az network vnet-gateway

Use an Azure Virtual Network Gateway to establish secure, cross-premises connectivity.

To learn more about Azure Virtual Network Gateways, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli.

Commands

az network vnet-gateway aad	Manage AAD(Azure Active Directory) authentication of a virtual network gateway.
az network vnet-gateway aad assign	Assign/Update AAD(Azure Active Directory) authentication to a virtual network gateway.
az network vnet-gateway aad remove	Remove AAD(Azure Active Directory) authentication from a virtual network gateway.
az network vnet-gateway aad show	Show AAD(Azure Active Directory) authentication of a virtual network gateway.
az network vnet-gateway aad wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway create	Create a virtual network gateway.
az network vnet-gateway delete	Delete a virtual network gateway.
az network vnet-gateway disconnect-vpn-connections	Disconnect vpn connections of virtual network gateway.
az network vnet-gateway ipsec-policy	Manage virtual network gateway IPSec policies.
az network vnet-gateway ipsec-policy add	Add a virtual network gateway IPSec policy.
az network vnet-gateway ipsec-policy clear	Delete all IPsec policies on a virtual network gateway.
az network vnet-gateway ipsec-policy list	List IPSec policies associated with a virtual network gateway.
az network vnet-gateway ipsec-policy wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway list	List virtual network gateways.
az network vnet-gateway list-advertised-routes	List the routes of a virtual network gateway advertised to the specified peer.
az network vnet-gateway list-bgp-peer-status	Retrieve the status of BGP peers.
az network vnet-gateway list-learned-routes	This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.
az network vnet-gateway nat-rule	Manage nat rule in a virtual network gateway.
az network vnet-gateway nat-rule add	Add nat rule in a virtual network gateway.
az network vnet-gateway nat-rule list	List nat rule for a virtual network gateway.
az network vnet-gateway nat-rule remove	Remove nat rule from a virtual network gateway.
az network vnet-gateway nat-rule wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway packet-capture	Manage packet capture on a virtual network gateway.
az network vnet-gateway packet-capture start	Start packet capture on a virtual network gateway.
az network vnet-gateway packet-capture stop	Stop packet capture on a virtual network gateway.
az network vnet-gateway packet-capture wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway reset	Reset a virtual network gateway.
az network vnet-gateway revoked-cert	Manage revoked certificates in a virtual network gateway. Prevent machines using this certificate from accessing Azure through this gateway.
az network vnet-gateway revoked-cert create	Revoke a certificate.
az network vnet-gateway revoked-cert delete	Delete a revoked certificate.
az network vnet-gateway revoked-cert wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway root-cert	Manage root certificates of a virtual network gateway.
az network vnet-gateway root-cert create	Upload a root certificate.
az network vnet-gateway root-cert delete	Delete a root certificate.
az network vnet-gateway root-cert wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway show	Get the details of a virtual network gateway.
az network vnet-gateway show-supported-devices	Get a xml format representation for supported vpn devices.
az network vnet-gateway update	Update a virtual network gateway.
az network vnet-gateway vpn-client	Download a VPN client configuration required to connect to Azure via point-to-site.
az network vnet-gateway vpn-client generate	Generate VPN client configuration.
az network vnet-gateway vpn-client ipsec-policy	Manage the VPN client connection ipsec-policy for P2S client connection of the virtual network gateway.
az network vnet-gateway vpn-client ipsec-policy set	Set the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.
az network vnet-gateway vpn-client ipsec-policy show	Get the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.
az network vnet-gateway vpn-client ipsec-policy wait	Place the CLI in a waiting state until a condition is met.
az network vnet-gateway vpn-client show-health	Get the VPN client connection health detail per P2S client connection of the virtual network gateway.
az network vnet-gateway vpn-client show-url	Retrieve a pre-generated VPN client configuration.
az network vnet-gateway wait	Place the CLI in a waiting state until a condition is met.

az network vnet-gateway create

Create a virtual network gateway.

az network vnet-gateway create --name
                               --resource-group
                               --vnet
                               [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--address-prefix]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--edge-zone]
                               [--edge-zone-vnet-id]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--location]
                               [--nat-rule]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address]
                               [--radius-secret]
                               [--radius-server]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--tags]
                               [--vpn-auth-type]
                               [--vpn-gateway-generation {Generation1, Generation2, None}]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Create a basic virtual network gateway for site-to-site connectivity.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --no-wait

Create a basic virtual network gateway that provides point-to-site connectivity with a RADIUS secret that matches what is configured on a RADIUS server.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 SSTP --radius-secret 111_aaa --radius-server 30.1.1.15 --vpn-gateway-generation Generation1

Create a basic virtual network gateway with multi authentication

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol OpenVPN --radius-secret 111_aaa --radius-server 30.1.1.15 --aad-issuer https://sts.windows.net/00000-000000-00000-0000-000/ --aad-tenant https://login.microsoftonline.com/000 --aad-audience 0000-000 --root-cert-name root-cert --root-cert-data "root-cert.cer" --vpn-auth-type AAD Certificate Radius

Create a virtual network gateway.

az network vnet-gateway create --gateway-type Vpn --location westus2 --name MyVnetGateway --no-wait --public-ip-addresses myVGPublicIPAddress --resource-group MyResourceGroup --sku Basic --vnet MyVnet --vpn-type PolicyBased

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

Optional Parameters

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more. Singular flags: --address-prefix.

--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--edge-zone

The name of edge zone.

--edge-zone-vnet-id

The Extended vnet resource id of the local gateway.

--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

accepted values: ExpressRoute, LocalGateway, Vpn

default value: Vpn

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--nat-rule --nat-rules

VirtualNetworkGatewayNatRule Resource. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more. Singular flags: --nat-rule.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--root-cert-data

Base64 contents of the root certificate file or file path.

--root-cert-name

Root certificate name.

--sku

VNet gateway SKU.

accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ

default value: Basic

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--vpn-gateway-generation

The generation for the virtual network gateway. vpn_gateway_generation should not be provided if gateway_type is not Vpn.

accepted values: Generation1, Generation2, None

--vpn-type

VPN routing type.

accepted values: PolicyBased, RouteBased

default value: RouteBased

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway delete

Delete a virtual network gateway.

In order to delete a Virtual Network Gateway, you must first delete ALL Connection objects in Azure that are connected to the Gateway. After deleting the Gateway, proceed to delete other resources now not in use. For more information, follow the order of instructions on this page: https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-delete-vnet-gateway-portal.

az network vnet-gateway delete [--ids]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--resource-group]
                               [--subscription]

Examples

Delete a virtual network gateway.

az network vnet-gateway delete -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway disconnect-vpn-connections

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections [--ids]
                                                   [--name]
                                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--resource-group]
                                                   [--subscription]
                                                   [--vpn-connections]

Examples

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections -g MyResourceGroup -n MyVnetGateway --vpn-connections MyConnetion1ByName MyConnection2ByID

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vpn-connections

List of Name or ID of VPN connections. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list

List virtual network gateways.

az network vnet-gateway list --resource-group

Examples

List virtual network gateways in a resource group.

az network vnet-gateway list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-advertised-routes

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes --peer
                                               [--ids]
                                               [--name]
                                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                               [--resource-group]
                                               [--subscription]

Examples

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Required Parameters

--peer

The IP address of the peer.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-bgp-peer-status

Retrieve the status of BGP peers.

az network vnet-gateway list-bgp-peer-status [--ids]
                                             [--name]
                                             [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                             [--peer]
                                             [--resource-group]
                                             [--subscription]

Examples

Retrieve the status of a BGP peer.

az network vnet-gateway list-bgp-peer-status -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--peer

The IP address of the peer to retrieve the status of. Default value is None.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-learned-routes

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

az network vnet-gateway list-learned-routes [--ids]
                                            [--name]
                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                            [--resource-group]
                                            [--subscription]

Examples

Retrieve a list of learned routes.

az network vnet-gateway list-learned-routes -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway reset

Reset a virtual network gateway.

az network vnet-gateway reset [--gateway-vip]
                              [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]

Examples

Reset a virtual network gateway.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway

Reset a virtual network gateway with Active-Active feature enabled.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway --gateway-vip MyGatewayIP

Optional Parameters

--gateway-vip

Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.

default value: None

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway show

Get the details of a virtual network gateway.

az network vnet-gateway show [--ids]
                             [--name]
                             [--resource-group]
                             [--subscription]

Examples

Get the details of a virtual network gateway.

az network vnet-gateway show -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway show-supported-devices

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices [--ids]
                                               [--name]
                                               [--resource-group]
                                               [--subscription]

Examples

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway update

Update a virtual network gateway.

az network vnet-gateway update [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--add]
                               [--address-prefix]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
                               [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--ids]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address]
                               [--radius-secret]
                               [--radius-server]
                               [--remove]
                               [--resource-group]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--set]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--subscription]
                               [--tags]
                               [--vnet]
                               [--vpn-auth-type]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Change the SKU of a virtual network gateway.

az network vnet-gateway update -g MyResourceGroup -n MyVnetGateway --sku VpnGw2

Update a virtual network gateway.

az network vnet-gateway update --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 --name MyVnetGateway --resource-group MyResourceGroup

Optional Parameters

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more. Singular flags: --address-prefix.

--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--enable-bgp

Enable BGP (Border Gateway Protocol).

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

accepted values: ExpressRoute, LocalGateway, Vpn

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--root-cert-data

Base64 contents of the root certificate file or file path.

--root-cert-name

Root certificate name.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

VNet gateway SKU.

accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

--vpn-type

VPN routing type.

accepted values: PolicyBased, RouteBased

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway wait

Place the CLI in a waiting state until a condition is met.

az network vnet-gateway wait [--created]
                             [--custom]
                             [--deleted]
                             [--exists]
                             [--ids]
                             [--interval]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--timeout]
                             [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False

--exists

Wait until the resource exists.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.