New-AzureNetworkSecurityGroup -Name "vnet-dmztest-securitygroup" -Location "West Europe" -Label "Security Group (EU West)"
Get-AzureNetworkSecurityGroup -Name "vnet-dmztest-securitygroup" | `
Set-AzureNetworkSecurityRule `
-Name WEB `
-Type Inbound `
-Priority 100 `
-Action Allow `
-SourceAddressPrefix 'INTERNET' `
-SourcePortRange '*' `
-DestinationAddressPrefix '*' `
-DestinationPortRange '80' `
-Protocol TCP
#Associate a NSG to a subnet
Get-AzureNetworkSecurityGroup -Name "vnet-dmztest-securitygroup" | Set-AzureNetworkSecurityGroupToSubnet -VirtualNetworkName 'VNetUSWest' -SubnetName 'FrontEndSubnet'
$g = Get-AzureNetworkSecurityGroup -Name "vnet-dmztest-securitygroup" -Detailed
$g.Rules | select Name, Priority, State, Action, Protocol, SourceAddressPrefix, SourcePortRange, DestinationAddressPrefix, DestinationPortRange<NetworkConfiguration xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
<VirtualNetworkConfiguration>
<Dns />
<VirtualNetworkSites>
<VirtualNetworkSite name="vnet-dmztest" Location="West Europe">
<AddressSpace>
<AddressPrefix>10.0.0.0/8</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="subnet-dmz">
<AddressPrefix>10.0.0.0/24</AddressPrefix>
</Subnet>
<Subnet name="subnet-middleware">
<AddressPrefix>10.0.1.0/24</AddressPrefix>
</Subnet>
<Subnet name="subnet-backend">
<AddressPrefix>10.0.2.0/24</AddressPrefix>
</Subnet>
</Subnets>
</VirtualNetworkSite>
</VirtualNetworkSites>
</VirtualNetworkConfiguration>
</NetworkConfiguration>