az network vnet-gateway
Use an Azure Virtual Network Gateway to establish secure, cross-premises connectivity.
To learn more about Azure Virtual Network Gateways, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network vnet-gateway aad |
Manage AAD(Azure Active Directory) authentication of a virtual network gateway. |
Core | GA |
| az network vnet-gateway aad assign |
Assign/Update AAD(Azure Active Directory) authentication to a virtual network gateway. |
Core | GA |
| az network vnet-gateway aad remove |
Remove AAD(Azure Active Directory) authentication from a virtual network gateway. |
Core | GA |
| az network vnet-gateway aad show |
Show AAD(Azure Active Directory) authentication of a virtual network gateway. |
Core | GA |
| az network vnet-gateway aad wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway create |
Create a virtual network gateway. |
Core | GA |
| az network vnet-gateway delete |
Delete a virtual network gateway. |
Core | GA |
| az network vnet-gateway disconnect-vpn-connections |
Disconnect vpn connections of virtual network gateway. |
Core | Preview |
| az network vnet-gateway ipsec-policy |
Manage virtual network gateway IPSec policies. |
Core | GA |
| az network vnet-gateway ipsec-policy add |
Add a virtual network gateway IPSec policy. |
Core | GA |
| az network vnet-gateway ipsec-policy clear |
Delete all IPsec policies on a virtual network gateway. |
Core | GA |
| az network vnet-gateway ipsec-policy list |
List IPSec policies associated with a virtual network gateway. |
Core | GA |
| az network vnet-gateway ipsec-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway list |
List virtual network gateways. |
Core | GA |
| az network vnet-gateway list-advertised-routes |
List the routes of a virtual network gateway advertised to the specified peer. |
Core | GA |
| az network vnet-gateway list-bgp-peer-status |
Retrieve the status of BGP peers. |
Core | GA |
| az network vnet-gateway list-learned-routes |
This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers. |
Core | GA |
| az network vnet-gateway migration |
Migrate vpn gateway from basic IP CSES to Standard IP based VMSS deployment. |
Core | GA |
| az network vnet-gateway migration abort |
Trigger abort migration for the virtual network gateway. |
Core | GA |
| az network vnet-gateway migration commit |
Trigger commit migration for the virtual network gateway. |
Core | GA |
| az network vnet-gateway migration execute |
Trigger execute migration for the virtual network gateway. |
Core | GA |
| az network vnet-gateway migration prepare |
Trigger prepare migration for the virtual network gateway. |
Core | GA |
| az network vnet-gateway nat-rule |
Manage nat rule in a virtual network gateway. |
Core | GA |
| az network vnet-gateway nat-rule add |
Add nat rule in a virtual network gateway. |
Core | Preview |
| az network vnet-gateway nat-rule list |
List nat rule for a virtual network gateway. |
Core | Preview |
| az network vnet-gateway nat-rule remove |
Remove nat rule from a virtual network gateway. |
Core | Preview |
| az network vnet-gateway nat-rule wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway packet-capture |
Manage packet capture on a virtual network gateway. |
Core | GA |
| az network vnet-gateway packet-capture start |
Start packet capture on a virtual network gateway. |
Core | Preview |
| az network vnet-gateway packet-capture stop |
Stop packet capture on a virtual network gateway. |
Core | Preview |
| az network vnet-gateway packet-capture wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway reset |
Reset a virtual network gateway. |
Core | GA |
| az network vnet-gateway revoked-cert |
Manage revoked certificates in a virtual network gateway. Prevent machines using this certificate from accessing Azure through this gateway. |
Core | GA |
| az network vnet-gateway revoked-cert create |
Revoke a certificate. |
Core | GA |
| az network vnet-gateway revoked-cert delete |
Delete a revoked certificate. |
Core | GA |
| az network vnet-gateway revoked-cert wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway root-cert |
Manage root certificates of a virtual network gateway. |
Core | GA |
| az network vnet-gateway root-cert create |
Upload a root certificate. |
Core | GA |
| az network vnet-gateway root-cert delete |
Delete a root certificate. |
Core | GA |
| az network vnet-gateway root-cert wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway show |
Get the details of a virtual network gateway. |
Core | GA |
| az network vnet-gateway show-supported-devices |
Get a xml format representation for supported vpn devices. |
Core | Preview |
| az network vnet-gateway update |
Update a virtual network gateway. |
Core | GA |
| az network vnet-gateway vpn-client |
Download a VPN client configuration required to connect to Azure via point-to-site. |
Core | GA |
| az network vnet-gateway vpn-client generate |
Generate VPN client configuration. |
Core | GA |
| az network vnet-gateway vpn-client ipsec-policy |
Manage the VPN client connection ipsec-policy for P2S client connection of the virtual network gateway. |
Core | GA |
| az network vnet-gateway vpn-client ipsec-policy set |
Set the VPN client connection ipsec policy per P2S client connection of the virtual network gateway. |
Core | Preview |
| az network vnet-gateway vpn-client ipsec-policy show |
Get the VPN client connection ipsec policy per P2S client connection of the virtual network gateway. |
Core | Preview |
| az network vnet-gateway vpn-client ipsec-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vnet-gateway vpn-client show-health |
Get the VPN client connection health detail per P2S client connection of the virtual network gateway. |
Core | Preview |
| az network vnet-gateway vpn-client show-url |
Retrieve a pre-generated VPN client configuration. |
Core | GA |
| az network vnet-gateway wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network vnet-gateway create
Create a virtual network gateway.
az network vnet-gateway create --name
--resource-group
--vnet
[--aad-audience]
[--aad-issuer]
[--aad-tenant]
[--address-prefix --address-prefixes]
[--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
[--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
[--asn]
[--bgp-peering-address]
[--client-protocol]
[--custom-routes]
[--edge-zone]
[--edge-zone-vnet-id]
[--enable-high-bandwidth --enable-high-bandwidth-vpn-gateway {0, 1, f, false, n, no, t, true, y, yes}]
[--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
[--gateway-default-site]
[--gateway-type {ExpressRoute, LocalGateway, Vpn}]
[--location]
[--max-scale-unit]
[--min-scale-unit]
[--nat-rule --nat-rules]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--peer-weight]
[--public-ip-address --public-ip-addresses]
[--radius-secret]
[--radius-server]
[--resiliency-model {MultiHomed, SingleHomed}]
[--root-cert-data]
[--root-cert-name]
[--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
[--tags]
[--vpn-auth-type]
[--vpn-gateway-generation {Generation1, Generation2, None}]
[--vpn-type {PolicyBased, RouteBased}]Examples
Create a basic virtual network gateway for site-to-site connectivity.
az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --no-waitCreate a basic virtual network gateway that provides point-to-site connectivity with a RADIUS secret that matches what is configured on a RADIUS server.
az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 SSTP --radius-secret 111_aaa --radius-server 30.1.1.15 --vpn-gateway-generation Generation1Create a basic virtual network gateway with multi authentication
az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol OpenVPN --radius-secret 111_aaa --radius-server 30.1.1.15 --aad-issuer https://sts.windows.net/00000-000000-00000-0000-000/ --aad-tenant https://login.microsoftonline.com/000 --aad-audience 0000-000 --root-cert-name root-cert --root-cert-data "root-cert.cer" --vpn-auth-type AAD Certificate RadiusCreate a virtual network gateway.
az network vnet-gateway create --gateway-type Vpn --location westus2 --name MyVnetGateway --no-wait --public-ip-addresses myVGPublicIPAddress --resource-group MyResourceGroup --sku Basic --vnet MyVnet --vpn-type PolicyBasedRequired Parameters
Name of the VNet gateway.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.
Optional Parameters
The AADAudience ID of the VirtualNetworkGateway.
The AAD Issuer URI of the VirtualNetworkGateway.
The AAD Tenant URI of the VirtualNetworkGateway.
Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.
Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.
Configures this gateway to accept traffic from remote Virtual WAN networks.
Autonomous System Number to use for the BGP settings.
IP address to use for BGP peering.
Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of edge zone.
The Extended vnet resource id of the local gateway.
To enable Advanced Connectivity feature for VPN gateway.
Whether private IP needs to be enabled on this gateway for connections or not.
Name or ID of a local network gateway representing a local network site with default routes.
The gateway type.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Maximum scale units for auto-scale configuration.
Minimum scale units for auto-scale configuration.
VirtualNetworkGatewayNatRule Resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --nat-rule.
Do not wait for the long-running operation to finish.
Weight (0-100) added to routes learned through BGP peering.
Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Radius secret to use for authentication.
Radius server address to connect to.
Indicates if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed.
Base64 contents of the root certificate file or file path.
Root certificate name.
VNet gateway SKU.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The generation for the virtual network gateway. vpn_gateway_generation should not be provided if gateway_type is not Vpn.
VPN routing type.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway delete
Delete a virtual network gateway.
In order to delete a Virtual Network Gateway, you must first delete ALL Connection objects in Azure that are connected to the Gateway. After deleting the Gateway, proceed to delete other resources now not in use. For more information, follow the order of instructions on this page: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-delete-vnet-gateway-portal.
az network vnet-gateway delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete a virtual network gateway.
az network vnet-gateway delete -g MyResourceGroup -n MyVnetGatewayOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway disconnect-vpn-connections
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Disconnect vpn connections of virtual network gateway.
az network vnet-gateway disconnect-vpn-connections [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
[--vpn-connections]Examples
Disconnect vpn connections of virtual network gateway.
az network vnet-gateway disconnect-vpn-connections -g MyResourceGroup -n MyVnetGateway --vpn-connections MyConnetion1ByName MyConnection2ByIDOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
List of Name or ID of VPN connections. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway list
List virtual network gateways.
az network vnet-gateway list --resource-group
[--max-items]
[--next-token]Examples
List virtual network gateways in a resource group.
az network vnet-gateway list -g MyResourceGroupRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway list-advertised-routes
List the routes of a virtual network gateway advertised to the specified peer.
az network vnet-gateway list-advertised-routes --peer
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
List the routes of a virtual network gateway advertised to the specified peer.
az network vnet-gateway list-advertised-routes -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9Required Parameters
The IP address of the peer.
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway list-bgp-peer-status
Retrieve the status of BGP peers.
az network vnet-gateway list-bgp-peer-status [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--peer]
[--resource-group]
[--subscription]Examples
Retrieve the status of a BGP peer.
az network vnet-gateway list-bgp-peer-status -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
The IP address of the peer to retrieve the status of. Default value is None.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway list-learned-routes
This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.
az network vnet-gateway list-learned-routes [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Retrieve a list of learned routes.
az network vnet-gateway list-learned-routes -g MyResourceGroup -n MyVnetGatewayOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway reset
Reset a virtual network gateway.
az network vnet-gateway reset [--gateway-vip]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Reset a virtual network gateway.
az network vnet-gateway reset -g MyResourceGroup -n MyVnetGatewayReset a virtual network gateway with Active-Active feature enabled.
az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway --gateway-vip MyGatewayIPOptional Parameters
Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway show
Get the details of a virtual network gateway.
az network vnet-gateway show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get the details of a virtual network gateway.
az network vnet-gateway show -g MyResourceGroup -n MyVnetGatewayOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway show-supported-devices
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a xml format representation for supported vpn devices.
az network vnet-gateway show-supported-devices [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get a xml format representation for supported vpn devices.
az network vnet-gateway show-supported-devices -g MyResourceGroup -n MyVnetGatewayOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the VNet gateway.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway update
Update a virtual network gateway.
az network vnet-gateway update [--aad-audience]
[--aad-issuer]
[--aad-tenant]
[--add]
[--address-prefix --address-prefixes]
[--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
[--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
[--asn]
[--bgp-peering-address]
[--client-protocol]
[--custom-routes]
[--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
[--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--gateway-default-site]
[--gateway-type {ExpressRoute, LocalGateway, Vpn}]
[--ids]
[--max-scale-unit]
[--min-scale-unit]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--peer-weight]
[--public-ip-address --public-ip-addresses]
[--radius-secret]
[--radius-server]
[--remove]
[--resiliency-model {MultiHomed, SingleHomed}]
[--resource-group]
[--root-cert-data]
[--root-cert-name]
[--set]
[--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
[--subscription]
[--tags]
[--vnet]
[--vpn-auth-type]
[--vpn-type {PolicyBased, RouteBased}]Examples
Change the SKU of a virtual network gateway.
az network vnet-gateway update -g MyResourceGroup -n MyVnetGateway --sku VpnGw2Update a virtual network gateway.
az network vnet-gateway update --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 --name MyVnetGateway --resource-group MyResourceGroupOptional Parameters
The AADAudience ID of the VirtualNetworkGateway.
The AAD Issuer URI of the VirtualNetworkGateway.
The AAD Tenant URI of the VirtualNetworkGateway.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.
Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.
Configures this gateway to accept traffic from remote Virtual WAN networks.
Autonomous System Number to use for the BGP settings.
IP address to use for BGP peering.
Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable BGP (Border Gateway Protocol).
Whether private IP needs to be enabled on this gateway for connections or not.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Name or ID of a local network gateway representing a local network site with default routes.
The gateway type.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Maximum scale units for auto-scale configuration.
Minimum scale units for auto-scale configuration.
Name of the VNet gateway.
Do not wait for the long-running operation to finish.
Weight (0-100) added to routes learned through BGP peering.
Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Radius secret to use for authentication.
Radius server address to connect to.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Indicates if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Base64 contents of the root certificate file or file path.
Root certificate name.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
VNet gateway SKU.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.
VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
VPN routing type.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway wait
Place the CLI in a waiting state until a condition is met.
az network vnet-gateway wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the VNet gateway.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
