Share via

az network vnet-gateway

Use an Azure Virtual Network Gateway to establish secure, cross-premises connectivity.

To learn more about Azure Virtual Network Gateways, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli.

Commands

Name Description Type Status
az network vnet-gateway aad

Manage AAD(Azure Active Directory) authentication of a virtual network gateway.

 Core GA
az network vnet-gateway aad assign

Assign/Update AAD(Azure Active Directory) authentication to a virtual network gateway.

 Core GA
az network vnet-gateway aad remove

Remove AAD(Azure Active Directory) authentication from a virtual network gateway.

 Core GA
az network vnet-gateway aad show

Show AAD(Azure Active Directory) authentication of a virtual network gateway.

 Core GA
az network vnet-gateway aad wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway create

Create a virtual network gateway.

 Core GA
az network vnet-gateway delete

Delete a virtual network gateway.

 Core GA
az network vnet-gateway disconnect-vpn-connections

Disconnect vpn connections of virtual network gateway.

 Core Preview
az network vnet-gateway ipsec-policy

Manage virtual network gateway IPSec policies.

 Core GA
az network vnet-gateway ipsec-policy add

Add a virtual network gateway IPSec policy.

 Core GA
az network vnet-gateway ipsec-policy clear

Delete all IPsec policies on a virtual network gateway.

 Core GA
az network vnet-gateway ipsec-policy list

List IPSec policies associated with a virtual network gateway.

 Core GA
az network vnet-gateway ipsec-policy wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway list

List virtual network gateways.

 Core GA
az network vnet-gateway list-advertised-routes

List the routes of a virtual network gateway advertised to the specified peer.

 Core GA
az network vnet-gateway list-bgp-peer-status

Retrieve the status of BGP peers.

 Core GA
az network vnet-gateway list-learned-routes

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

 Core GA
az network vnet-gateway migration

Migrate vpn gateway from basic IP CSES to Standard IP based VMSS deployment.

 Core GA
az network vnet-gateway migration abort

Trigger abort migration for the virtual network gateway.

 Core GA
az network vnet-gateway migration commit

Trigger commit migration for the virtual network gateway.

 Core GA
az network vnet-gateway migration execute

Trigger execute migration for the virtual network gateway.

 Core GA
az network vnet-gateway migration prepare

Trigger prepare migration for the virtual network gateway.

 Core GA
az network vnet-gateway nat-rule

Manage nat rule in a virtual network gateway.

 Core GA
az network vnet-gateway nat-rule add

Add nat rule in a virtual network gateway.

 Core Preview
az network vnet-gateway nat-rule list

List nat rule for a virtual network gateway.

 Core Preview
az network vnet-gateway nat-rule remove

Remove nat rule from a virtual network gateway.

 Core Preview
az network vnet-gateway nat-rule wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway packet-capture

Manage packet capture on a virtual network gateway.

 Core GA
az network vnet-gateway packet-capture start

Start packet capture on a virtual network gateway.

 Core Preview
az network vnet-gateway packet-capture stop

Stop packet capture on a virtual network gateway.

 Core Preview
az network vnet-gateway packet-capture wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway reset

Reset a virtual network gateway.

 Core GA
az network vnet-gateway revoked-cert

Manage revoked certificates in a virtual network gateway. Prevent machines using this certificate from accessing Azure through this gateway.

 Core GA
az network vnet-gateway revoked-cert create

Revoke a certificate.

 Core GA
az network vnet-gateway revoked-cert delete

Delete a revoked certificate.

 Core GA
az network vnet-gateway revoked-cert wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway root-cert

Manage root certificates of a virtual network gateway.

 Core GA
az network vnet-gateway root-cert create

Upload a root certificate.

 Core GA
az network vnet-gateway root-cert delete

Delete a root certificate.

 Core GA
az network vnet-gateway root-cert wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway show

Get the details of a virtual network gateway.

 Core GA
az network vnet-gateway show-supported-devices

Get a xml format representation for supported vpn devices.

 Core Preview
az network vnet-gateway update

Update a virtual network gateway.

 Core GA
az network vnet-gateway vpn-client

Download a VPN client configuration required to connect to Azure via point-to-site.

 Core GA
az network vnet-gateway vpn-client generate

Generate VPN client configuration.

 Core GA
az network vnet-gateway vpn-client ipsec-policy

Manage the VPN client connection ipsec-policy for P2S client connection of the virtual network gateway.

 Core GA
az network vnet-gateway vpn-client ipsec-policy set

Set the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.

 Core Preview
az network vnet-gateway vpn-client ipsec-policy show

Get the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.

 Core Preview
az network vnet-gateway vpn-client ipsec-policy wait

Place the CLI in a waiting state until a condition is met.

 Core GA
az network vnet-gateway vpn-client show-health

Get the VPN client connection health detail per P2S client connection of the virtual network gateway.

 Core Preview
az network vnet-gateway vpn-client show-url

Retrieve a pre-generated VPN client configuration.

 Core GA
az network vnet-gateway wait

Place the CLI in a waiting state until a condition is met.

 Core GA

az network vnet-gateway create

Edit

Create a virtual network gateway.

az network vnet-gateway create --name
                               --resource-group
                               --vnet
                               [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--address-prefix --address-prefixes]
                               [--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--edge-zone]
                               [--edge-zone-vnet-id]
                               [--enable-high-bandwidth --enable-high-bandwidth-vpn-gateway {0, 1, f, false, n, no, t, true, y, yes}]
                               [--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--location]
                               [--max-scale-unit]
                               [--min-scale-unit]
                               [--nat-rule --nat-rules]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address --public-ip-addresses]
                               [--radius-secret]
                               [--radius-server]
                               [--resiliency-model {MultiHomed, SingleHomed}]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--tags]
                               [--vpn-auth-type]
                               [--vpn-gateway-generation {Generation1, Generation2, None}]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Create a basic virtual network gateway for site-to-site connectivity.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --no-wait

Create a basic virtual network gateway that provides point-to-site connectivity with a RADIUS secret that matches what is configured on a RADIUS server.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 SSTP --radius-secret 111_aaa --radius-server 30.1.1.15 --vpn-gateway-generation Generation1

Create a basic virtual network gateway with multi authentication

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol OpenVPN --radius-secret 111_aaa --radius-server 30.1.1.15 --aad-issuer https://sts.windows.net/00000-000000-00000-0000-000/ --aad-tenant https://login.microsoftonline.com/000 --aad-audience 0000-000 --root-cert-name root-cert --root-cert-data "root-cert.cer" --vpn-auth-type AAD Certificate Radius

Create a virtual network gateway.

az network vnet-gateway create --gateway-type Vpn --location westus2 --name MyVnetGateway --no-wait --public-ip-addresses myVGPublicIPAddress --resource-group MyResourceGroup --sku Basic --vnet MyVnet --vpn-type PolicyBased

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.

Property Value
Parameter group: VPN Client Arguments
--allow-remote-vnet-traffic

Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-vwan-traffic

Configures this gateway to accept traffic from remote Virtual WAN networks.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--asn

Autonomous System Number to use for the BGP settings.

Property Value
Parameter group: BGP Peering Arguments
--bgp-peering-address

IP address to use for BGP peering.

Property Value
Parameter group: BGP Peering Arguments
--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property Value
Parameter group: VPN Client Arguments
--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property Value
Parameter group: VPN Client Arguments
--edge-zone

The name of edge zone.

--edge-zone-vnet-id

The Extended vnet resource id of the local gateway.

--enable-high-bandwidth --enable-high-bandwidth-vpn-gateway

To enable Advanced Connectivity feature for VPN gateway.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-private-ip

Whether private IP needs to be enabled on this gateway for connections or not.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

Property Value
Default value: Vpn
Accepted values: ExpressRoute, LocalGateway, Vpn
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-scale-unit

Maximum scale units for auto-scale configuration.

--min-scale-unit

Minimum scale units for auto-scale configuration.

--nat-rule --nat-rules

VirtualNetworkGatewayNatRule Resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --nat-rule.

Property Value
Parameter group: Nat Rule Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-weight

Weight (0-100) added to routes learned through BGP peering.

Property Value
Parameter group: BGP Peering Arguments
--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--radius-secret

Radius secret to use for authentication.

Property Value
Parameter group: VPN Client Arguments
--radius-server

Radius server address to connect to.

Property Value
Parameter group: VPN Client Arguments
--resiliency-model

Indicates if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed.

Property Value
Accepted values: MultiHomed, SingleHomed
--root-cert-data

Base64 contents of the root certificate file or file path.

Property Value
Parameter group: Root Cert Authentication Arguments
--root-cert-name

Root certificate name.

Property Value
Parameter group: Root Cert Authentication Arguments
--sku

VNet gateway SKU.

Property Value
Default value: Basic
Accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-gateway-generation

The generation for the virtual network gateway. vpn_gateway_generation should not be provided if gateway_type is not Vpn.

Property Value
Accepted values: Generation1, Generation2, None
--vpn-type

VPN routing type.

Property Value
Default value: RouteBased
Accepted values: PolicyBased, RouteBased
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway delete

Edit

Delete a virtual network gateway.

In order to delete a Virtual Network Gateway, you must first delete ALL Connection objects in Azure that are connected to the Gateway. After deleting the Gateway, proceed to delete other resources now not in use. For more information, follow the order of instructions on this page: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-delete-vnet-gateway-portal.

az network vnet-gateway delete [--ids]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--resource-group]
                               [--subscription]

Examples

Delete a virtual network gateway.

az network vnet-gateway delete -g MyResourceGroup -n MyVnetGateway

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway disconnect-vpn-connections

Edit
Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections [--ids]
                                                   [--name]
                                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--resource-group]
                                                   [--subscription]
                                                   [--vpn-connections]

Examples

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections -g MyResourceGroup -n MyVnetGateway --vpn-connections MyConnetion1ByName MyConnection2ByID

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
--vpn-connections

List of Name or ID of VPN connections. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway list

Edit

List virtual network gateways.

az network vnet-gateway list --resource-group
                             [--max-items]
                             [--next-token]

Examples

List virtual network gateways in a resource group.

az network vnet-gateway list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

Property Value
Parameter group: Pagination Arguments
--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Property Value
Parameter group: Pagination Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway list-advertised-routes

Edit

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes --peer
                                               [--ids]
                                               [--name]
                                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                               [--resource-group]
                                               [--subscription]

Examples

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Required Parameters

--peer

The IP address of the peer.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway list-bgp-peer-status

Edit

Retrieve the status of BGP peers.

az network vnet-gateway list-bgp-peer-status [--ids]
                                             [--name]
                                             [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                             [--peer]
                                             [--resource-group]
                                             [--subscription]

Examples

Retrieve the status of a BGP peer.

az network vnet-gateway list-bgp-peer-status -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer

The IP address of the peer to retrieve the status of. Default value is None.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway list-learned-routes

Edit

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

az network vnet-gateway list-learned-routes [--ids]
                                            [--name]
                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                            [--resource-group]
                                            [--subscription]

Examples

Retrieve a list of learned routes.

az network vnet-gateway list-learned-routes -g MyResourceGroup -n MyVnetGateway

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway reset

Edit

Reset a virtual network gateway.

az network vnet-gateway reset [--gateway-vip]
                              [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]

Examples

Reset a virtual network gateway.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway

Reset a virtual network gateway with Active-Active feature enabled.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway --gateway-vip MyGatewayIP

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--gateway-vip

Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.

Property Value
Default value: None
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway show

Edit

Get the details of a virtual network gateway.

az network vnet-gateway show [--ids]
                             [--name]
                             [--resource-group]
                             [--subscription]

Examples

Get the details of a virtual network gateway.

az network vnet-gateway show -g MyResourceGroup -n MyVnetGateway

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway show-supported-devices

Edit
Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices [--ids]
                                               [--name]
                                               [--resource-group]
                                               [--subscription]

Examples

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices -g MyResourceGroup -n MyVnetGateway

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway update

Edit

Update a virtual network gateway.

az network vnet-gateway update [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--add]
                               [--address-prefix --address-prefixes]
                               [--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
                               [--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
                               [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--ids]
                               [--max-scale-unit]
                               [--min-scale-unit]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address --public-ip-addresses]
                               [--radius-secret]
                               [--radius-server]
                               [--remove]
                               [--resiliency-model {MultiHomed, SingleHomed}]
                               [--resource-group]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--set]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--subscription]
                               [--tags]
                               [--vnet]
                               [--vpn-auth-type]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Change the SKU of a virtual network gateway.

az network vnet-gateway update -g MyResourceGroup -n MyVnetGateway --sku VpnGw2

Update a virtual network gateway.

az network vnet-gateway update --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 --name MyVnetGateway --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

Property Value
Parameter group: AAD Authentication Arguments
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property Value
Parameter group: Generic Update Arguments
--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.

Property Value
Parameter group: VPN Client Arguments
--allow-remote-vnet-traffic

Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-vwan-traffic

Configures this gateway to accept traffic from remote Virtual WAN networks.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--asn

Autonomous System Number to use for the BGP settings.

Property Value
Parameter group: BGP Peering Arguments
--bgp-peering-address

IP address to use for BGP peering.

Property Value
Parameter group: BGP Peering Arguments
--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property Value
Parameter group: VPN Client Arguments
--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property Value
Parameter group: VPN Client Arguments
--enable-bgp

Enable BGP (Border Gateway Protocol).

Property Value
Parameter group: BGP Peering Arguments
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-private-ip

Whether private IP needs to be enabled on this gateway for connections or not.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property Value
Parameter group: Generic Update Arguments
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

Property Value
Accepted values: ExpressRoute, LocalGateway, Vpn
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--max-scale-unit

Maximum scale units for auto-scale configuration.

--min-scale-unit

Minimum scale units for auto-scale configuration.

--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--no-wait

Do not wait for the long-running operation to finish.

Property Value
Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-weight

Weight (0-100) added to routes learned through BGP peering.

Property Value
Parameter group: BGP Peering Arguments
--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--radius-secret

Radius secret to use for authentication.

Property Value
Parameter group: VPN Client Arguments
--radius-server

Radius server address to connect to.

Property Value
Parameter group: VPN Client Arguments
--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property Value
Parameter group: Generic Update Arguments
--resiliency-model

Indicates if the Express Route Gateway has resiliency model of MultiHomed or SingleHomed.

Property Value
Accepted values: MultiHomed, SingleHomed
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--root-cert-data

Base64 contents of the root certificate file or file path.

Property Value
Parameter group: Root Cert Authentication Arguments
--root-cert-name

Root certificate name.

Property Value
Parameter group: Root Cert Authentication Arguments
--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property Value
Parameter group: Generic Update Arguments
--sku

VNet gateway SKU.

Property Value
Accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-type

VPN routing type.

Property Value
Accepted values: PolicyBased, RouteBased
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network vnet-gateway wait

Edit

Place the CLI in a waiting state until a condition is met.

az network vnet-gateway wait [--created]
                             [--custom]
                             [--deleted]
                             [--exists]
                             [--ids]
                             [--interval]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--timeout]
                             [--updated]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Property Value
Parameter group: Wait Condition Arguments
Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

Property Value
Parameter group: Wait Condition Arguments
--deleted

Wait until deleted.

Property Value
Parameter group: Wait Condition Arguments
Default value: False
--exists

Wait until the resource exists.

Property Value
Parameter group: Wait Condition Arguments
Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--interval

Polling interval in seconds.

Property Value
Parameter group: Wait Condition Arguments
Default value: 30
--name -n

Name of the VNet gateway.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
--timeout

Maximum wait in seconds.

Property Value
Parameter group: Wait Condition Arguments
Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Property Value
Parameter group: Wait Condition Arguments
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False