functions/azure/loadbalancer/Add-LBInboundNatRule.ps1
|
function Add-LBInboundNatRule { <# .SYNOPSIS Adds an inbound NAT rule to an Azure Load Balancer and assigns it to a virtual machine's network interface. .DESCRIPTION This function creates a new inbound NAT rule on a specified Azure Load Balancer and attaches it to the specified IP configuration of a VM’s network interface. If the rule already exists, it will not be recreated but can still be assigned if not already associated with the NIC. .PARAMETER ResourceGroup The resource group containing the Load Balancer. .PARAMETER LoadBalancerName The name of the Load Balancer to which the NAT rule will be added. .PARAMETER NatRuleName The name of the NAT rule to create and assign. .PARAMETER FrontendIPConfigName The name of the frontend IP configuration of the Load Balancer to associate with the NAT rule. .PARAMETER VMResourceGroup The resource group containing the virtual machine. .PARAMETER VMName The name of the virtual machine whose NIC will be updated. .PARAMETER NicIpConfigName The name of the IP configuration on the NIC to which the NAT rule will be assigned. .PARAMETER FrontendPort The public frontend port for the NAT rule. .PARAMETER BackendPort The internal backend port on the VM for the NAT rule. .PARAMETER Protocol The transport protocol to use (Tcp or Udp). .PARAMETER IdleTimeoutInMinutes The idle timeout duration in minutes. Defaults to 4. .EXAMPLE Add-LBInboundNatRule -ResourceGroup "net-rg" -LoadBalancerName "prod-lb" -NatRuleName "RDP" ` -FrontendIPConfigName "lb-front-1" -VMResourceGroup "vm-rg" -VMName "vm1" ` -NicIpConfigName "ipconfig1" -FrontendPort 50000 -BackendPort 3389 -Protocol Tcp Adds an RDP NAT rule and assigns it to the VM. .OUTPUTS None .NOTES Author: Jascha Vincke Date: 2025-06-14 #> [CmdletBinding()] param( [Parameter(Mandatory)] [string]$ResourceGroup, [Parameter(Mandatory)] [string]$LoadBalancerName, [Parameter(Mandatory)] [string]$NatRuleName, [Parameter(Mandatory)] [string]$FrontendIPConfigName, [Parameter(Mandatory)] [string]$VMResourceGroup, [Parameter(Mandatory)] [string]$VMName, [Parameter(Mandatory)] [string]$NicIpConfigName, [Parameter(Mandatory)] [int]$FrontendPort, [Parameter(Mandatory)] [int]$BackendPort, [Parameter(Mandatory)] [ValidateSet("Tcp", "Udp")] [string]$Protocol, [int]$IdleTimeoutInMinutes = 4 ) $lb = Get-AzLoadBalancer -ResourceGroupName $ResourceGroup -Name $LoadBalancerName $frontendIPConfig = $lb.FrontendIpConfigurations | Where-Object { $_.Name -eq $FrontendIPConfigName } $existingRule = $lb.InboundNatRules | Where-Object { $_.Name -eq $NatRuleName } if ($existingRule) { Write-Information "NAT rule '$NatRuleName' already exists on the load balancer." -InformationAction Continue } else { $inboundNatRule = New-AzLoadBalancerInboundNatRuleConfig -Name $NatRuleName ` -FrontendIpConfiguration $frontendIPConfig ` -Protocol $Protocol ` -FrontendPort $FrontendPort ` -BackendPort $BackendPort ` -IdleTimeoutInMinutes $IdleTimeoutInMinutes $lb.InboundNatRules.Add($inboundNatRule) Set-AzLoadBalancer -LoadBalancer $lb Write-Information "NAT rule '$NatRuleName' added to the load balancer." -InformationAction Continue } $vm = Get-AzVM -ResourceGroupName $VMResourceGroup -Name $VMName $nicId = $vm.NetworkProfile.NetworkInterfaces[0].Id $nicName = ($nicId -split '/')[8] $nicRG = ($nicId -split '/')[4] $nic = Get-AzNetworkInterface -ResourceGroupName $nicRG -Name $nicName $ipConfig = $nic.IpConfigurations | Where-Object { $_.Name -eq $NicIpConfigName } if ($ipConfig.LoadBalancerInboundNatRules.Name -contains $NatRuleName) { Write-Information "NAT rule '$NatRuleName' is already assigned to the NIC IP configuration." -InformationAction Continue } else { $natRuleRef = $lb.InboundNatRules | Where-Object { $_.Name -eq $NatRuleName } $ipConfig.LoadBalancerInboundNatRules.Add($natRuleRef) Set-AzNetworkInterface -NetworkInterface $nic Write-Information "NAT rule '$NatRuleName' assigned to NIC IP configuration." -InformationAction Continue } } |