Using New-AzureFirewallRule with multiple ports or IP ranges

When creating an Azure Firewall rule with multiple ports or IP ranges using the PowerShell “New-AzureFirewallRule” cmdlet, you may get an error like this:

Invalid IP address value or range or Service Tag 192.168.64.0/18,10.1.0.0/16.
StatusCode: 400
ReasonPhrase: Bad Request
ErrorCode: AzureFirewallRuleInvalidIpAddressOrRangeFormat

or

Invalid port value or range. User ports must be in [1, 65535]
StatusCode: 400
ReasonPhrase: Bad Request
ErrorCode: AzureFirewallRuleInvalidPortOrRangeFormat

The incorrect code causing these messages refers to the Source Address or Destination Port as a comma-delimited string as you would use in the Azure Portal, as shown here:

#Incorrect Code
$netRule = New-AzFirewallNetworkRule `
     -Name "FirewallRule1" `
     -Description "Rule for HTTP,SMB traffic" `
     -Protocol "TCP" `
     -SourceAddress "192.168.64.0/18,10.1.0.0/16" `
     -DestinationAddress "172.20.1.1/28" `
     -DestinationPort "139,445,80"

However, the cmdlet wants an array of strings to be passed here rather than a comma-delimited string value, so (“192.168.64.0/18″,”10.1.0.0/16”) rather than “192.168.54.0/18,10.1.0.0/16”. The correct version of the above code snippet is as follows:

#Corrected Code
$netRule = New-AzFirewallNetworkRule `
     -Name "FirewallRule1" `
     -Description "Rule for HTTP,SMB traffic " `
     -Protocol "TCP" `
     -SourceAddress ("192.168.64.0/18","10.1.0.0/16") `
     -DestinationAddress "172.20.1.1/28" `
     -DestinationPort ("139","445","80")