Azure
diff --git a/‎src/azure-cli/azure/cli/command_modules/servicefabric/_help.py‎
Lines changed: 6 additions & 1 deletion b/‎src/azure-cli/azure/cli/command_modules/servicefabric/_help.py‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/azure-cli/azure/cli/command_modules/servicefabric/_params.py‎
Lines changed: 4 additions & 0 deletions b/‎src/azure-cli/azure/cli/command_modules/servicefabric/_params.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/servicefabric/operations/managed_clusters.py‎
Lines changed: 10 additions & 2 deletions b/‎src/azure-cli/azure/cli/command_modules/servicefabric/operations/managed_clusters.py‎
Lines changed: 10 additions & 2 deletions
@@ -473,10 +473,15 @@
 type: command
 short-summary: Add a network security rule to a managed cluster.
 examples:
-  - name: Add network security rule.
+  - name: Add network security rule with multiple source and destination address prefixes.
     text: >
         az sf managed-cluster network-security-rule add -g testRG -c testCluster --name 'network security rule name' --access allow --description 'network security rule description' --direction inbound --protocol tcp --priority 1200 \
           --source-port-ranges 1-1000 --dest-port-ranges 1-65535 --source-addr-prefixes 167.220.242.0/27 167.220.0.0/23 131.107.132.16/28 167.220.81.128/26 --dest-addr-prefixes 194.69.104.0/25 194.69.119.64/26 167.220.249.128/26 255.255.255.255/32
+
+  - name: Add network security rule with single source and destination address prefix.
+    text: >
+        az sf managed-cluster network-security-rule add -g testRG -c testCluster --name 'network security rule name' --access deny --description 'network security rule description' --direction inbound --protocol any --priority 1300 \
+          --source-port-range * --dest-port-ranges 19000 19080 --source-addr-prefix Internet --dest-addr-prefix *
 """
 
 helps['sf managed-cluster network-security-rule update'] = """
 
@@ -288,8 +288,12 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('protocol', arg_type=get_enum_type(['tcp', 'https', 'http', 'udp', 'icmp', 'ah', 'esp', 'any']), help='Network protocol')
         c.argument('source_port_ranges', nargs='+', help='A single or space separated list of source port ranges')
         c.argument('dest_port_ranges', nargs='+', help='A single or space separated list of destination port ranges')
+        c.argument('source_port_range', help='The source port or range. Integer or range between 0 and 65535. Asterisk \'*\' can also be used to match all ports.')
+        c.argument('dest_port_range', help='The destination port or range. Integer or range between 0 and 65535. Asterisk \'*\' can also be used to match all ports.')
         c.argument('source_addr_prefixes', nargs='+', help='The CIDR or source IP ranges. A single or space separated list of source address prefixes')
         c.argument('dest_addr_prefixes', nargs='+', help='CIDR or destination IP ranges. A single or space separated list of destination address prefixes')
+        c.argument('source_addr_prefix', help='The CIDR or source IP range. Asterisk \'*\' can also be used to match all source IPs. Default tags such as \'VirtualNetwork\', \'AzureLoadBalancer\' and \'Internet\' can also be used. If this is an ingress rule, specifies where network traffic originates from.')
+        c.argument('dest_addr_prefix', help='The destination address prefix. CIDR or destination IP range. Asterisk \'*\' can also be used to match all source IPs. Default tags such as \'VirtualNetwork\', \'AzureLoadBalancer\' and \'Internet\' can also be used.')
 
     # managed node type
     capacity = CLIArgumentType(
 
@@ -244,8 +244,12 @@ def add_network_security_rule(cmd,
                               priority=None,
                               source_port_ranges=None,
                               dest_port_ranges=None,
+                              source_port_range=None,
+                              dest_port_range=None,
                               dest_addr_prefixes=None,
-                              source_addr_prefixes=None):
+                              source_addr_prefixes=None,
+                              dest_addr_prefix=None,
+                              source_addr_prefix=None):
     try:
         cluster = client.managed_clusters.get(resource_group_name, cluster_name)
 
@@ -260,8 +264,12 @@ def add_network_security_rule(cmd,
                                                        priority=priority,
                                                        source_port_ranges=source_port_ranges,
                                                        destination_port_ranges=dest_port_ranges,
+                                                       source_port_range=source_port_range,
+                                                       destination_port_range=dest_port_range,
                                                        destination_address_prefixes=dest_addr_prefixes,
-                                                       source_address_prefixes=source_addr_prefixes)
+                                                       source_address_prefixes=source_addr_prefixes,
+                                                       destination_address_prefix=dest_addr_prefix,
+                                                       source_address_prefix=source_addr_prefix)
 
         cluster.network_security_rules.append(new_network_securityRule)