Microsoft.Network virtualNetworkGateways 2024-03-01
- Latest
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The virtualNetworkGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/virtualNetworkGateways@2024-03-01' = {
extendedLocation: {
name: 'string'
type: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
activeActive: bool
adminState: 'string'
allowRemoteVnetTraffic: bool
allowVirtualWanTraffic: bool
autoScaleConfiguration: {
bounds: {
max: int
min: int
}
}
bgpSettings: {
asn: int
bgpPeeringAddress: 'string'
bgpPeeringAddresses: [
{
customBgpIpAddresses: [
'string'
]
ipconfigurationId: 'string'
}
]
peerWeight: int
}
customRoutes: {
addressPrefixes: [
'string'
]
}
disableIPSecReplayProtection: bool
enableBgp: bool
enableBgpRouteTranslationForNat: bool
enableDnsForwarding: bool
enablePrivateIpAddress: bool
gatewayDefaultSite: {
id: 'string'
}
gatewayType: 'string'
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
}
subnet: {
id: 'string'
}
}
}
]
natRules: [
{
id: 'string'
name: 'string'
properties: {
externalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
internalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
ipConfigurationId: 'string'
mode: 'string'
type: 'string'
}
}
]
resiliencyModel: 'string'
sku: {
name: 'string'
tier: 'string'
}
virtualNetworkGatewayPolicyGroups: [
{
id: 'string'
name: 'string'
properties: {
isDefault: bool
policyMembers: [
{
attributeType: 'string'
attributeValue: 'string'
name: 'string'
}
]
priority: int
}
}
]
vNetExtendedLocationResourceId: 'string'
vpnClientConfiguration: {
aadAudience: 'string'
aadIssuer: 'string'
aadTenant: 'string'
radiusServerAddress: 'string'
radiusServers: [
{
radiusServerAddress: 'string'
radiusServerScore: int
radiusServerSecret: 'string'
}
]
radiusServerSecret: 'string'
vngClientConnectionConfigurations: [
{
id: 'string'
name: 'string'
properties: {
virtualNetworkGatewayPolicyGroups: [
{
id: 'string'
}
]
vpnClientAddressPool: {
addressPrefixes: [
'string'
]
}
}
}
]
vpnAuthenticationTypes: [
'string'
]
vpnClientAddressPool: {
addressPrefixes: [
'string'
]
}
vpnClientIpsecPolicies: [
{
dhGroup: 'string'
ikeEncryption: 'string'
ikeIntegrity: 'string'
ipsecEncryption: 'string'
ipsecIntegrity: 'string'
pfsGroup: 'string'
saDataSizeKilobytes: int
saLifeTimeSeconds: int
}
]
vpnClientProtocols: [
'string'
]
vpnClientRevokedCertificates: [
{
id: 'string'
name: 'string'
properties: {
thumbprint: 'string'
}
}
]
vpnClientRootCertificates: [
{
id: 'string'
name: 'string'
properties: {
publicCertData: 'string'
}
}
]
}
vpnGatewayGeneration: 'string'
vpnType: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
Name | Description | Value |
---|
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.Network/virtualNetworkGateways
Name | Description | Value |
---|---|---|
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
identity | The identity of the virtual network gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
VirtualNetworkGatewayAutoScaleBounds
Name | Description | Value |
---|---|---|
max | Maximum Scale Units for Autoscale configuration | int |
min | Minimum scale Units for Autoscale configuration | int |
VirtualNetworkGatewayAutoScaleConfiguration
Name | Description | Value |
---|---|---|
bounds | The bounds of the autoscale configuration | VirtualNetworkGatewayAutoScaleBounds |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPolicyGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of tVirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupProperties |
VirtualNetworkGatewayPolicyGroupMember
Name | Description | Value |
---|---|---|
attributeType | The Vpn Policy member attribute type. | 'AADGroupId' 'CertificateGroupId' 'RadiusAzureGroupId' |
attributeValue | The value of Attribute used for this VirtualNetworkGatewayPolicyGroupMember. | string |
name | Name of the VirtualNetworkGatewayPolicyGroupMember. | string |
VirtualNetworkGatewayPolicyGroupProperties
Name | Description | Value |
---|---|---|
isDefault | Shows if this is a Default VirtualNetworkGatewayPolicyGroup or not. | bool (required) |
policyMembers | Multiple PolicyMembers for VirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupMember[] (required) |
priority | Priority for VirtualNetworkGatewayPolicyGroup. | int (required) |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
adminState | Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet | 'Disabled' 'Enabled' |
allowRemoteVnetTraffic | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. | bool |
allowVirtualWanTraffic | Configures this gateway to accept traffic from remote Virtual WAN networks. | bool |
autoScaleConfiguration | Autoscale configuration for virutal network gateway | VirtualNetworkGatewayAutoScaleConfiguration |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
resiliencyModel | Property to indicate if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed | 'MultiHomed' 'SingleHomed' |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
virtualNetworkGatewayPolicyGroups | The reference to the VirtualNetworkGatewayPolicyGroup resource which represents the available VirtualNetworkGatewayPolicyGroup for the gateway. | VirtualNetworkGatewayPolicyGroup[] |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VngClientConnectionConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VngClientConnectionConfigurationProperties |
VngClientConnectionConfigurationProperties
Name | Description | Value |
---|---|---|
virtualNetworkGatewayPolicyGroups | List of references to virtualNetworkGatewayPolicyGroups | SubResource[] (required) |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace (required) |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vngClientConnectionConfigurations | per ip address pool connection policy for virtual network gateway P2S client. | VngClientConnectionConfiguration[] |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Create a BGP VNET to VNET connection | This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
Create a Point-to-Site Gateway with Azure AD | This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection |
ExpressRoute circuit with private peering and Azure VNet | This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit |
Site-to-Site VPN with active-active VPN Gateways with BGP | This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology | This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
ARM template resource definition
The virtualNetworkGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways resource, add the following JSON to your template.
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2024-03-01",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"activeActive": "bool",
"adminState": "string",
"allowRemoteVnetTraffic": "bool",
"allowVirtualWanTraffic": "bool",
"autoScaleConfiguration": {
"bounds": {
"max": "int",
"min": "int"
}
},
"bgpSettings": {
"asn": "int",
"bgpPeeringAddress": "string",
"bgpPeeringAddresses": [
{
"customBgpIpAddresses": [ "string" ],
"ipconfigurationId": "string"
}
],
"peerWeight": "int"
},
"customRoutes": {
"addressPrefixes": [ "string" ]
},
"disableIPSecReplayProtection": "bool",
"enableBgp": "bool",
"enableBgpRouteTranslationForNat": "bool",
"enableDnsForwarding": "bool",
"enablePrivateIpAddress": "bool",
"gatewayDefaultSite": {
"id": "string"
},
"gatewayType": "string",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
}
}
],
"natRules": [
{
"id": "string",
"name": "string",
"properties": {
"externalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"internalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"ipConfigurationId": "string",
"mode": "string",
"type": "string"
}
}
],
"resiliencyModel": "string",
"sku": {
"name": "string",
"tier": "string"
},
"virtualNetworkGatewayPolicyGroups": [
{
"id": "string",
"name": "string",
"properties": {
"isDefault": "bool",
"policyMembers": [
{
"attributeType": "string",
"attributeValue": "string",
"name": "string"
}
],
"priority": "int"
}
}
],
"vNetExtendedLocationResourceId": "string",
"vpnClientConfiguration": {
"aadAudience": "string",
"aadIssuer": "string",
"aadTenant": "string",
"radiusServerAddress": "string",
"radiusServers": [
{
"radiusServerAddress": "string",
"radiusServerScore": "int",
"radiusServerSecret": "string"
}
],
"radiusServerSecret": "string",
"vngClientConnectionConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"virtualNetworkGatewayPolicyGroups": [
{
"id": "string"
}
],
"vpnClientAddressPool": {
"addressPrefixes": [ "string" ]
}
}
}
],
"vpnAuthenticationTypes": [ "string" ],
"vpnClientAddressPool": {
"addressPrefixes": [ "string" ]
},
"vpnClientIpsecPolicies": [
{
"dhGroup": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"pfsGroup": "string",
"saDataSizeKilobytes": "int",
"saLifeTimeSeconds": "int"
}
],
"vpnClientProtocols": [ "string" ],
"vpnClientRevokedCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"thumbprint": "string"
}
}
],
"vpnClientRootCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"publicCertData": "string"
}
}
]
},
"vpnGatewayGeneration": "string",
"vpnType": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
Name | Description | Value |
---|
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.Network/virtualNetworkGateways
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-03-01' |
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
identity | The identity of the virtual network gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/virtualNetworkGateways' |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
VirtualNetworkGatewayAutoScaleBounds
Name | Description | Value |
---|---|---|
max | Maximum Scale Units for Autoscale configuration | int |
min | Minimum scale Units for Autoscale configuration | int |
VirtualNetworkGatewayAutoScaleConfiguration
Name | Description | Value |
---|---|---|
bounds | The bounds of the autoscale configuration | VirtualNetworkGatewayAutoScaleBounds |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPolicyGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of tVirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupProperties |
VirtualNetworkGatewayPolicyGroupMember
Name | Description | Value |
---|---|---|
attributeType | The Vpn Policy member attribute type. | 'AADGroupId' 'CertificateGroupId' 'RadiusAzureGroupId' |
attributeValue | The value of Attribute used for this VirtualNetworkGatewayPolicyGroupMember. | string |
name | Name of the VirtualNetworkGatewayPolicyGroupMember. | string |
VirtualNetworkGatewayPolicyGroupProperties
Name | Description | Value |
---|---|---|
isDefault | Shows if this is a Default VirtualNetworkGatewayPolicyGroup or not. | bool (required) |
policyMembers | Multiple PolicyMembers for VirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupMember[] (required) |
priority | Priority for VirtualNetworkGatewayPolicyGroup. | int (required) |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
adminState | Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet | 'Disabled' 'Enabled' |
allowRemoteVnetTraffic | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. | bool |
allowVirtualWanTraffic | Configures this gateway to accept traffic from remote Virtual WAN networks. | bool |
autoScaleConfiguration | Autoscale configuration for virutal network gateway | VirtualNetworkGatewayAutoScaleConfiguration |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
resiliencyModel | Property to indicate if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed | 'MultiHomed' 'SingleHomed' |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
virtualNetworkGatewayPolicyGroups | The reference to the VirtualNetworkGatewayPolicyGroup resource which represents the available VirtualNetworkGatewayPolicyGroup for the gateway. | VirtualNetworkGatewayPolicyGroup[] |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VngClientConnectionConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VngClientConnectionConfigurationProperties |
VngClientConnectionConfigurationProperties
Name | Description | Value |
---|---|---|
virtualNetworkGatewayPolicyGroups | List of references to virtualNetworkGatewayPolicyGroups | SubResource[] (required) |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace (required) |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vngClientConnectionConfigurations | per ip address pool connection policy for virtual network gateway P2S client. | VngClientConnectionConfiguration[] |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
App Service Environment with Azure SQL backend |
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
BOSH CF Cross Region |
This template helps you setup the resources needed to deploy BOSH and Cloud Foundry across two regions on Azure. |
Connect an ExpressRoute circuit to a VNET |
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured. |
Create a BGP VNET to VNET connection |
This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
Create a DevTest environment with P2S VPN and IIS |
This template creates a simple DevTest environment with a Point-to-Site VPN and IIS on a Windows server which is a great way to get started. |
Create a Point-to-Site Gateway |
This template allows you to create a Point-to-Site connection using VirtualNetworkGateways |
Create a Point-to-Site Gateway with Azure AD |
This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection |
Create a Site-to-Site VPN Connection |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
Create a Site-to-Site VPN Connection with VM |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
Create a VNET to VNET connection across two regions |
This template allows you to connect two VNETs in different regions using Virtual Network Gateways |
Create SQL MI with point-to-site connection configured |
Deploy Azure Sql Database Managed Instance (SQL MI) and Virtual network gateway configured for point-to-site connection inside the new virtual network. |
Create three vNets to demonstrate transitive BGP connections |
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections |
Create VNet with two Subnets, local network, and gateway |
This template creates a VNet, 2 subnets, and a gateway |
Deploy a Hub and Spoke topology sandbox |
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes. |
Deploy HBase geo replication |
This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection. |
ExpressRoute circuit with private peering and Azure VNet |
This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit |
Extend an existing Azure VNET to a Multi-VNET Configuration |
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways |
Site-to-Site VPN with active-active VPN Gateways with BGP |
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
Terraform (AzAPI provider) resource definition
The virtualNetworkGateways resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/virtualNetworkGateways@2024-03-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
extendedLocation = {
name = "string"
type = "string"
}
properties = {
activeActive = bool
adminState = "string"
allowRemoteVnetTraffic = bool
allowVirtualWanTraffic = bool
autoScaleConfiguration = {
bounds = {
max = int
min = int
}
}
bgpSettings = {
asn = int
bgpPeeringAddress = "string"
bgpPeeringAddresses = [
{
customBgpIpAddresses = [
"string"
]
ipconfigurationId = "string"
}
]
peerWeight = int
}
customRoutes = {
addressPrefixes = [
"string"
]
}
disableIPSecReplayProtection = bool
enableBgp = bool
enableBgpRouteTranslationForNat = bool
enableDnsForwarding = bool
enablePrivateIpAddress = bool
gatewayDefaultSite = {
id = "string"
}
gatewayType = "string"
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
}
subnet = {
id = "string"
}
}
}
]
natRules = [
{
id = "string"
name = "string"
properties = {
externalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
internalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
ipConfigurationId = "string"
mode = "string"
type = "string"
}
}
]
resiliencyModel = "string"
sku = {
name = "string"
tier = "string"
}
virtualNetworkGatewayPolicyGroups = [
{
id = "string"
name = "string"
properties = {
isDefault = bool
policyMembers = [
{
attributeType = "string"
attributeValue = "string"
name = "string"
}
]
priority = int
}
}
]
vNetExtendedLocationResourceId = "string"
vpnClientConfiguration = {
aadAudience = "string"
aadIssuer = "string"
aadTenant = "string"
radiusServerAddress = "string"
radiusServers = [
{
radiusServerAddress = "string"
radiusServerScore = int
radiusServerSecret = "string"
}
]
radiusServerSecret = "string"
vngClientConnectionConfigurations = [
{
id = "string"
name = "string"
properties = {
virtualNetworkGatewayPolicyGroups = [
{
id = "string"
}
]
vpnClientAddressPool = {
addressPrefixes = [
"string"
]
}
}
}
]
vpnAuthenticationTypes = [
"string"
]
vpnClientAddressPool = {
addressPrefixes = [
"string"
]
}
vpnClientIpsecPolicies = [
{
dhGroup = "string"
ikeEncryption = "string"
ikeIntegrity = "string"
ipsecEncryption = "string"
ipsecIntegrity = "string"
pfsGroup = "string"
saDataSizeKilobytes = int
saLifeTimeSeconds = int
}
]
vpnClientProtocols = [
"string"
]
vpnClientRevokedCertificates = [
{
id = "string"
name = "string"
properties = {
thumbprint = "string"
}
}
]
vpnClientRootCertificates = [
{
id = "string"
name = "string"
properties = {
publicCertData = "string"
}
}
]
}
vpnGatewayGeneration = "string"
vpnType = "string"
}
})
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
Name | Description | Value |
---|
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.Network/virtualNetworkGateways
Name | Description | Value |
---|---|---|
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
identity | The identity of the virtual network gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/virtualNetworkGateways@2024-03-01" |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
VirtualNetworkGatewayAutoScaleBounds
Name | Description | Value |
---|---|---|
max | Maximum Scale Units for Autoscale configuration | int |
min | Minimum scale Units for Autoscale configuration | int |
VirtualNetworkGatewayAutoScaleConfiguration
Name | Description | Value |
---|---|---|
bounds | The bounds of the autoscale configuration | VirtualNetworkGatewayAutoScaleBounds |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPolicyGroup
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of tVirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupProperties |
VirtualNetworkGatewayPolicyGroupMember
Name | Description | Value |
---|---|---|
attributeType | The Vpn Policy member attribute type. | 'AADGroupId' 'CertificateGroupId' 'RadiusAzureGroupId' |
attributeValue | The value of Attribute used for this VirtualNetworkGatewayPolicyGroupMember. | string |
name | Name of the VirtualNetworkGatewayPolicyGroupMember. | string |
VirtualNetworkGatewayPolicyGroupProperties
Name | Description | Value |
---|---|---|
isDefault | Shows if this is a Default VirtualNetworkGatewayPolicyGroup or not. | bool (required) |
policyMembers | Multiple PolicyMembers for VirtualNetworkGatewayPolicyGroup. | VirtualNetworkGatewayPolicyGroupMember[] (required) |
priority | Priority for VirtualNetworkGatewayPolicyGroup. | int (required) |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
adminState | Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet | 'Disabled' 'Enabled' |
allowRemoteVnetTraffic | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. | bool |
allowVirtualWanTraffic | Configures this gateway to accept traffic from remote Virtual WAN networks. | bool |
autoScaleConfiguration | Autoscale configuration for virutal network gateway | VirtualNetworkGatewayAutoScaleConfiguration |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
resiliencyModel | Property to indicate if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed | 'MultiHomed' 'SingleHomed' |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
virtualNetworkGatewayPolicyGroups | The reference to the VirtualNetworkGatewayPolicyGroup resource which represents the available VirtualNetworkGatewayPolicyGroup for the gateway. | VirtualNetworkGatewayPolicyGroup[] |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'ErGwScale' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VngClientConnectionConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VngClientConnectionConfigurationProperties |
VngClientConnectionConfigurationProperties
Name | Description | Value |
---|---|---|
virtualNetworkGatewayPolicyGroups | List of references to virtualNetworkGatewayPolicyGroups | SubResource[] (required) |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace (required) |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vngClientConnectionConfigurations | per ip address pool connection policy for virtual network gateway P2S client. | VngClientConnectionConfiguration[] |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |