Network Interfaces - List Effective Network Security Groups
Gets all network security groups applied to a network interface.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkInterfaces/{networkInterfaceName}/effectiveNetworkSecurityGroups?api-version=2024-03-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
network
|
path | True |
string |
The name of the network interface. |
resource
|
path | True |
string |
The name of the resource group. |
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client API version. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Request successful. The operation returns a list of NetworkSecurityGroup resources. |
|
202 Accepted |
Accepted and the operation will complete asynchronously. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
List network interface effective network security groups
Sample request
Sample response
{
"value": [
{
"networkSecurityGroup": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/test-nsg"
},
"association": {
"networkManager": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/nm1"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/rg1-vnet/subnets/default"
},
"networkInterface": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkInterfaces/nic1"
}
},
"effectiveSecurityRules": [
{
"name": "securityRules/rule1",
"protocol": "Tcp",
"sourcePortRange": "456-456",
"destinationPortRange": "6579-6579",
"sourceAddressPrefix": "0.0.0.0/32",
"destinationAddressPrefix": "0.0.0.0/32",
"access": "Allow",
"priority": 234,
"direction": "Inbound"
},
{
"name": "securityRules/default-allow-rdp",
"protocol": "Tcp",
"sourcePortRange": "0-65535",
"destinationPortRange": "3389-3389",
"sourceAddressPrefix": "1.1.1.1/32",
"destinationAddressPrefix": "0.0.0.0/0",
"access": "Allow",
"priority": 1000,
"direction": "Inbound"
},
{
"name": "defaultSecurityRules/AllowInternetOutBound",
"protocol": "All",
"sourcePortRange": "0-65535",
"destinationPortRange": "0-65535",
"sourceAddressPrefix": "0.0.0.0/0",
"destinationAddressPrefix": "Internet",
"expandedDestinationAddressPrefix": [
"32.0.0.0/3",
"4.0.0.0/6",
"2.0.0.0/7",
"1.0.0.0/8"
],
"access": "Allow",
"priority": 65001,
"direction": "Outbound"
}
]
}
]
}
Location: https://management.azure.com//subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityGroups/test-nsg/operationResults/00000000-0000-0000-0000-000000000000?api-version=2024-03-01
Definitions
Name | Description |
---|---|
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
Effective |
Effective network security group. |
Effective |
The effective network security group association. |
Effective |
Response for list effective network security groups API service call. |
Effective |
Effective network security rules. |
Effective |
The network protocol this rule applies to. |
Security |
Whether network traffic is allowed or denied. |
Security |
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. |
Sub |
Reference to another subresource. |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
Cloud error body. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
details |
A list of additional details about the error. |
|
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
target |
string |
The target of the particular error. For example, the name of the property in error. |
EffectiveNetworkSecurityGroup
Effective network security group.
Name | Type | Description |
---|---|---|
association |
Associated resources. |
|
effectiveSecurityRules |
A collection of effective security rules. |
|
networkSecurityGroup |
The ID of network security group that is applied. |
|
tagMap |
object |
Mapping of tags to list of IP Addresses included within the tag. |
EffectiveNetworkSecurityGroupAssociation
The effective network security group association.
Name | Type | Description |
---|---|---|
networkInterface |
The ID of the network interface if assigned. |
|
networkManager |
The ID of the Azure network manager if assigned. |
|
subnet |
The ID of the subnet if assigned. |
EffectiveNetworkSecurityGroupListResult
Response for list effective network security groups API service call.
Name | Type | Description |
---|---|---|
nextLink |
string |
The URL to get the next set of results. |
value |
A list of effective network security groups. |
EffectiveNetworkSecurityRule
Effective network security rules.
Name | Type | Description |
---|---|---|
access |
Whether network traffic is allowed or denied. |
|
destinationAddressPrefix |
string |
The destination address prefix. |
destinationAddressPrefixes |
string[] |
The destination address prefixes. Expected values include CIDR IP ranges, Default Tags (VirtualNetwork, AzureLoadBalancer, Internet), System Tags, and the asterisk (*). |
destinationPortRange |
string |
The destination port or range. |
destinationPortRanges |
string[] |
The destination port ranges. Expected values include a single integer between 0 and 65535, a range using '-' as separator (e.g. 100-400), or an asterisk (*). |
direction |
The direction of the rule. |
|
expandedDestinationAddressPrefix |
string[] |
Expanded destination address prefix. |
expandedSourceAddressPrefix |
string[] |
The expanded source address prefix. |
name |
string |
The name of the security rule specified by the user (if created by the user). |
priority |
integer |
The priority of the rule. |
protocol |
The network protocol this rule applies to. |
|
sourceAddressPrefix |
string |
The source address prefix. |
sourceAddressPrefixes |
string[] |
The source address prefixes. Expected values include CIDR IP ranges, Default Tags (VirtualNetwork, AzureLoadBalancer, Internet), System Tags, and the asterisk (*). |
sourcePortRange |
string |
The source port or range. |
sourcePortRanges |
string[] |
The source port ranges. Expected values include a single integer between 0 and 65535, a range using '-' as separator (e.g. 100-400), or an asterisk (*). |
EffectiveSecurityRuleProtocol
The network protocol this rule applies to.
Name | Type | Description |
---|---|---|
All |
string |
|
Tcp |
string |
|
Udp |
string |
SecurityRuleAccess
Whether network traffic is allowed or denied.
Name | Type | Description |
---|---|---|
Allow |
string |
|
Deny |
string |
SecurityRuleDirection
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
Name | Type | Description |
---|---|---|
Inbound |
string |
|
Outbound |
string |
SubResource
Reference to another subresource.
Name | Type | Description |
---|---|---|
id |
string |
Resource ID. |