Change a gateway SKU
This article helps you change a VPN Gateway virtual network gateway SKU. Before beginning the workflow to change your SKU, check the table in the Considerations section of this article to see if you can, instead, resize your SKU. If you have the option to resize a SKU, select that method rather than changing a SKU.
When you want to move to another SKU, there are multiple methods to choose from. The method you choose depends on the gateway SKU that you're starting from.
Resize a SKU: When you resize a SKU, you incur very little downtime. You don't need to follow a workflow to resize a SKU. You can resize a SKU quickly and easily in the Azure portal. Or, you can use PowerShell or the Azure CLI. You don't need to reconfigure your VPN device or your P2S clients.
Change a SKU: If you can't resize your SKU, you can change your SKU using a specific Workflow. Changing a SKU incurs more downtime than resizing. Additionally, there are multiple resources that need to be reconfigured when using this method.
Note
The steps in this article apply to current Resource Manager deployments and not to legacy classic (service management) deployments.
Considerations
There are a number of things to consider when moving to a new gateway SKU. This section outlines the main items and also provides a table that helps you select the best method to use.
- You can't resize to downgrade a SKU.
- You can't resize a legacy SKU to one of the newer Azure SKUs (VpnGw1, VpnGw2AZ etc.) Legacy SKUs for the Resource Manager deployment model are: Standard, and High Performance. You must instead, change the SKU.
- You can resize a gateway SKU as long as it is in the same generation, except for the Basic SKU.
- You can change a Basic SKU to another SKU.
- When you change from a legacy SKU to a new SKU, you'll have connectivity downtime.
- When you change to a new gateway SKU, the public IP address for your VPN gateway changes. This happens even if you specified the same public IP address object that you used previously.
- If you have a classic VPN gateway, you must continue using the older legacy SKUs for that gateway. However, you can resize between the legacy SKUs available for classic gateways. You can't change to the new SKUs.
- Standard and High Performance legacy SKUs are being deprecated. See Legacy SKU deprecation for SKU migration and upgrade timelines.
The following table helps you understand the required method to move from one SKU to another.
Starting SKU | Target SKU | Resize | Change |
---|---|---|---|
Basic SKU | Any other SKU | No | Yes |
Standard SKU | New Azure SKUs | No | Yes |
Standard SKU | HighPerformance SKU | No | Not required |
HighPerformance | New Azure SKUs | No | Yes |
Generation 1 SKU | Generation 1 SKU | Yes | Not required |
Generation 1 SKU | Generation 1 AZ SKU | No | Yes |
Generation 1 AZ SKU | Generation 1 AZ SKU | Yes | Not required |
Generation 1 AZ SKU | Generation 2 AZ SKU | No | Yes |
Generation 2 SKU | Generation 2 SKU | Yes | Not required |
Generation 2 SKU | Generation 2 AZ SKU | No | Yes |
Generation 2 AZ SKU | Generation 2 AZ SKU | Yes | Not required |
Workflow
The following steps illustrate the workflow to change a SKU.
- Remove any connections to the virtual network gateway.
- Delete the old VPN gateway.
- Create the new VPN gateway.
- Update your on-premises VPN devices with the new VPN gateway IP address (for site-to-site connections).
- Update the gateway IP address value for any VNet-to-VNet local network gateways that connect to this gateway.
- Download new client VPN configuration packages for point-to-site clients connecting to the virtual network through this VPN gateway.
- Recreate the connections to the virtual network gateway.
Next steps
For more information about SKUs, see VPN Gateway settings.