Last week I came across an issue when defining a CIDR value for "SourceAddressPrefix" in a PowerShell variable. No matter way I was defining the SourceAddressPrefix variable as, it responded with "Invalid address prefix" when trying to create an Azure Network Security Group rule.

Problem

PowerShell New-AzNetworkSecurityGroup responding with "Invalid address prefix" error.

PowerShell Command (Does not work)

Code sample by Cloudaen
// Define Source Address prefix
$sourceAddressPrefix = @("10.10.10.1/29")

// Define rule
$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix $sourceAddressPrefix -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

// Define Network Security Group to deploy new rule to
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName "cloudaen-test" -Location "eastus" -Name "nsg" -SecurityRules $rule1

I was even trying to define $sourceAddressPrefix as:

Code sample by Cloudaen
$sourceAddressPrefix = "10.10.10.1/29"
$sourceAddressPrefix = @("10.10.10.1/29")
[String[]]$sourceAddressPrefix = "10.10.10.1/29"

Solution

It was as simple as having proper CIDR notation. If you notice, 10.10.10.1/29 is not proper notation, and it was as simple as replacing it with 10.10.10.0/29

PowerShell Command (Working commands)

Code sample by Cloudaen
// Define Source Address prefix
$sourceAddressPrefix = @("10.10.10.0/29")

// Define rule
$rule1 = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix $sourceAddressPrefix -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

// Define Network Security Group to deploy new rule to
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName "cloudaen-test" -Location "eastus" -Name "nsg" -SecurityRules $rule1

Summary

Sometimes PowerShell does not respond with a detailed message and you tend to overthink the problem. In this case, it was a simple CIDR notation causing the issue with a command.

Related Documentation

PowerShell: New-AzNetworkSecurityRuleConfig

PowerShell: New-AzNetworkSecurityGroup