az network vnet-gateway

Use an Azure Virtual Network Gateway to establish secure, cross-premises connectivity.

To learn more about Azure Virtual Network Gateways, visit https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli.

Commands

az network vnet-gateway create Create a virtual network gateway.
az network vnet-gateway delete Delete a virtual network gateway.
az network vnet-gateway list List virtual network gateways.
az network vnet-gateway list-advertised-routes List the routes of a virtual network gateway advertised to the specified peer.
az network vnet-gateway list-bgp-peer-status Retrieve the status of BGP peers.
az network vnet-gateway list-learned-routes This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.
az network vnet-gateway reset Reset a virtual network gateway.
az network vnet-gateway show Get the details of a virtual network gateway.
az network vnet-gateway update Update a virtual network gateway.
az network vnet-gateway vpn-client Download a VPN client configuration required to connect to Azure via point-to-site.
az network vnet-gateway vpn-client generate Generate VPN client configuration.
az network vnet-gateway vpn-client show-url Retrieve a pre-generated VPN client configuration.
az network vnet-gateway wait Place the CLI in a waiting state until a condition of the virtual network gateway is met.

az network vnet-gateway create

Create a virtual network gateway.

az network vnet-gateway create --name
--public-ip-addresses
--resource-group
--vnet
[--address-prefixes]
[--asn]
[--bgp-peering-address]
[--client-protocol {IkeV2, OpenVPN, SSTP}]
[--gateway-type {ExpressRoute, Vpn}]
[--location]
[--no-wait]
[--peer-weight]
[--radius-secret]
[--radius-server]
[--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ}]
[--tags]
[--vpn-type {PolicyBased, RouteBased}]

Examples

Create a basic virtual network gateway for site-to-site connectivity.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp \
                            --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --no-wait

Create a basic virtual network gateway that provides point-to-site connectivity with a RADIUS secret that matches what is configured on a RADIUS server.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp \
                            --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 \
                            --client-protocol IkeV2 SSTP --radius-secret 111_aaa --radius-server 30.1.1.15

Required Parameters

--name -n

Name of the VNet gateway.

--public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

Optional Parameters

--address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S client.

--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting.

accepted values: IkeV2, OpenVPN, SSTP
--gateway-type

The gateway type.

accepted values: ExpressRoute, Vpn
default value: Vpn
--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

--no-wait

Do not wait for the long-running operation to finish.

--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--sku

VNet gateway SKU.

accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ
default value: Basic
--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vpn-type

VPN routing type.

accepted values: PolicyBased, RouteBased
default value: RouteBased

az network vnet-gateway delete

Delete a virtual network gateway.

az network vnet-gateway delete --name
--resource-group
[--no-wait]

Examples

Delete a virtual network gateway.

az network vnet-gateway delete -g MyResourceGroup -n MyVnetGateway

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az network vnet-gateway list

List virtual network gateways.

az network vnet-gateway list --resource-group

Examples

List virtual network gateways in a resource group.

az network vnet-gateway list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network vnet-gateway list-advertised-routes

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes --name
--peer
--resource-group

Examples

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Required Parameters

--name -n

Name of the VNet gateway.

--peer

The IP address of the peer.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network vnet-gateway list-bgp-peer-status

Retrieve the status of BGP peers.

az network vnet-gateway list-bgp-peer-status --name
--resource-group
[--peer]

Examples

Retrieve the status of a BGP peer.

az network vnet-gateway list-bgp-peer-status -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--peer

The IP address of the peer to retrieve the status of.

az network vnet-gateway list-learned-routes

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

az network vnet-gateway list-learned-routes --name
--resource-group

Examples

Retrieve a list of learned routes.

az network vnet-gateway list-learned-routes -g MyResourceGroup -n MyVnetGateway

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network vnet-gateway reset

Reset a virtual network gateway.

az network vnet-gateway reset --name
--resource-group
[--gateway-vip]

Examples

Reset a virtual network gateway.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway

Reset a virtual network gateway with Active-Active feature enabled.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway --gateway-vip MyGatewayIP

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--gateway-vip

Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.

az network vnet-gateway show

Get the details of a virtual network gateway.

az network vnet-gateway show --name
--resource-group

Examples

Get the details of a virtual network gateway.

az network vnet-gateway show -g MyResourceGroup -n MyVnetGateway

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network vnet-gateway update

Update a virtual network gateway.

az network vnet-gateway update --name
--resource-group
[--add]
[--address-prefixes]
[--asn]
[--bgp-peering-address]
[--client-protocol {IkeV2, OpenVPN, SSTP}]
[--enable-bgp {false, true}]
[--force-string]
[--gateway-type {ExpressRoute, Vpn}]
[--no-wait]
[--peer-weight]
[--public-ip-addresses]
[--radius-secret]
[--radius-server]
[--remove]
[--set]
[--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ}]
[--tags]
[--vnet]
[--vpn-type {PolicyBased, RouteBased}]

Examples

Change the SKU of a virtual network gateway.

az network vnet-gateway update -g MyResourceGroup -n MyVnetGateway --sku VpnGw2

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S client.

--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting.

accepted values: IkeV2, OpenVPN, SSTP
--enable-bgp

Enable BGP (Border Gateway Protocol).

accepted values: false, true
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--gateway-type

The gateway type.

accepted values: ExpressRoute, Vpn
--no-wait

Do not wait for the long-running operation to finish.

--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

VNet gateway SKU.

accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ
--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vnet

Name or ID of a virtual network that contains a subnet named 'GatewaySubnet'.

--vpn-type

VPN routing type.

accepted values: PolicyBased, RouteBased

az network vnet-gateway wait

Place the CLI in a waiting state until a condition of the virtual network gateway is met.

az network vnet-gateway wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]

Examples

Pause CLI until the virtual network gateway is created.

az network vnet-gateway wait -g MyResourceGroup -n MyVnetGateway --created

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.