Tutorial: Create a gateway load balancer

Azure Load Balancer consists of Standard, Basic, and Gateway SKUs. Gateway Load Balancer is used for transparent insertion of Network Virtual Appliances (NVA). Use Gateway Load Balancer for scenarios that require high performance and high scalability of NVAs.

In this tutorial, you learn how to:

• Create virtual network.
• Create network security group.
• Create a gateway load balancer.
• Chain a load balancer frontend to gateway load balancer.

You can choose to create a gateway load balancer using the Azure portal, Azure CLI, or Azure PowerShell.

Prerequisites

Azure portal

• An Azure subscription. If you don’t have an Azure subscription, create a free account before you begin.
• Two standard sku Azure Load Balancers with backend pools deployed in two different Azure regions.
  • For information on creating a regional standard load balancer and virtual machines for backend pools, see Quickstart: Create a public load balancer to load balance VMs using the Azure portal.

Azure CLI

• Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.

  

• If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.

  • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.

  • When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.

  • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

• This tutorial requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

• An Azure account with an active subscription.Create an account for free.

• An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using the Azure CLI.

  • For the purposes of this tutorial, the existing load balancer in the examples is named myLoadBalancer.

Azure PowerShell

• An Azure account with an active subscription.Create an account for free.
• An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using Azure PowerShell.
  • For the purposes of this tutorial, the existing load balancer in the examples is named myLoadBalancer.
• Azure PowerShell installed locally or Azure Cloud Shell

If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run Get-Module -ListAvailable Az to find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.

Create a virtual network and associated resources

Azure portal

The following procedure creates a virtual network with a resource subnet, an Azure Bastion subnet, and an Azure Bastion host.

Important

Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

1. In the portal, search for and select Virtual networks.

2. On the Virtual networks page, select + Create.

3. On the Basics tab of Create virtual network, enter or select the following information:

   Setting	Value
   Project details
   Subscription	Select your subscription.
   Resource group	Select Create new. Enter load-balancer-rg in Name. Select OK.
   Instance details
   Name	Enter lb-vnet.
   Region	Select East US.

   

4. Select the Security tab or Next button at the bottom of the page.

5. Under Azure Bastion, enter or select the following information:

   Setting	Value
   Azure Bastion
   Enable Azure Bastion	Select checkbox.
   Azure Bastion host name	Enter lb-bastion.
   Azure Bastion public IP address	Select Create new. Enter lb-bastion-ip in Name. Select OK.

6. Select the IP addresses tab, or Next at the bottom of the page.

7. On Create virtual network page, enter or select the following information:

   Setting	Value
   Add IPv4 address space
   IPv4 address space	Enter 10.0.0.0/16 (65,356 addresses).
   Subnets	Select the default subnet link to edit.
   Subnet template	Leave the default Default.
   Name	Enter backend-subnet.
   Starting address	Enter 10.0.0.0.
   Subnet size	Enter /24(256 addresses).
   Security
   NAT Gateway	Select None.

   

8. Select Save.

9. Select Review + create at the bottom of the screen, and when validation passes, select Create.

Azure CLI

The following sections describe how to create a virtual network and associated resources. The virtual network is needed for the resources that are in the backend pool of the gateway load balancer.

The resources include a bastion host, network security group, and network security group rules.

Create a resource group

An Azure resource group is a logical container into which Azure resources are deployed and managed.

Create a resource group with az group create:

  az group create \
    --name TutorGwLB-rg \
    --location eastus

Create virtual network

A virtual network is needed for the resources that are in the backend pool of the gateway load balancer.

Use az network virtual network create to create the virtual network.

  az network vnet create \
    --resource-group TutorGwLB-rg \
    --location eastus \
    --name myVNet \
    --address-prefixes 10.1.0.0/16 \
    --subnet-name myBackendSubnet \
    --subnet-prefixes 10.1.0.0/24

Create bastion public IP address

Use az network public-ip create to create a public IP address for the Azure Bastion host

az network public-ip create \
    --resource-group TutorGwLB-rg \
    --name myBastionIP \
    --sku Standard \
    --zone 1 2 3

Create bastion subnet

Use az network vnet subnet create to create the bastion subnet.

az network vnet subnet create \
    --resource-group TutorGwLB-rg \
    --name AzureBastionSubnet \
    --vnet-name myVNet \
    --address-prefixes 10.1.1.0/27

Create bastion host

Use az network bastion create to deploy a bastion host for secure management of resources in virtual network.

az network bastion create \
    --resource-group TutorGwLB-rg \
    --name myBastionHost \
    --public-ip-address myBastionIP \
    --vnet-name myVNet \
    --location eastus

It can take a few minutes for the Azure Bastion host to deploy.

Important

Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

Create NSG

Use the following example to create a network security group. You configure the NSG rules needed for network traffic in the virtual network created previous

Use az network nsg create to create the NSG.

  az network nsg create \
    --resource-group TutorGwLB-rg \
    --name myNSG

Create NSG Rules

Use az network nsg rule create to create rules for the NSG.

  az network nsg rule create \
    --resource-group TutorGwLB-rg \
    --nsg-name myNSG \
    --name myNSGRule-AllowAll \
    --protocol '*' \
    --direction inbound \
    --source-address-prefix '0.0.0.0/0' \
    --source-port-range '*' \
    --destination-address-prefix '0.0.0.0/0' \
    --destination-port-range '*' \
    --access allow \
    --priority 100

  az network nsg rule create \
    --resource-group TutorGwLB-rg \
    --nsg-name myNSG \
    --name myNSGRule-AllowAll-TCP-Out \
    --protocol 'TCP' \
    --direction outbound \
    --source-address-prefix '0.0.0.0/0' \
    --source-port-range '*' \
    --destination-address-prefix '0.0.0.0/0' \
    --destination-port-range '*' \
    --access allow \
    --priority 100

Azure PowerShell

The following sections describe how to create a virtual network and associated resources. The virtual network is needed for the resources that are in the backend pool of the gateway load balancer.

The resources include a bastion host, network security group, and network security group rules.

Create a resource group

An Azure resource group is a logical container into which Azure resources are deployed and managed.

Create a resource group with New-AzResourceGroup:

New-AzResourceGroup -Name 'TutorGwLB-rg' -Location 'eastus'

Create virtual network

A virtual network is needed for the resources that are in the backend pool of the gateway load balancer. Use New-AzVirtualNetwork to create the virtual network. Use New-AzBastion to deploy a bastion host for secure management of resources in virtual network.

Important

Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

## Create backend subnet config ##
$subnet = @{
    Name = 'myBackendSubnet'
    AddressPrefix = '10.1.0.0/24'
}
$subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet 

## Create Azure Bastion subnet. ##
$bastsubnet = @{
    Name = 'AzureBastionSubnet' 
    AddressPrefix = '10.1.1.0/24'
}
$bastsubnetConfig = New-AzVirtualNetworkSubnetConfig @bastsubnet

## Create the virtual network ##
$net = @{
    Name = 'myVNet'
    ResourceGroupName = 'TutorGwLB-rg'
    Location = 'eastus'
    AddressPrefix = '10.1.0.0/16'
    Subnet = $subnetConfig,$bastsubnetConfig
}
$vnet = New-AzVirtualNetwork @net

## Create public IP address for bastion host. ##
$ip = @{
    Name = 'myBastionIP'
    ResourceGroupName = 'TutorGwLB-rg'
    Location = 'eastus'
    Sku = 'Standard'
    AllocationMethod = 'Static'
}
$publicip = New-AzPublicIpAddress @ip

## Create bastion host ##
$bastion = @{
    ResourceGroupName = 'TutorGwLB-rg'
    Name = 'myBastion'
    PublicIpAddress = $publicip
    VirtualNetwork = $vnet
}
New-AzBastion @bastion -AsJob

Create NSG

Use the following example to create a network security group. You configure the NSG rules needed for network traffic in the virtual network created previously.

Use New-AzNetworkSecurityRuleConfig to create rules for the NSG. Use New-AzNetworkSecurityGroup to create the NSG.

## Create rule for network security group and place in variable. ##
$nsgrule1 = @{
    Name = 'myNSGRule-AllowAll'
    Description = 'Allow all'
    Protocol = '*'
    SourcePortRange = '*'
    DestinationPortRange = '*'
    SourceAddressPrefix = '0.0.0.0/0'
    DestinationAddressPrefix = '0.0.0.0/0'
    Access = 'Allow'
    Priority = '100'
    Direction = 'Inbound'
}
$rule1 = New-AzNetworkSecurityRuleConfig @nsgrule1

$nsgrule2 = @{
    Name = 'myNSGRule-AllowAll-TCP-Out'
    Description = 'Allow all TCP Out'
    Protocol = 'TCP'
    SourcePortRange = '*'
    DestinationPortRange = '*'
    SourceAddressPrefix = '0.0.0.0/0'
    DestinationAddressPrefix = '0.0.0.0/0'
    Access = 'Allow'
    Priority = '100'
    Direction = 'Outbound'
}
$rule2 = New-AzNetworkSecurityRuleConfig @nsgrule2

## Create network security group ##
$nsg = @{
    Name = 'myNSG'
    ResourceGroupName = 'TutorGwLB-rg'
    Location = 'eastus'
    SecurityRules = $rule1,$rule2
}
New-AzNetworkSecurityGroup @nsg

Create and configure a gateway load balancer

Azure portal

In this section, you create the configuration and deploy the gateway load balancer.

1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results.

2. In the Load Balancer page, select Create.

3. In the Basics tab of the Create load balancer page, enter, or select the following information:

   Setting	Value
   Project details
   Subscription	Select your subscription.
   Resource group	Select load-balancer-rg.
   Instance details
   Name	Enter gateway-load-balancer
   Region	Select (US) East US.
   SKU	Select Gateway.
   Type	Select Internal.

   

4. Select Next: Frontend IP configuration at the bottom of the page.

5. In Frontend IP configuration, select + Add a frontend IP.

6. In Add frontend IP configuration, enter or select the following information:

   Setting	Value
   Name	Enter lb-frontend-IP.
   Virtual network	Select lb-vnet.
   Subnet	Select backend-subnet.
   Assignment	Select Dynamic

7. Select Save.

8. Select Next: Backend pools at the bottom of the page.

9. In the Backend pools tab, select + Add a backend pool.

10. In Add backend pool, enter or select the following information.

    Setting	Value
    Name	Enter lb-backend-pool.
    Backend Pool Configuration	Select NIC.
    Gateway load balancer configuration
    Type	Select Internal and External.
    Internal port	Leave the default of 10800.
    Internal identifier	Leave the default of 800.
    External port	Leave the default of 10801.
    External identifier	Leave the default of 801.

11. Select Save.

12. Select the Next: Inbound rules button at the bottom of the page.

13. In Load balancing rule in the Inbound rules tab, select + Add a load balancing rule.

14. In Add load balancing rule, enter or select the following information:

    Setting	Value
    Name	Enter lb-rule
    IP Version	Select IPv4 or IPv6 depending on your requirements.
    Frontend IP address	Select lb-frontend-IP.
    Backend pool	Select lb-backend-pool.
    Health probe	Select Create new. In Name, enter lb-health-probe. Select TCP in Protocol. Leave the rest of the defaults, and select Save.
    Session persistence	Select None.
    Enable TCP reset	Leave default of unchecked.
    Enable floating IP	Leave default of unchecked.

    

15. Select Save.

16. Select the blue Review + create button at the bottom of the page.

17. Select Create.

Azure CLI

In this section, you create a gateway load balancer and configure it with a backend pool and frontend IP configuration. The backend pool is associated with the existing load balancer created in the prerequisites.

Create Gateway Load Balancer

To create the load balancer, use az network lb create.

  az network lb create \
    --resource-group TutorGwLB-rg \
    --name myLoadBalancer-gw \
    --sku Gateway \
    --vnet-name myVNet \
    --subnet myBackendSubnet \
    --backend-pool-name myBackendPool \
    --frontend-ip-name myFrontEnd

Create tunnel interface

An internal interface is automatically created with Azure CLI with the --identifier of 900 and --port of 10800.

You use az network lb address-pool tunnel-interface add to create external tunnel interface for the load balancer.

  az network lb address-pool tunnel-interface add \
    --address-pool myBackEndPool \
    --identifier '901' \
    --lb-name myLoadBalancer-gw \
    --protocol VXLAN \
    --resource-group TutorGwLB-rg \
    --type External \
    --port '10801'

Create health probe

A health probe is required to monitor the health of the backend instances in the load balancer. Use az network lb probe create to create the health probe.

  az network lb probe create \
    --resource-group TutorGwLB-rg \
    --lb-name myLoadBalancer-gw \
    --name myHealthProbe \
    --protocol http \
    --port 80 \
    --path '/' \
    --interval '5' \
    --threshold '2'
    

Create load-balancing rule

Traffic destined for the backend instances is routed with a load-balancing rule. Use az network lb rule create to create the load-balancing rule.

  az network lb rule create \
    --resource-group TutorGwLB-rg \
    --lb-name myLoadBalancer-gw \
    --name myLBRule \
    --protocol All \
    --frontend-port 0 \
    --backend-port 0 \
    --frontend-ip-name myFrontEnd \
    --backend-pool-name myBackEndPool \
    --probe-name myHealthProbe

Azure PowerShell

In this section, you create the configuration and deploy the gateway load balancer. Use New-AzLoadBalancerFrontendIpConfig to create the frontend IP configuration of the load balancer.

You use New-AzLoadBalancerTunnelInterface to create two tunnel interfaces for the load balancer.

Create a backend pool with New-AzLoadBalancerBackendAddressPoolConfig for the NVAs.

A health probe is required to monitor the health of the backend instances in the load balancer. Use New-AzLoadBalancerProbeConfig to create the health probe.

Traffic destined for the backend instances is routed with a load-balancing rule. Use New-AzLoadBalancerRuleConfig to create the load-balancing rule.

To create the deploy the load balancer, use New-AzLoadBalancer.

## Place virtual network configuration in a variable for later use. ##
$net = @{
    Name = 'myVNet'
    ResourceGroupName = 'TutorGwLB-rg'
}
$vnet = Get-AzVirtualNetwork @net

## Create load balancer frontend configuration and place in variable. ## 
$fe = @{
    Name = 'myFrontend'
    SubnetId = $vnet.subnets[0].id
}
$feip = New-AzLoadBalancerFrontendIpConfig @fe

## Create backend address pool configuration and place in variable. ## 
$int1 = @{
    Type = 'Internal'
    Protocol = 'Vxlan'
    Identifier = '800'
    Port = '10800'
}
$tunnelInterface1 = New-AzLoadBalancerBackendAddressPoolTunnelInterfaceConfig @int1

$int2 = @{
    Type = 'External'
    Protocol = 'Vxlan'
    Identifier = '801'
    Port = '10801'
}
$tunnelInterface2 = New-AzLoadBalancerBackendAddressPoolTunnelInterfaceConfig @int2

$pool = @{
    Name = 'myBackendPool'
    TunnelInterface = $tunnelInterface1,$tunnelInterface2
}
$bepool = New-AzLoadBalancerBackendAddressPoolConfig @pool

## Create the health probe and place in variable. ## 
$probe = @{
    Name = 'myHealthProbe'
    Protocol = 'http'
    Port = '80'
    IntervalInSeconds = '360'
    ProbeCount = '5'
    RequestPath = '/'
}
$healthprobe = New-AzLoadBalancerProbeConfig @probe

## Create the load balancer rule and place in variable. ## 
$para = @{
    Name = 'myLBRule'
    Protocol = 'All'
    FrontendPort = '0'
    BackendPort = '0'
    FrontendIpConfiguration = $feip
    BackendAddressPool = $bepool
    Probe = $healthprobe
}
$rule = New-AzLoadBalancerRuleConfig @para

## Create the load balancer resource. ## 
$lb = @{
    ResourceGroupName = 'TutorGwLB-rg'
    Name = 'myLoadBalancer-gw'
    Location = 'eastus'
    Sku = 'Gateway'
    LoadBalancingRule = $rule
    FrontendIpConfiguration = $feip
    BackendAddressPool = $bepool
    Probe = $healthprobe
}
New-AzLoadBalancer @lb

Add network virtual appliances to the Gateway Load Balancer backend pool

Azure portal

Deploy NVAs through the Azure Marketplace. Once deployed, add the NVA virtual machines to the backend pool of the gateway load balancer. To add the virtual machines, go to the backend pools tab of your gateway load balancer.

Azure CLI

Deploy NVAs through the Azure Marketplace. Once deployed, add the virtual machines to the backend pool with az network nic ip-config address-pool add.

Azure PowerShell

In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer.

You add the frontend to the frontend IP of an existing load balancer in your subscription.

Use Set-AzLoadBalancerFrontendIpConfig to chain the gateway load balancer frontend to your existing load balancer.

## Place the gateway load balancer configuration into a variable. ##
$par1 = @{
    ResourceGroupName = 'TutorGwLB-rg'
    Name = 'myLoadBalancer-gw'
}
$gwlb = Get-AzLoadBalancer @par1

## Place the existing load balancer into a variable. ##
$par2 = @{
    ResourceGroupName = 'CreatePubLBQS-rg'
    Name = 'myLoadBalancer'
}
$lb = Get-AzLoadBalancer @par2

## Place the existing public IP for the existing load balancer into a variable.
$par3 = @{
    ResourceGroupName = 'CreatePubLBQS-rg'
    Name = 'myPublicIP'
}
$publicIP = Get-AzPublicIPAddress @par3

## Chain the gateway load balancer to your existing load balancer frontend. ##
$par4 = @{
    Name = 'myFrontEndIP'
    PublicIPAddress = $publicIP
    LoadBalancer = $lb
    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
}
$config = Set-AzLoadBalancerFrontendIpConfig @par4

$config | Set-AzLoadBalancer

Chain load balancer frontend to Gateway Load Balancer

Azure portal

In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer.

You add the frontend to the frontend IP of an existing load balancer in your subscription.

1. In the search box in the Azure portal, enter Load balancer. In the search results, select Load balancers.

2. In Load balancers, select load-balancer or your existing load balancer name.

3. In the load balancer page, select Frontend IP configuration in Settings.

4. Select the frontend IP of the load balancer. In this example, the name of the frontend is lb-frontend-IP.

   

5. Select lb-frontend-IP (10.1.0.4) in the pull-down box next to Gateway load balancer.

6. Select Save.

   

Azure CLI

In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer.

You add the frontend to the frontend IP of an existing load balancer in your subscription.

Use az network lb frontend-ip show to place the resource ID of your gateway load balancer frontend into a variable.

Use az network lb frontend-ip update to chain the gateway load balancer frontend to your existing load balancer.

  feid=$(az network lb frontend-ip show \
    --resource-group TutorGwLB-rg \
    --lb-name myLoadBalancer-gw \
    --name myFrontend \
    --query id \
    --output tsv)

  az network lb frontend-ip update \
    --resource-group CreatePubLBQS-rg \
    --name myFrontendIP \
    --lb-name myLoadBalancer \
    --public-ip-address myPublicIP \
    --gateway-lb $feid

Azure PowerShell

In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer.

You add the frontend to the frontend IP of an existing load balancer in your subscription.

Use Set-AzLoadBalancerFrontendIpConfig to chain the gateway load balancer frontend to your existing load balancer.

## Place the gateway load balancer configuration into a variable. ##
$par1 = @{
    ResourceGroupName = 'TutorGwLB-rg'
    Name = 'myLoadBalancer-gw'
}
$gwlb = Get-AzLoadBalancer @par1

## Place the existing load balancer into a variable. ##
$par2 = @{
    ResourceGroupName = 'CreatePubLBQS-rg'
    Name = 'myLoadBalancer'
}
$lb = Get-AzLoadBalancer @par2

## Place the existing public IP for the existing load balancer into a variable.
$par3 = @{
    ResourceGroupName = 'CreatePubLBQS-rg'
    Name = 'myPublicIP'
}
$publicIP = Get-AzPublicIPAddress @par3

## Chain the gateway load balancer to your existing load balancer frontend. ##
$par4 = @{
    Name = 'myFrontEndIP'
    PublicIPAddress = $publicIP
    LoadBalancer = $lb
    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
}
$config = Set-AzLoadBalancerFrontendIpConfig @par4

$config | Set-AzLoadBalancer

Chain virtual machine to Gateway Load Balancer

Azure portal

Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer.

You add the gateway load balancer's frontend to an existing VM's NIC IP configuration.

Important

A virtual machine must have a public IP address assigned before attempting to chain the NIC configuration to the frontend of the gateway load balancer.

1. In the search box in the Azure portal, enter Virtual machine. In the search results, select Virtual machines.

2. In Virtual machines, select the virtual machine that you want to add to the gateway load balancer. In this example, the virtual machine is named myVM1.

3. In the overview of the virtual machine, select Networking in Settings.

4. In Networking, select the name of the network interface attached to the virtual machine. In this example, it's myvm1229.

   

5. In the network interface page, select IP configurations in Settings.

6. Select lb-frontend-IP in Gateway Load balancer.

   

7. Select Save.

Azure CLI

Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer.

You add the gateway load balancer's frontend to an existing VM's NIC IP configuration.

Use az network lb frontend-ip show to place the resource ID of your gateway load balancer frontend into a variable.

Use az network lb frontend-ip update to chain the gateway load balancer frontend to your existing VM's NIC IP configuration.

 feid=$(az network lb frontend-ip show \
    --resource-group TutorGwLB-rg \
    --lb-name myLoadBalancer-gw \
    --name myFrontend \
    --query id \
    --output tsv)
    
  az network nic ip-config update \
    --resource-group MyResourceGroup
    --nic-name MyNIC 
    --name MyIPconfig 
    --gateway-lb $feid

Azure PowerShell

Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer.

You add the gateway load balancer's frontend to an existing VM's NIC IP configuration.

Use Set-AzNetworkInterfaceIpConfig to chain the gateway load balancer frontend to your existing VM's NIC IP configuration.

 ## Place the gateway load balancer configuration into a variable. ##
$par1 = @{
    ResourceGroupName = 'TutorGwLB-rg'
    Name = 'myLoadBalancer-gw'
}
$gwlb = Get-AzLoadBalancer @par1

## Place the existing NIC into a variable. ##
$par2 = @{
    ResourceGroupName = 'MyResourceGroup'
    Name = 'myNic'
}
$nic = Get-AzNetworkInterface @par2

## Chain the gateway load balancer to your existing VM NIC. ##
$par3 = @{
    Name = 'myIPconfig'
    NetworkInterface = $nic
    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
}
$config = Set-AzNetworkInterfaceIpConfig @par3

$config | Set-AzNetworkInterface

Clean up resources

Azure portal

When no longer needed, delete the resource group, load balancer, and all related resources. To do so, select the resource group load-balancer-rg that contains the resources and then select Delete.

Azure CLI

When no longer needed, you can use the az group delete command to remove the resource group, load balancer, and the remaining resources.

  az group delete \
    --name TutorGwLB-rg

Azure PowerShell

When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, load balancer, and the remaining resources.

Remove-AzResourceGroup -Name 'TutorGwLB-rg'

Next steps

Create Network Virtual Appliances in Azure.

When creating the NVAs, choose the resources created in this tutorial:

• Virtual network

• Subnet

• Network security group

• Gateway load balancer

Advance to the next article to learn how to create a cross-region Azure Load Balancer.

Global load balancer