delete.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --network-manager-name -n

The name of the network manager.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--rc --rule-collection-name

The name of the network manager security Configuration rule collection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the rule.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network manager security-admin-config rule-collection rule list

List all network manager security configuration admin rules.

az network manager security-admin-config rule-collection rule list --config
                                                                   --name
                                                                   --rc
                                                                   --resource-group
                                                                   [--max-items]
                                                                   [--next-token]
                                                                   [--skip-token]
                                                                   [--top]

Examples

List security admin rules

az network manager security-admin-config rule-collection rule list --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection"

Required Parameters

--config --config-name --configuration-name

Name of the network manager security configuration.

--name --network-manager-name -n

The name of the network manager.

--rc --rule-collection-name

The name of the network manager security Configuration rule collection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--skip-token

SkipToken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skipToken parameter that specifies a starting point to use for subsequent calls.

--top

An optional query parameter which specifies the maximum number of records to be returned by the server.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network manager security-admin-config rule-collection rule show

Get a network manager security configuration admin rule.

az network manager security-admin-config rule-collection rule show [--config]
                                                                   [--ids]
                                                                   [--name]
                                                                   [--rc]
                                                                   [--resource-group]
                                                                   [--rule-name]
                                                                   [--subscription]

Examples

Get security admin rule

az network manager security-admin-config rule-collection rule show --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule"

Optional Parameters

--config --config-name --configuration-name

Name of the network manager security configuration.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --network-manager-name -n

The name of the network manager.

--rc --rule-collection-name

The name of the network manager security Configuration rule collection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the rule.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network manager security-admin-config rule-collection rule update

Update a network manager security configuration admin rule in a subscription.

az network manager security-admin-config rule-collection rule update --rule-collection-name
                                                                     [--access {Allow, AlwaysAllow, Deny}]
                                                                     [--configuration-name]
                                                                     [--description]
                                                                     [--dest-port-ranges]
                                                                     [--destinations]
                                                                     [--direction {Inbound, Outbound}]
                                                                     [--flag]
                                                                     [--ids]
                                                                     [--kind {Custom, Default}]
                                                                     [--name]
                                                                     [--priority]
                                                                     [--protocol {Ah, Any, Esp, Icmp, Tcp, Udp}]
                                                                     [--resource-group]
                                                                     [--rule-name]
                                                                     [--source-port-ranges]
                                                                     [--sources]
                                                                     [--subscription]

Examples

Update security admin rule

az network manager security-admin-config rule-collection rule update --configuration-name "myTestSecurityConfig" --network-manager-name "testNetworkManager" --resource-group "rg1" --rule-collection-name "myTestCollection" --rule-name "SampleAdminRule" --access "Deny"

Required Parameters

--rule-collection-name

The name of the admin rule collection.

Optional Parameters

--access

Indicates the access allowed for this particular rule.

Accepted values: Allow, AlwaysAllow, Deny
--configuration-name

The name of the network manager security Configuration.

--description

A description for this rule. Restricted to 140 chars.

--dest-port-ranges

The destination port ranges.

--destinations

The destination address prefixes. CIDR or destination IP ranges.

Usage: --destination address-prefix=XX address-prefix-type=XX

address-prefix: Address prefix. address-prefix-type: Address prefix type.

Multiple actions can be specified by using more than one --destination argument.

--direction

Indicates if the traffic matched against the rule in inbound or outbound.

Accepted values: Inbound, Outbound
--flag

Default rule flag.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kind

Required. Whether the rule is custom or default.Constant filled by server.

Accepted values: Custom, Default
--name --network-manager-name -n

The name of the network manager.

--priority

The priority of the rule.

--protocol

Network protocol this rule applies to.

Accepted values: Ah, Any, Esp, Icmp, Tcp, Udp
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the rule.

--source-port-ranges

The source port ranges.

--sources

The CIDR or source IP ranges.

Usage: --sources address-prefix=XX address-prefix-type=XX

address-prefix: Address prefix. address-prefix-type: Address prefix type.

Multiple actions can be specified by using more than one --sources argument.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.