Compartilhar via


Microsoft.Network networkSecurityGroups/securityRules 2016-12-01

Remarks

For guidance on creating network security groups, see Create virtual network resources by using Bicep.

Bicep resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkSecurityGroups/securityRules@2016-12-01' = {
  etag: 'string'
  name: 'string'
  properties: {
    access: 'string'
    description: 'string'
    destinationAddressPrefix: 'string'
    destinationPortRange: 'string'
    direction: 'string'
    priority: int
    protocol: 'string'
    provisioningState: 'string'
    sourceAddressPrefix: 'string'
    sourcePortRange: 'string'
  }
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkSecurityGroups
properties SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

ARM template resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkSecurityGroups/securityRules",
  "apiVersion": "2016-12-01",
  "name": "string",
  "etag": "string",
  "properties": {
    "access": "string",
    "description": "string",
    "destinationAddressPrefix": "string",
    "destinationPortRange": "string",
    "direction": "string",
    "priority": "int",
    "protocol": "string",
    "provisioningState": "string",
    "sourceAddressPrefix": "string",
    "sourcePortRange": "string"
  }
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
apiVersion The api version '2016-12-01'
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
properties SecurityRulePropertiesFormat
type The resource type 'Microsoft.Network/networkSecurityGroups/securityRules'

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors

Terraform (AzAPI provider) resource definition

The networkSecurityGroups/securityRules resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkSecurityGroups/securityRules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkSecurityGroups/securityRules@2016-12-01"
  name = "string"
  etag = "string"
  body = jsonencode({
    properties = {
      access = "string"
      description = "string"
      destinationAddressPrefix = "string"
      destinationPortRange = "string"
      direction = "string"
      priority = int
      protocol = "string"
      provisioningState = "string"
      sourceAddressPrefix = "string"
      sourcePortRange = "string"
    }
  })
}

Property values

Microsoft.Network/networkSecurityGroups/securityRules

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkSecurityGroups
properties SecurityRulePropertiesFormat
type The resource type "Microsoft.Network/networkSecurityGroups/securityRules@2016-12-01"

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string (required)
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. '*'
'Tcp'
'Udp' (required)
provisioningState The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. string
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string (required)
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string