Azure - 无法删除网络安全组
Azure - Cannot delete Network Security Group
我正在尝试 运行 以下命令删除 Azure 中未使用的网络安全组,但该命令一直返回 "BadRequest"??
> PS C:\> Remove-AzureRmNetworkSecurityGroup
> -ResourceGroupName xxxxx-group -Name xxxxxxx-nsg -Force
>
> Remove-AzureRmNetworkSecurityGroup : Operation returned an invalid
> status code 'BadRequest' StatusCode: 400 ReasonPhrase: Bad Request
> OperationID : 'dd6a9c5f-2713-438b-8b4f-a0916db7e78b' At line:1 char:1
> + Remove-AzureRmNetworkSecurityGroup -ResourceGroupName xxxx-test-gr ...
> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : CloseError: (:) [Remove-AzureRmNetworkSecurityGroup], NetworkCloudException
> + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.RemoveAzureNetworkSecurityGroupCommand
您的 NSG 似乎与某些网络接口或子网相关联。我们可以通过 Azure 门户或 PowerShell 检查它。
通过 Azure 门户、Resourcegroup->NSG->overview->Associated with:
通过 PowerShell:
我们可以使用这个命令Get-AzureRmEffectiveNetworkSecurityGroup来列出NSG相关信息:
PS C:\Users> Get-AzureRmNetworkInterface -ResourceGroupName vm | format-table name
Name
----
jasonvm815
PS C:\Users> Get-AzureRmEffectiveNetworkSecurityGroup -NetworkInterfaceName jasonvm815 -ResourceGroupName vm
NetworkSecurityGroup : {
"Id": "/subscriptions/xxxx7abb-xxxx-xxxx-xxxx-0361e29axxx/resourceGroups/vm/providers/Microsoft.Network/networkSecurityGroups/jasonvm-nsg"
}
Association : {
"NetworkInterface": {
"Id": "/subscriptions/xxxx7abb-xxxx-xxxx-xxxx-0361e29axxxx/resourceGroups/vm/providers/Microsoft.Network/networkInterfaces/jasonvm815"
}
}
EffectiveSecurityRules : [
{
"Name": "securityRules/default-allow-ssh",
"Protocol": "Tcp",
"SourcePortRange": "0-65535",
"DestinationPortRange": "22-22",
"SourceAddressPrefix": "0.0.0.0/0",
"DestinationAddressPrefix": "0.0.0.0/0",
"ExpandedSourceAddressPrefix": [],
"ExpandedDestinationAddressPrefix": [],
"Access": "Allow",
使用 PowerShell 将 NSG 与 NIC 分离,我们可以按照以下步骤操作:
$nic = Get-AzureRmNetworkInterface -ResourceGroupName RG-NSG -Name TestNICWeb1
$nic.NetworkSecurityGroup = $null
Set-AzureRmNetworkInterface -NetworkInterface $nic
使用 PowerShell 从子网中分离 NSG,我们可以按照这些步骤操作:
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName RG-NSG -Name TestVNet
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd
$subnet.NetworkSecurityGroup = $null
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
之后,我们可以使用命令Remove-AzureRmNetworkSecurityGroup删除Azure NSG。
更多关于powershell管理NSG的信息,请参考这个link.
我正在尝试 运行 以下命令删除 Azure 中未使用的网络安全组,但该命令一直返回 "BadRequest"??
> PS C:\> Remove-AzureRmNetworkSecurityGroup
> -ResourceGroupName xxxxx-group -Name xxxxxxx-nsg -Force
>
> Remove-AzureRmNetworkSecurityGroup : Operation returned an invalid
> status code 'BadRequest' StatusCode: 400 ReasonPhrase: Bad Request
> OperationID : 'dd6a9c5f-2713-438b-8b4f-a0916db7e78b' At line:1 char:1
> + Remove-AzureRmNetworkSecurityGroup -ResourceGroupName xxxx-test-gr ...
> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : CloseError: (:) [Remove-AzureRmNetworkSecurityGroup], NetworkCloudException
> + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.RemoveAzureNetworkSecurityGroupCommand
您的 NSG 似乎与某些网络接口或子网相关联。我们可以通过 Azure 门户或 PowerShell 检查它。
通过 Azure 门户、Resourcegroup->NSG->overview->Associated with:
通过 PowerShell:
我们可以使用这个命令Get-AzureRmEffectiveNetworkSecurityGroup来列出NSG相关信息:
PS C:\Users> Get-AzureRmNetworkInterface -ResourceGroupName vm | format-table name
Name
----
jasonvm815
PS C:\Users> Get-AzureRmEffectiveNetworkSecurityGroup -NetworkInterfaceName jasonvm815 -ResourceGroupName vm
NetworkSecurityGroup : {
"Id": "/subscriptions/xxxx7abb-xxxx-xxxx-xxxx-0361e29axxx/resourceGroups/vm/providers/Microsoft.Network/networkSecurityGroups/jasonvm-nsg"
}
Association : {
"NetworkInterface": {
"Id": "/subscriptions/xxxx7abb-xxxx-xxxx-xxxx-0361e29axxxx/resourceGroups/vm/providers/Microsoft.Network/networkInterfaces/jasonvm815"
}
}
EffectiveSecurityRules : [
{
"Name": "securityRules/default-allow-ssh",
"Protocol": "Tcp",
"SourcePortRange": "0-65535",
"DestinationPortRange": "22-22",
"SourceAddressPrefix": "0.0.0.0/0",
"DestinationAddressPrefix": "0.0.0.0/0",
"ExpandedSourceAddressPrefix": [],
"ExpandedDestinationAddressPrefix": [],
"Access": "Allow",
使用 PowerShell 将 NSG 与 NIC 分离,我们可以按照以下步骤操作:
$nic = Get-AzureRmNetworkInterface -ResourceGroupName RG-NSG -Name TestNICWeb1
$nic.NetworkSecurityGroup = $null
Set-AzureRmNetworkInterface -NetworkInterface $nic
使用 PowerShell 从子网中分离 NSG,我们可以按照这些步骤操作:
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName RG-NSG -Name TestVNet
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd
$subnet.NetworkSecurityGroup = $null
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
之后,我们可以使用命令Remove-AzureRmNetworkSecurityGroup删除Azure NSG。
更多关于powershell管理NSG的信息,请参考这个link.