Problem adding /32 network in Azure Analysis Services firewall

Welcome Forums General PowerShell Q&A Problem adding /32 network in Azure Analysis Services firewall

  • This topic has 2 replies, 2 voices, and was last updated 1 year ago by
    Participant
    .
Viewing 1 reply thread
  • Author
    Posts
    • #163398
      Participant
      Topics: 2
      Replies: 4
      Points: 16
      Rank: Member

      Hi,

      I have a problem when I try to add a new firewall rule when is a /32 network in the Azure Analysis Services. If I run the process to add the new firewall rule it works but if I use a foreach to add all the network list of Azure West Europe it doesn’t work and stop when I try to add a /32 network (like “94.245.114.1/32”).

      Script:

      #Get-IPV4NetworkStartIP:
      
      Function Get-IPV4NetworkStartIP ($strNetwork)
      {
      $StrNetworkAddress = ($strNetwork.split(“/”))[0]
      $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
      [Array]::Reverse($NetworkIP)
      $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join “.”)).Address
      $StartIP = $NetworkIP +1
      #Convert To Double
      If (($StartIP.Gettype()).Name -ine “double”)
      {
      $StartIP = [Convert]::ToDouble($StartIP)
      }
      $StartIP = [System.Net.IPAddress]$StartIP
      Return $StartIP
      }
      
      #Get-IPV4NetworkEndIP:
      
      Function Get-IPV4NetworkEndIP ($strNetwork)
      {
      $StrNetworkAddress = ($strNetwork.split(“/”))[0]
      [int]$NetworkLength = ($strNetwork.split(“/”))[1]
      $IPLength = 32-$NetworkLength
      $NumberOfIPs = ([System.Math]::Pow(2, $IPLength)) -1
      $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
      [Array]::Reverse($NetworkIP)
      $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join “.”)).Address
      $EndIP = $NetworkIP + $NumberOfIPs
      If (($EndIP.Gettype()).Name -ine “double”)
      {
      $EndIP = [Convert]::ToDouble($EndIP)
      }
      $EndIP = [System.Net.IPAddress]$EndIP
      Return $EndIP
      }
      
      $allIPs = (Get-MicrosoftAzureDatacenterIPRange -AzureRegion “north Europe”).Subnet
      
      $i = 100
      $FirewallRuleList = foreach ($IP in $allIPs) {
      $aasFirewallRuleName = “Rule$(([string]$i++).PadLeft(2,’0′))” # “Rule100,Rule101,….”
      $Start = Get-IPV4NetworkStartIP $IP
      $End = Get-IPV4NetworkEndIP $IP
      
      Write-Host “Adding IP Range to Firewall > $IP… > $aasFirewallRuleName”
      New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $start.IPAddressToString -RangeEnd $End.IPAddressToString
      }
      
      $FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList
      
      Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
      

      The script that I use to do the process work but stops when it try to add an /32 network. The error is:

      Set-AzureRmAnalysisServicesServer : The IP range System.Byte[]-System.Byte[] is invalid because the range start is greater than range end.
      At line:11 char:1
      + Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $ …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : CloseError: (:) [Set-AzAnalysisServicesServer], CloudException
      + FullyQualifiedErrorId : Microsoft.Azure.Commands.AnalysisServices.SetAzureAnalysisServicesServer
      

      If I try to add it manually it works!

      $aasName = “AnalysisServicesServiceName”
      $aasRg = “AnalysisServicesResourceGroup”
      
      IPRange = “94.245.114.1/32”
      
      $aasFirewallRuleName = “Rule1”
      $Start = “94.245.114.1”
      $End = “94.245.114.1”
      
      $FirewallRuleList = New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $Start -RangeEnd $End
      
      $FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList
      
      Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
      

      Can you help me about this problem?

      Thanks!

       

    • #163446
      Participant
      Topics: 12
      Replies: 525
      Points: 1,233
      Helping Hand
      Rank: Community Hero

      Your Get-IPV4NetworkStartIP function is returning the wrong result:

      Get-IPV4NetworkStartIP '94.245.114.1/32'
      
      Address            : 41088350
      AddressFamily      : InterNetwork
      ScopeId            : 
      IsIPv6Multicast    : False
      IsIPv6LinkLocal    : False
      IsIPv6SiteLocal    : False
      IsIPv6Teredo       : False
      IsIPv4MappedToIPv6 : False
      IPAddressToString  : 94.245.114.2
      

      You need to review and fix that

      • #163455
        Participant
        Topics: 2
        Replies: 4
        Points: 16
        Rank: Member

        Yes, Sam Boutros you have reason! My mistake! I need to verify if the network is a /32 and in that case I can’t increment +1! I will try to do that and if I have a solution I put it here… I’m new in powershell.

        Thanks to help! You are master! 😉

Viewing 1 reply thread
  • The topic ‘Problem adding /32 network in Azure Analysis Services firewall’ is closed to new replies.