![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 39%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,717 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the requirements and considerations for connecting Azure to your OnPremises.
Of course, this entirely depends on your business requirements and architecture.
Refer to the planning table here comparing VPN Gateway and ExpressRoute: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#planningtable
You must consider the SKUs, supported features and cost before setting the connection
Azure VPN Gateway :
- This is better suited for architecture with a few sites
- This creates an Encrypted Tunnel Over Internet and hence latency is dependent on the ISP and internet factors
- Limited Bandwidth based on the SKU of the Gateway used
- Gateway SKU Comparison : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#benchmark
- Throughput is limited by the latency and bandwidth between your premises and the Internet.
- You must also have a local firewall device on your OnPremises and that must support the algorithms and cryptographic requirements offered by Azure VPN Gateway : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto
- FAQ : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq
- Additional features:
- Limits : https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#virtual-network-gateway-limits
Azure ExpressRoute:
- This is suited for scenarios where high throughput and large date ingestion is required.
- This uses a physical underlying connection and hence we get a fixed bandwidth and latency.
- ExpressRoute prerequisites & checklist : https://learn.microsoft.com/en-us/azure/expressroute/expressroute-prerequisites
- You shall require a Service Provider to provision your circuit
- ExpressRoute connectivity models : https://learn.microsoft.com/en-us/azure/expressroute/expressroute-connectivity-models
- You will require an ExpressRoute circuit alongside an ExpressRoute Gateway
- FAQ : https://learn.microsoft.com/en-us/azure/expressroute/expressroute-faqs
- Additional features :
- FastPath : FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
- Direct : ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.
- Global Reach: With ExpressRoute Global Reach, you can link ExpressRoute circuits together to make a private network between your on-premises networks.
- Direct : ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.
- FastPath : FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
- Limits : https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#expressroute-limits
Hope this helps.
Kindly let us know if you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.