I tried below.
--------------------------------
$Asg1 = New-AzureRmApplicationSecurityGroup `
-ResourceGroupName BS_test `
-Name BS-vmtest-dev-asg-1 `
-Location japaneast
$Asg2 = New-AzureRmApplicationSecurityGroup `
-ResourceGroupName BS_test `
-Name BS-vmtest-dev-asg-2 `
-Location japaneast
$webRule = New-AzureRmNetworkSecurityRuleConfig `
-Name "Allow-Web-All" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 100 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationApplicationSecurityGroupId $Asg1.id `
-DestinationPortRange 80,443
$mgmtRule = New-AzureRmNetworkSecurityRuleConfig `
-Name "Allow-RDP-All" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 110 `
-SourceAddressPrefix Internet `
-SourcePortRange * `
-DestinationApplicationSecurityGroupId $Asg2.id `
-DestinationPortRange 3389
$nsg = New-AzureRmNetworkSecurityGroup `
-ResourceGroupName BS_test `
-Location japaneast `
-Name myNsg `
-SecurityRules $webRule,$mgmtRule
--------------------------------
but I got ERROR
--------------------------------
WARNING: The output object type of this cmdlet will be modified in a future release.
New-AzureRmNetworkSecurityGroup : Required security rule parameters are missing for security rule with Id:
/subscriptions/d0175014-3f4d-49ec-921a-8ec4a7a0a680/resourceGroups/BS_test/providers/Microsoft.Network/networkSecurityGroups/myNsg/securityRules/Allow-Web-All. Security
rule must specify DestinationAddressPrefixes, DestinationAddressPrefix, or DestinationApplicationSecurityGroups.
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : '048a98a9-a565-4a34-ad92-cf2f3cddccce'
At line:1 char:8
+ $nsg = New-AzureRmNetworkSecurityGroup `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmNetworkSecurityGroup], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.NewAzureNetworkSecurityGroupCommand
