Backup, restore, create Network Security Groups using CSVs

I had some scripts that I used to export all of the Network Security Groups (NSG) to CSV files. Recently I wanted to be able to use the exports of the NSGs to be able to restore the rule configuration for an NSG during some planned configuration changes. Additionally, this could be used to create any new NSG from a CSV file. CSVs provide a nice way to view and format rules in a way that is familiar when defining firewall ACL rules.

A little while ago Microsoft made some much needed improvements to NSGs, including Application Security Groups, Service Tag enhancements and Augmented Security Rules. Augmented Security Rules was an enhancement to the rule definition that allows for multiple values to be provided for Source Address, Destination Address, Source Port and Destination Port. Previously, you had to define multiple rules to be able to cater to certain traffic flows.

With the improvement of Augmented Security Rules, you can now define more complex rules that contain multiple ranges and ports in a single rule and this greatly reduces the number of rules required within and NSG.

When I revisited one of the old scripts I had that exported NSGs to a CSV file I found that the Augmented Security Rules when exported would just show as System.Collections.Generic.List`1[System.String], and now requires the properties to be expanded.

Export NSG to CSV

The following snippet will export the NSGs to CSV, along with any multi-value properties.


 

Restore / Create NSG from CSV

The following snippet will create the NSG using one of the defined CSV files. Just replace the required fields for the CSV, NSG Name and Resource Group. If you specify the Name / Resource Group of an existing NSG it will allow you to overwrite and restore the NSG.