Microsoft.Network virtualNetworkGateways 2016-12-01

• Latest
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-08-01
• 2021-05-01
• 2021-03-01
• 2021-02-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2019-12-01
• 2019-11-01
• 2019-09-01
• 2019-08-01
• 2019-07-01
• 2019-06-01
• 2019-04-01
• 2019-02-01
• 2018-12-01
• 2018-11-01
• 2018-10-01
• 2018-08-01
• 2018-07-01
• 2018-06-01
• 2018-04-01
• 2018-02-01
• 2018-01-01
• 2017-11-01
• 2017-10-01
• 2017-09-01
• 2017-08-01
• 2017-06-01
• 2017-03-30
• 2017-03-01
• 2016-12-01
• 2016-09-01
• 2016-06-01
• 2016-03-30
• 2015-06-15
• 2015-05-01-preview

Bicep resource definition

The virtualNetworkGateways resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkGateways resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualNetworkGateways@2016-12-01' = {
  etag: 'string'
  location: 'string'
  name: 'string'
  properties: {
    activeActive: bool
    bgpSettings: {
      asn: int
      bgpPeeringAddress: 'string'
      peerWeight: int
    }
    enableBgp: bool
    gatewayDefaultSite: {
      id: 'string'
    }
    gatewayType: 'string'
    ipConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          privateIPAllocationMethod: 'string'
          publicIPAddress: {
            id: 'string'
          }
          subnet: {
            id: 'string'
          }
        }
      }
    ]
    resourceGuid: 'string'
    sku: {
      capacity: int
      name: 'string'
      tier: 'string'
    }
    vpnClientConfiguration: {
      vpnClientAddressPool: {
        addressPrefixes: [
          'string'
        ]
      }
      vpnClientRevokedCertificates: [
        {
          etag: 'string'
          id: 'string'
          name: 'string'
          properties: {
            thumbprint: 'string'
          }
        }
      ]
      vpnClientRootCertificates: [
        {
          etag: 'string'
          id: 'string'
          name: 'string'
          properties: {
            publicCertData: 'string'
          }
        }
      ]
    }
    vpnType: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

BgpSettings

Name	Description	Value
asn	The BGP speaker's ASN.	int
bgpPeeringAddress	The BGP peering address and BGP identifier of this BGP speaker.	string
peerWeight	The weight added to routes learned from this BGP speaker.	int

Microsoft.Network/virtualNetworkGateways

Name	Description	Value
etag	Gets a unique read-only string that changes whenever the resource is updated.	string
location	Resource location.	string
name	The resource name	string (required)
properties	VirtualNetworkGateway properties	VirtualNetworkGatewayPropertiesFormat (required)
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

VirtualNetworkGatewayIPConfiguration

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of VirtualNetworkGatewayIPConfiguration	VirtualNetworkGatewayIPConfigurationPropertiesFormat

VirtualNetworkGatewayIPConfigurationPropertiesFormat

Name	Description	Value
privateIPAllocationMethod	The private IP allocation method. Possible values are: 'Static' and 'Dynamic'.	'Dynamic' 'Static'
publicIPAddress	The reference of the public IP resource.	SubResource
subnet	The reference of the subnet resource.	SubResource

VirtualNetworkGatewayPropertiesFormat

Name	Description	Value
activeActive	ActiveActive flag	bool
bgpSettings	Virtual network gateway's BGP speaker settings.	BgpSettings
enableBgp	Whether BGP is enabled for this virtual network gateway or not.	bool
gatewayDefaultSite	The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting.	SubResource
gatewayType	The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'.	'ExpressRoute' 'Vpn'
ipConfigurations	IP configurations for virtual network gateway.	VirtualNetworkGatewayIPConfiguration[]
resourceGuid	The resource GUID property of the VirtualNetworkGateway resource.	string
sku	The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway.	VirtualNetworkGatewaySku
vpnClientConfiguration	The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations.	VpnClientConfiguration
vpnType	The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'.	'PolicyBased' 'RouteBased'

VirtualNetworkGatewaySku

Name	Description	Value
capacity	The capacity.	int
name	Gateway SKU name. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'
tier	Gateway SKU tier. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'

VpnClientConfiguration

Name	Description	Value
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnClientRevokedCertificates	VpnClientRevokedCertificate for Virtual network gateway.	VpnClientRevokedCertificate[]
vpnClientRootCertificates	VpnClientRootCertificate for virtual network gateway.	VpnClientRootCertificate[]

VpnClientRevokedCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of the revoked VPN client certificate of virtual network gateway.	VpnClientRevokedCertificatePropertiesFormat

VpnClientRevokedCertificatePropertiesFormat

Name	Description	Value
thumbprint	The revoked VPN client certificate thumbprint.	string

VpnClientRootCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of SSL certificates of application gateway	VpnClientRootCertificatePropertiesFormat (required)

VpnClientRootCertificatePropertiesFormat

Name	Description	Value
publicCertData	The certificate public data.	string (required)

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File	Description
Create a BGP VNET to VNET connection	This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create a Point-to-Site Gateway with Azure AD	This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection
ExpressRoute circuit with private peering and Azure VNet	This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit
Site-to-Site VPN with active-active VPN Gateways with BGP	This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology	This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

ARM template resource definition

The virtualNetworkGateways resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkGateways resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualNetworkGateways",
  "apiVersion": "2016-12-01",
  "name": "string",
  "etag": "string",
  "location": "string",
  "properties": {
    "activeActive": "bool",
    "bgpSettings": {
      "asn": "int",
      "bgpPeeringAddress": "string",
      "peerWeight": "int"
    },
    "enableBgp": "bool",
    "gatewayDefaultSite": {
      "id": "string"
    },
    "gatewayType": "string",
    "ipConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAllocationMethod": "string",
          "publicIPAddress": {
            "id": "string"
          },
          "subnet": {
            "id": "string"
          }
        }
      }
    ],
    "resourceGuid": "string",
    "sku": {
      "capacity": "int",
      "name": "string",
      "tier": "string"
    },
    "vpnClientConfiguration": {
      "vpnClientAddressPool": {
        "addressPrefixes": [ "string" ]
      },
      "vpnClientRevokedCertificates": [
        {
          "etag": "string",
          "id": "string",
          "name": "string",
          "properties": {
            "thumbprint": "string"
          }
        }
      ],
      "vpnClientRootCertificates": [
        {
          "etag": "string",
          "id": "string",
          "name": "string",
          "properties": {
            "publicCertData": "string"
          }
        }
      ]
    },
    "vpnType": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

BgpSettings

Name	Description	Value
asn	The BGP speaker's ASN.	int
bgpPeeringAddress	The BGP peering address and BGP identifier of this BGP speaker.	string
peerWeight	The weight added to routes learned from this BGP speaker.	int

Microsoft.Network/virtualNetworkGateways

Name	Description	Value
apiVersion	The api version	'2016-12-01'
etag	Gets a unique read-only string that changes whenever the resource is updated.	string
location	Resource location.	string
name	The resource name	string (required)
properties	VirtualNetworkGateway properties	VirtualNetworkGatewayPropertiesFormat (required)
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Network/virtualNetworkGateways'

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

VirtualNetworkGatewayIPConfiguration

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of VirtualNetworkGatewayIPConfiguration	VirtualNetworkGatewayIPConfigurationPropertiesFormat

VirtualNetworkGatewayIPConfigurationPropertiesFormat

Name	Description	Value
privateIPAllocationMethod	The private IP allocation method. Possible values are: 'Static' and 'Dynamic'.	'Dynamic' 'Static'
publicIPAddress	The reference of the public IP resource.	SubResource
subnet	The reference of the subnet resource.	SubResource

VirtualNetworkGatewayPropertiesFormat

Name	Description	Value
activeActive	ActiveActive flag	bool
bgpSettings	Virtual network gateway's BGP speaker settings.	BgpSettings
enableBgp	Whether BGP is enabled for this virtual network gateway or not.	bool
gatewayDefaultSite	The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting.	SubResource
gatewayType	The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'.	'ExpressRoute' 'Vpn'
ipConfigurations	IP configurations for virtual network gateway.	VirtualNetworkGatewayIPConfiguration[]
resourceGuid	The resource GUID property of the VirtualNetworkGateway resource.	string
sku	The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway.	VirtualNetworkGatewaySku
vpnClientConfiguration	The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations.	VpnClientConfiguration
vpnType	The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'.	'PolicyBased' 'RouteBased'

VirtualNetworkGatewaySku

Name	Description	Value
capacity	The capacity.	int
name	Gateway SKU name. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'
tier	Gateway SKU tier. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'

VpnClientConfiguration

Name	Description	Value
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnClientRevokedCertificates	VpnClientRevokedCertificate for Virtual network gateway.	VpnClientRevokedCertificate[]
vpnClientRootCertificates	VpnClientRootCertificate for virtual network gateway.	VpnClientRootCertificate[]

VpnClientRevokedCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of the revoked VPN client certificate of virtual network gateway.	VpnClientRevokedCertificatePropertiesFormat

VpnClientRevokedCertificatePropertiesFormat

Name	Description	Value
thumbprint	The revoked VPN client certificate thumbprint.	string

VpnClientRootCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of SSL certificates of application gateway	VpnClientRootCertificatePropertiesFormat (required)

VpnClientRootCertificatePropertiesFormat

Name	Description	Value
publicCertData	The certificate public data.	string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
App Service Environment with Azure SQL backend	This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
BOSH CF Cross Region	This template helps you setup the resources needed to deploy BOSH and Cloud Foundry across two regions on Azure.
Connect an ExpressRoute circuit to a VNET	This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured.
Create a BGP VNET to VNET connection	This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create a DevTest environment with P2S VPN and IIS	This template creates a simple DevTest environment with a Point-to-Site VPN and IIS on a Windows server which is a great way to get started.
Create a Point-to-Site Gateway	This template allows you to create a Point-to-Site connection using VirtualNetworkGateways
Create a Point-to-Site Gateway with Azure AD	This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection
Create a Site-to-Site VPN Connection	This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Create a Site-to-Site VPN Connection with VM	This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Create a VNET to VNET connection across two regions	This template allows you to connect two VNETs in different regions using Virtual Network Gateways
Create SQL MI with point-to-site connection configured	Deploy Azure Sql Database Managed Instance (SQL MI) and Virtual network gateway configured for point-to-site connection inside the new virtual network.
Create three vNets to demonstrate transitive BGP connections	This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections
Create VNet with two Subnets, local network, and gateway	This template creates a VNet, 2 subnets, and a gateway
Deploy a Hub and Spoke topology sandbox	This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy HBase geo replication	This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection.
ExpressRoute circuit with private peering and Azure VNet	This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit
Extend an existing Azure VNET to a Multi-VNET Configuration	This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways
Site-to-Site VPN with active-active VPN Gateways with BGP	This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology	This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

Terraform (AzAPI provider) resource definition

The virtualNetworkGateways resource type can be deployed with operations that target:

• Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualNetworkGateways resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworkGateways@2016-12-01"
  name = "string"
  etag = "string"
  location = "string"
  body = jsonencode({
    properties = {
      activeActive = bool
      bgpSettings = {
        asn = int
        bgpPeeringAddress = "string"
        peerWeight = int
      }
      enableBgp = bool
      gatewayDefaultSite = {
        id = "string"
      }
      gatewayType = "string"
      ipConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            privateIPAllocationMethod = "string"
            publicIPAddress = {
              id = "string"
            }
            subnet = {
              id = "string"
            }
          }
        }
      ]
      resourceGuid = "string"
      sku = {
        capacity = int
        name = "string"
        tier = "string"
      }
      vpnClientConfiguration = {
        vpnClientAddressPool = {
          addressPrefixes = [
            "string"
          ]
        }
        vpnClientRevokedCertificates = [
          {
            etag = "string"
            id = "string"
            name = "string"
            properties = {
              thumbprint = "string"
            }
          }
        ]
        vpnClientRootCertificates = [
          {
            etag = "string"
            id = "string"
            name = "string"
            properties = {
              publicCertData = "string"
            }
          }
        ]
      }
      vpnType = "string"
    }
  })
  tags = {
    {customized property} = "string"
  }
}

Property values

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

BgpSettings

Name	Description	Value
asn	The BGP speaker's ASN.	int
bgpPeeringAddress	The BGP peering address and BGP identifier of this BGP speaker.	string
peerWeight	The weight added to routes learned from this BGP speaker.	int

Microsoft.Network/virtualNetworkGateways

Name	Description	Value
etag	Gets a unique read-only string that changes whenever the resource is updated.	string
location	Resource location.	string
name	The resource name	string (required)
properties	VirtualNetworkGateway properties	VirtualNetworkGatewayPropertiesFormat (required)
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Network/virtualNetworkGateways@2016-12-01"

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

VirtualNetworkGatewayIPConfiguration

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of VirtualNetworkGatewayIPConfiguration	VirtualNetworkGatewayIPConfigurationPropertiesFormat

VirtualNetworkGatewayIPConfigurationPropertiesFormat

Name	Description	Value
privateIPAllocationMethod	The private IP allocation method. Possible values are: 'Static' and 'Dynamic'.	'Dynamic' 'Static'
publicIPAddress	The reference of the public IP resource.	SubResource
subnet	The reference of the subnet resource.	SubResource

VirtualNetworkGatewayPropertiesFormat

Name	Description	Value
activeActive	ActiveActive flag	bool
bgpSettings	Virtual network gateway's BGP speaker settings.	BgpSettings
enableBgp	Whether BGP is enabled for this virtual network gateway or not.	bool
gatewayDefaultSite	The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting.	SubResource
gatewayType	The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'.	'ExpressRoute' 'Vpn'
ipConfigurations	IP configurations for virtual network gateway.	VirtualNetworkGatewayIPConfiguration[]
resourceGuid	The resource GUID property of the VirtualNetworkGateway resource.	string
sku	The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway.	VirtualNetworkGatewaySku
vpnClientConfiguration	The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations.	VpnClientConfiguration
vpnType	The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'.	'PolicyBased' 'RouteBased'

VirtualNetworkGatewaySku

Name	Description	Value
capacity	The capacity.	int
name	Gateway SKU name. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'
tier	Gateway SKU tier. Possible values are: 'Basic', 'HighPerformance','Standard', and 'UltraPerformance'.	'Basic' 'HighPerformance' 'Standard' 'UltraPerformance'

VpnClientConfiguration

Name	Description	Value
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnClientRevokedCertificates	VpnClientRevokedCertificate for Virtual network gateway.	VpnClientRevokedCertificate[]
vpnClientRootCertificates	VpnClientRootCertificate for virtual network gateway.	VpnClientRootCertificate[]

VpnClientRevokedCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of the revoked VPN client certificate of virtual network gateway.	VpnClientRevokedCertificatePropertiesFormat

VpnClientRevokedCertificatePropertiesFormat

Name	Description	Value
thumbprint	The revoked VPN client certificate thumbprint.	string

VpnClientRootCertificate

Name	Description	Value
etag	A unique read-only string that changes whenever the resource is updated.	string
id	Resource ID.	string
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string
properties	Properties of SSL certificates of application gateway	VpnClientRootCertificatePropertiesFormat (required)

VpnClientRootCertificatePropertiesFormat

Name	Description	Value
publicCertData	The certificate public data.	string (required)