How can we improve Azure Networking?

Allow specification of multiple ports in a single NSG rule

Allow a comma separated list of port numbers to allow a single rule to provide (for example) access to a domain controller (which would normally require the following ports opened: 53, 88, 135, 139, 389, 445, 464, 636, 1025, 3268-3269, 5722, 9389, 49152-65535).
This seems to be basic functionality for firewall applications, but the absence of this ability within NSG rules means that the 200 soft limit (400 hard limit) is reached extremely quickly in a corporate environment.

110 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Antony Gibbs shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

19 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Emiel commented  ·   ·  Flag as inappropriate

    Try: Range = "80","443"

    Otherwise it looks like a single string. It tries to parse the "," in an integer field.

  • Jaap MP commented  ·   ·  Flag as inappropriate

    Any example of using split in this case?
    i tried;

    $tempDestinationPortRange = "443;3389"

    Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg -Name $SecurityRuleName -Description "test1" -Access Allow -Protocol Tcp -Direction Inbound -Priority $i -SourceAddressPrefix $SourceAddressPrefix -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange $tempDestinationPortRange.split(";")
    If receive an error

    Add-AzureRmNetworkSecurityRuleConfig : Cannot convert 'System.String[]' to the type 'System.String' required by parameter 'DestinationPortRange'. Specified method is not supported.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Is there a possibility to give multiple Ip's in -sourceaddressprefix paramater through powershell, as it throws error

  • Jordi commented  ·   ·  Flag as inappropriate

    Hi,

    just use string (array's)
    $tempDestinationPortRange = "53;88;135;139;389;445;464;636;1025;3268-3269;5722;9389;49152-65535"
    $tempDestinationPortRange .split(";")
    this way it will be accepted by the AzureRM powershell

  • Achraf commented  ·   ·  Flag as inappropriate

    Hello,
    This is possible with the Portal but not through Powershell :

    New-AzureRmNetworkSecurityGroup : Security rule has invalid Port range. Value provided: 80,443. Value should be an integer OR integer range with '-' delimiter. Valid range
    0-65535.

    Please is there any fix ?

  • Stein Salfischberger commented  ·   ·  Flag as inappropriate

    Last week I've added multiple ports in a single NSG Rule through the portal (comma seperated). Now I'm unable to repeat that action. The rule I added last week is still in the portal and working though?!
    Strange....

  • Tarek commented  ·   ·  Flag as inappropriate

    This seems to work when done using the portal, but not using the API. Could you please confirm if this is correct?

  • Anonymous commented  ·   ·  Flag as inappropriate

    @Aamir Mehmood what format do they need to be in? I've tried separating ports with commas, spaces, semicolons... nothing seems to work?

Feedback and Knowledge Base