Problem adding /32 network in Azure Analysis Services firewall

Welcome Forums General PowerShell Q&A Problem adding /32 network in Azure Analysis Services firewall

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
2 months, 3 weeks ago.

  • Author
    Posts
  • #163398

    Participant
    Topics: 2
    Replies: 4
    Points: 16
    Rank: Member

    Hi,

    I have a problem when I try to add a new firewall rule when is a /32 network in the Azure Analysis Services. If I run the process to add the new firewall rule it works but if I use a foreach to add all the network list of Azure West Europe it doesn't work and stop when I try to add a /32 network (like "94.245.114.1/32").

    Script:

    
    #Get-IPV4NetworkStartIP:
    
    Function Get-IPV4NetworkStartIP ($strNetwork)
    {
    $StrNetworkAddress = ($strNetwork.split("/"))[0]
    $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
    [Array]::Reverse($NetworkIP)
    $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join ".")).Address
    $StartIP = $NetworkIP +1
    #Convert To Double
    If (($StartIP.Gettype()).Name -ine "double")
    {
    $StartIP = [Convert]::ToDouble($StartIP)
    }
    $StartIP = [System.Net.IPAddress]$StartIP
    Return $StartIP
    }
    
    #Get-IPV4NetworkEndIP:
    
    Function Get-IPV4NetworkEndIP ($strNetwork)
    {
    $StrNetworkAddress = ($strNetwork.split("/"))[0]
    [int]$NetworkLength = ($strNetwork.split("/"))[1]
    $IPLength = 32-$NetworkLength
    $NumberOfIPs = ([System.Math]::Pow(2, $IPLength)) -1
    $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
    [Array]::Reverse($NetworkIP)
    $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join ".")).Address
    $EndIP = $NetworkIP + $NumberOfIPs
    If (($EndIP.Gettype()).Name -ine "double")
    {
    $EndIP = [Convert]::ToDouble($EndIP)
    }
    $EndIP = [System.Net.IPAddress]$EndIP
    Return $EndIP
    }
    
    $allIPs = (Get-MicrosoftAzureDatacenterIPRange -AzureRegion "north Europe").Subnet
    
    $i = 100
    $FirewallRuleList = foreach ($IP in $allIPs) {
    $aasFirewallRuleName = "Rule$(([string]$i++).PadLeft(2,'0'))" # "Rule100,Rule101,...."
    $Start = Get-IPV4NetworkStartIP $IP
    $End = Get-IPV4NetworkEndIP $IP
    
    Write-Host "Adding IP Range to Firewall > $IP... > $aasFirewallRuleName"
    New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $start.IPAddressToString -RangeEnd $End.IPAddressToString
    }
    
    $FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList
    
    Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
    

    The script that I use to do the process work but stops when it try to add an /32 network. The error is:

    Set-AzureRmAnalysisServicesServer : The IP range System.Byte[]-System.Byte[] is invalid because the range start is greater than range end.
    At line:11 char:1
    + Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $ ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : CloseError: (:) [Set-AzAnalysisServicesServer], CloudException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.AnalysisServices.SetAzureAnalysisServicesServer
    

    If I try to add it manually it works!

    $aasName = "AnalysisServicesServiceName"
    $aasRg = "AnalysisServicesResourceGroup"
    
    IPRange = "94.245.114.1/32"
    
    $aasFirewallRuleName = "Rule1"
    $Start = "94.245.114.1"
    $End = "94.245.114.1"
    
    $FirewallRuleList = New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $Start -RangeEnd $End
    
    $FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList
    
    Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
    

    Can you help me about this problem?

    Thanks!

     

  • #163446

    Participant
    Topics: 9
    Replies: 423
    Points: 676
    Helping Hand
    Rank: Major Contributor

    Your Get-IPV4NetworkStartIP function is returning the wrong result:

    Get-IPV4NetworkStartIP '94.245.114.1/32'
    
    Address            : 41088350
    AddressFamily      : InterNetwork
    ScopeId            : 
    IsIPv6Multicast    : False
    IsIPv6LinkLocal    : False
    IsIPv6SiteLocal    : False
    IsIPv6Teredo       : False
    IsIPv4MappedToIPv6 : False
    IPAddressToString  : 94.245.114.2
    

    You need to review and fix that

    • #163455

      Participant
      Topics: 2
      Replies: 4
      Points: 16
      Rank: Member

      Yes, Sam Boutros you have reason! My mistake! I need to verify if the network is a /32 and in that case I can't increment +1! I will try to do that and if I have a solution I put it here... I'm new in powershell.

      Thanks to help! You are master! 😉

You must be logged in to reply to this topic.