Microsoft.Network networkSecurityGroups/securityRules 2016-03-30

Remarks

For guidance on creating network security groups, see Create virtual network resources by using Bicep.

Bicep resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkSecurityGroups/securityRules@2016-03-30' = {
  parent: resourceSymbolicName
  etag: 'string'
  name: 'string'
  properties: {
    access: 'string'
    description: 'string'
    destinationAddressPrefix: 'string'
    destinationPortRange: 'string'
    direction: 'string'
    priority: int
    protocol: 'string'
    provisioningState: 'string'
    sourceAddressPrefix: 'string'
    sourcePortRange: 'string'
  }
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkSecurityGroups
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

ARM template resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkSecurityGroups/securityRules",
  "apiVersion": "2016-03-30",
  "name": "string",
  "etag": "string",
  "properties": {
    "access": "string",
    "description": "string",
    "destinationAddressPrefix": "string",
    "destinationPortRange": "string",
    "direction": "string",
    "priority": "int",
    "protocol": "string",
    "provisioningState": "string",
    "sourceAddressPrefix": "string",
    "sourcePortRange": "string"
  }
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
apiVersion The api version '2016-03-30'
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
properties SecurityRulePropertiesFormat
type The resource type 'Microsoft.Network/networkSecurityGroups/securityRules'

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors

Terraform (AzAPI provider) resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkSecurityGroups/securityRules@2016-03-30"
  name = "string"
  etag = "string"
  body = jsonencode({
    properties = {
      access = "string"
      description = "string"
      destinationAddressPrefix = "string"
      destinationPortRange = "string"
      direction = "string"
      priority = int
      protocol = "string"
      provisioningState = "string"
      sourceAddressPrefix = "string"
      sourcePortRange = "string"
    }
  })
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
etag A unique read-only string that changes whenever the resource is updated string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkSecurityGroups
properties SecurityRulePropertiesFormat
type The resource type "Microsoft.Network/networkSecurityGroups/securityRules@2016-03-30"

SecurityRulePropertiesFormat

Name Description Value
access Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' 'Allow'
'Deny' (required)
description Gets or sets a description for this rule. Restricted to 140 chars. string
destinationAddressPrefix Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). '*'
'Tcp'
'Udp' (required)
provisioningState Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed string
sourceAddressPrefix Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string