Problem adding /32 network in Azure Analysis Services firewall

Hi,

I have a problem when I try to add a new firewall rule when is a /32 network in the Azure Analysis Services. If I run the process to add the new firewall rule it works but if I use a foreach to add all the network list of Azure West Europe it doesn’t work and stop when I try to add a /32 network (like “94.245.114.1/32”).

Script:
[pre]

#Get-IPV4NetworkStartIP:

Function Get-IPV4NetworkStartIP ($strNetwork)
{
$StrNetworkAddress = ($strNetwork.split(“/”))[0]
$NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
[Array]::Reverse($NetworkIP)
$NetworkIP = ([System.Net.IPAddress]($NetworkIP -join “.”)).Address
$StartIP = $NetworkIP +1
#Convert To Double
If (($StartIP.Gettype()).Name -ine “double”)
{
$StartIP = [Convert]::ToDouble($StartIP)
}
$StartIP = [System.Net.IPAddress]$StartIP
Return $StartIP
}

#Get-IPV4NetworkEndIP:

Function Get-IPV4NetworkEndIP ($strNetwork)
{
$StrNetworkAddress = ($strNetwork.split(“/”))[0]
[int]$NetworkLength = ($strNetwork.split(“/”))[1]
$IPLength = 32-$NetworkLength
$NumberOfIPs = ([System.Math]::Pow(2, $IPLength)) -1
$NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes()
[Array]::Reverse($NetworkIP)
$NetworkIP = ([System.Net.IPAddress]($NetworkIP -join “.”)).Address
$EndIP = $NetworkIP + $NumberOfIPs
If (($EndIP.Gettype()).Name -ine “double”)
{
$EndIP = [Convert]::ToDouble($EndIP)
}
$EndIP = [System.Net.IPAddress]$EndIP
Return $EndIP
}

$allIPs = (Get-MicrosoftAzureDatacenterIPRange -AzureRegion “north Europe”).Subnet

$i = 100
$FirewallRuleList = foreach ($IP in $allIPs) {
$aasFirewallRuleName = “Rule$(([string]$i++).PadLeft(2,‘0’))” # “Rule100,Rule101,…”
$Start = Get-IPV4NetworkStartIP $IP
$End = Get-IPV4NetworkEndIP $IP

Write-Host “Adding IP Range to Firewall > $IP… > $aasFirewallRuleName”
New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $start.IPAddressToString -RangeEnd $End.IPAddressToString
}

$FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList

Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
[/pre]

The script that I use to do the process work but stops when it try to add an /32 network. The error is:

[pre]
Set-AzureRmAnalysisServicesServer : The IP range System.Byte-System.Byte is invalid because the range start is greater than range end.
At line:11 char:1

• Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $ …
• CategoryInfo : CloseError: ( [Set-AzAnalysisServicesServer], CloudException
• FullyQualifiedErrorId : Microsoft.Azure.Commands.AnalysisServices.SetAzureAnalysisServicesServer
  [/pre]

If I try to add it manually it works!

[pre]
$aasName = “AnalysisServicesServiceName”
$aasRg = “AnalysisServicesResourceGroup”

IPRange = “94.245.114.1/32”

$aasFirewallRuleName = “Rule1”
$Start = “94.245.114.1”
$End = “94.245.114.1”

$FirewallRuleList = New-AzureRmAnalysisServicesFirewallRule -FirewallRuleName $aasFirewallRuleName -RangeStart $Start -RangeEnd $End

$FirewallRuleConfig = New-AzureRmAnalysisServicesFirewallConfig -EnablePowerBIService -FirewallRule $FirewallRuleList

Set-AzureRmAnalysisServicesServer -Name $aasName -ResourceGroupName $aasRg -FirewallConfig $FirewallRuleConfig
[/pre]

Can you help me about this problem?

Thanks!

Your Get-IPV4NetworkStartIP function is returning the wrong result:

Get-IPV4NetworkStartIP '94.245.114.1/32'

Address            : 41088350
AddressFamily      : InterNetwork
ScopeId            : 
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : 94.245.114.2

You need to review and fix that

Yes, Sam Boutros you have reason! My mistake! I need to verify if the network is a /32 and in that case I can’t increment +1! I will try to do that and if I have a solution I put it here… I’m new in powershell.

Thanks to help! You are master!