你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Set-AzVirtualNetworkGateway

参考

模块:: Az.Network

更新虚拟网络网关。

语法

Set-AzVirtualNetworkGateway
   -VirtualNetworkGateway <PSVirtualNetworkGateway>
   [-GatewaySku <String>]
   [-GatewayDefaultSite <PSLocalNetworkGateway>]
   [-VpnClientAddressPool <String[]>]
   [-VpnClientProtocol <String[]>]
   [-VpnAuthenticationType <String[]>]
   [-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
   [-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
   [-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
   [-Asn <UInt32>]
   [-PeerWeight <Int32>]
   [-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
   [-EnableActiveActiveFeature]
   [-EnablePrivateIpAddress <Boolean>]
   [-DisableActiveActiveFeature]
   [-RadiusServerAddress <String>]
   [-RadiusServerSecret <SecureString>]
   [-RadiusServerList <PSRadiusServer[]>]
   [-AadTenantUri <String>]
   [-AadAudienceId <String>]
   [-AadIssuerUri <String>]
   [-RemoveAadAuthentication]
   [-CustomRoute <String[]>]
   [-NatRule <PSVirtualNetworkGatewayNatRule[]>]
   [-BgpRouteTranslationForNat <Boolean>]
   [-MinScaleUnit <Int32>]
   [-MaxScaleUnit <Int32>]
   [-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
   [-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
   [-AdminState <String>]
   [-AllowRemoteVnetTraffic <Boolean>]
   [-AllowVirtualWanTraffic <Boolean>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-AzVirtualNetworkGateway
   -VirtualNetworkGateway <PSVirtualNetworkGateway>
   [-GatewaySku <String>]
   [-GatewayDefaultSite <PSLocalNetworkGateway>]
   [-VpnClientAddressPool <String[]>]
   [-VpnClientProtocol <String[]>]
   [-VpnAuthenticationType <String[]>]
   [-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
   [-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
   [-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
   [-Asn <UInt32>]
   [-PeerWeight <Int32>]
   [-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
   [-EnableActiveActiveFeature]
   [-EnablePrivateIpAddress <Boolean>]
   [-DisableActiveActiveFeature]
   [-RadiusServerAddress <String>]
   [-RadiusServerSecret <SecureString>]
   [-RadiusServerList <PSRadiusServer[]>]
   [-AadTenantUri <String>]
   [-AadAudienceId <String>]
   [-AadIssuerUri <String>]
   [-RemoveAadAuthentication]
   [-CustomRoute <String[]>]
   [-NatRule <PSVirtualNetworkGatewayNatRule[]>]
   [-BgpRouteTranslationForNat <Boolean>]
   [-MinScaleUnit <Int32>]
   [-MaxScaleUnit <Int32>]
   [-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
   [-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
   [-AdminState <String>]
   [-AllowRemoteVnetTraffic <Boolean>]
   [-AllowVirtualWanTraffic <Boolean>]
   -Tag <Hashtable>
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

说明

Set-AzVirtualNetworkGateway cmdlet 更新虚拟网络网关。

示例

示例 1：更新虚拟网络网关的 ASN

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Asn 1337

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为$Gateway第二个命令更新存储在变量$Gateway中的虚拟网络网关。该命令还将 ASN 设置为 1337。

示例 2：将 IPsec 策略添加到虚拟网络网关

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vpnclientipsecpolicy = New-AzVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86472 -SADataSize 429497 -IkeEncryption AES256 -IkeIntegrity SHA256 -DhGroup DHGroup2 -PfsGroup None
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientIpsecPolicy $vpnclientipsecpolicy

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为$Gateway第二个命令创建的 Vpn ipsec 策略对象（根据指定的 ipsec 参数）。第三个命令更新存储在变量$Gateway中的虚拟网络网关。该命令还设置虚拟网络网关上$vpnclientipsecpolicy对象中指定的自定义 vpn ipsec 策略。

示例 3：向现有虚拟网络网关添加/更新标记

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Tag @{ testtagKey="SomeTagKey"; testtagValue="SomeKeyValue" }

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westus
Id                     : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid           : 00000000-0000-0000-0000-000000000000
ProvisioningState      : Succeeded
Tags                   :
                         Name          Value
                         ============  ============
                         testtagValue  SomeKeyValue
                         testtagKey    SomeTagKey

IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
                             },
                             "Name": "vng1ipConfig",
                             "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
                             "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "1.2.3.4",
                           "PeerWeight": 0
                         }

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001 并将其存储在名为$Gateway第二个命令使用标记 @{ testtagKey=“SomeTagKey”; testtagValue=“SomeKeyValue” }更新虚拟网络网关 Gateway01。

示例 4：为现有虚拟网络网关的 VpnClient 添加/更新 AAD 身份验证配置

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -AadTenantUri "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4" -AadIssuerUri "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/" -AadAudienceId "a21fce82-76af-45e6-8583-a08cb3b956f9"

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westus
Id                     : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid           : 00000000-0000-0000-0000-000000000000
ProvisioningState      : Succeeded
Tags                   :
                         Name          Value
                         ============  ============
                         testtagValue  SomeKeyValue
                         testtagKey    SomeTagKey

IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
                             },
                             "Name": "vng1ipConfig",
                             "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
                             "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
vpnClientConfiguration : {
                    "vpnClientProtocols": [
					"OpenVPN"
					],

                    "vpnClientAddressPool": {
                    "addressPrefixes": [
                        "101.10.0.0/16"
                    ]
                	},
					"vpnClientRootCertificates": "",
                    "vpnClientRevokedCertificates": "",

                    "radiusServerAddress": "",
                    "radiusServerSecret": "",
					"aadTenantUri": "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4\",
					"aadAudienceId": "a21fce82-76af-45e6-8583-a08cb3b956g9\",
					"aadIssuerUri": "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/\"
                },
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "1.2.3.4",
                           "PeerWeight": 0
                         }
						 
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCert -RemoveAadAuthentication

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为$Gateway第二个命令使用 AAD 身份验证配置 params：aadTenantUri、aadAudienceId、aadIssuerUri for VpnClient 更新虚拟网络网关网关。第三个命令从虚拟网络网关的 VpnClient 中删除 AAD 身份验证配置。

示例 5：将 IpConfigurationBgpPeeringAddresses 添加到现有虚拟网络网关

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @('169.254.21.25')
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [
                                 "169.254.21.55"
                               ],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为$Gateway第二个命令将虚拟网络网关 Gateway01 IpConfiguration Id 的值分配给变量 ipconfigurationId1。第三个命令将地址列表分配给 addresslist1。第四个命令创建了 PSIpConfigurationBgpPeeringAddress 对象。第五个命令将此新建的 PSIpConfigurationBgpPeeringAddress 设置为 IpConfigurationBgpPeeringAddresses 并更新网关。

示例 6：更新/删除虚拟网络网关的现有 IpConfigurationBgpPeeringAddresses 的 CustomAddress

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @()
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }

示例 7：将 NatRules 添加到现有虚拟网络网关

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vngNatRules = $Gateway.NatRules
$natRule = New-AzVirtualNetworkGatewayNatRule -Name "natRule1" -Type "Static" -Mode "IngressSnat" -InternalMapping @("25.0.0.0/16") -ExternalMapping @("30.0.0.0/16")
$vngNatRules.Add($natrule)
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -NatRule $vngNatRules.NatRules -BgpRouteTranslationForNat $true

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [
                                 "169.254.21.55"
                               ],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }
NatRules                        : [
                                    {
                                      "VirtualNetworkGatewayNatRulePropertiesType": "Static",
                                      "Mode": "IngressSnat",
                                      "InternalMappings": [
                                        {
                                          "AddressSpace": "25.0.0.0/16"
                                        }
                                      ],
                                      "ExternalMappings": [
                                        {
                                          "AddressSpace": "30.0.0.0/16"
                                        }
                                      ],
                                      "ProvisioningState": "Succeeded",
                                      "Name": "natRule1",
                                      "Etag": "W/\"5150d788-e165-42ba-99c4-8138a545fce9\"",
                                      "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/natRules/natRule1"
                                    }
                                  ]
EnableBgpRouteTranslationForNat : True

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为$Gateway第二个命令将现有 natrules 分配给变量 vngNatRules。第三个命令将新创建的 PSVirtualNetworkGatewayNatRule 对象 natrule 分配给变量 natRule 的值。第四个命令将此 PSVirtualNetworkGatewayNatRule 对象添加到 vngNatRules 列表中。第五个命令将此新创建的 PSVirtualNetworkGatewayNatRule 设置为网关的 NatRules 并更新网关。

示例 8：删除现有虚拟网络网关的多个过期 VpnClientRootCertificates

$Gateway=Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"

$rootCerts=$Gateway.VpnClientConfiguration.VpnClientRootCertificates

$rootCerts.Count
$rootCerts[0]
$rootCerts[1]
$rootCerts.Remove($rootCerts[1])

$Gateway1 = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCerts

第一个命令获取一个名为 Gateway01 的虚拟网络网关，该网关属于资源组 ResourceGroup001，并将其存储在名为 $Gateway 第二个命令的变量中获取 VirtualNetworkGateway 上的所有根证书，并将其保存到另一个变量$rootCerts第三个命令显示 VirtualNetworkGateway 上现有根证书总数。第四和第五个命令在相应的索引处打印根证书，供客户查看要删除哪些证书。第六个命令使用该索引删除过期的根证书，例如此处 1。重复相同的步骤，从变量中删除多个过期的证书：$rootCerts第七个命令更新 VirtualNetworkGateway 以设置有效的根证书，即变量中存在的证书：$rootCerts

示例 9：配置 ExpressRoute 虚拟网络网关，以允许通过 ExpressRoute 与虚拟 Wan 网络中的其他 ExpressRoute 虚拟网络网关通信。

# Option 1 - Retrieve the gateway object, modify the property and save the changes.  
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $true

在这两种情况下，第一个命令将检索网关。然后，可以直接修改对象上的属性并保留该属性，也可以使用 Set-AzVirtualNetworkGateway cmdlet 上的开关。

示例 10：配置 ExpressRoute 虚拟网络网关，以阻止与虚拟网络 Wan 网络中的其他 ExpressRoute 虚拟网络网关通过 ExpressRoute 通信。

# Option 1 - Retrieve the gateway object, modify the property and save the changes.  
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $false

在这两种情况下，第一个命令将检索网关。然后，可以直接修改对象上的属性并保留该属性，也可以使用 Set-AzVirtualNetworkGateway cmdlet 上的开关。

示例 11：配置 ExpressRoute 虚拟网络网关，以允许与其他 VNet 中的其他 ExpressRoute 虚拟网络网关通过 ExpressRoute 进行通信。

# Option 1 - Retrieve the gateway object, modify the property and save the changes.  
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $true

在这两种情况下，第一个命令将检索网关。然后，可以直接修改对象上的属性并保留该属性，也可以使用 Set-AzVirtualNetworkGateway cmdlet 上的开关。

示例 12：配置 ExpressRoute 虚拟网络网关，以阻止与其他 VNet 中的其他虚拟网络网关通过 ExpressRoute 进行通信。

# Option 1 - Retrieve the gateway object, modify the property and save the changes.  
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $false

在这两种情况下，第一个命令将检索网关。然后，可以直接修改对象上的属性并保留该属性，也可以使用 Set-AzVirtualNetworkGateway cmdlet 上的开关。

参数

-AadAudienceId

P2S AAD 身份验证选项：AadAudienceId。

类型:	String
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AadIssuerUri

P2S AAD 身份验证选项：AadIssuerUri。

类型:	String
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AadTenantUri

P2S AAD 身份验证选项：AadTenantUri。

类型:	String
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AdminState

指示 Express Route 网关在 vnet 中有多个 Express Route 网关时是否为流量提供服务的属性：已启用/禁用

类型:	String
接受的值:	Enabled, Disabled
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AllowRemoteVnetTraffic

确定此网关是否应接受来自其他 VNet 的流量。

类型:	Nullable<T>[Boolean]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AllowVirtualWanTraffic

确定此网关是否应接受来自其他虚拟 WAN网络的流量。

类型:	Nullable<T>[Boolean]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-AsJob

在后台运行 cmdlet

类型:	SwitchParameter
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-Asn

虚拟网络网关的 ASN，用于在 IPsec 隧道内设置 BGP 会话

类型:	UInt32
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-BgpRouteTranslationForNat

这将在此 VirtualNetworkGateway 上启用和禁用 BgpRouteTranslationForNat

类型:	Nullable<T>[Boolean]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-ClientConnectionConfiguration

在地址和策略组之间分配的 P2S 客户端连接配置

类型:	PSClientConnectionConfiguration[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-Confirm

提示你在运行 cmdlet 之前进行确认。

类型:	SwitchParameter
别名:	cf
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-CustomRoute

客户指定的自定义路由 AddressPool

类型:	String[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-DefaultProfile

用于与 Azure 通信的凭据、帐户、租户和订阅。

类型:	IAzureContextContainer
别名:	AzContext, AzureRmContext, AzureCredential
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-DisableActiveActiveFeature

在虚拟网络网关上禁用活动活动功能的标志

类型:	SwitchParameter
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-EnableActiveActiveFeature

在虚拟网络网关上启用活动活动功能的标志

类型:	SwitchParameter
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-EnablePrivateIpAddress

在虚拟网络网关上启用活动活动功能的标志

类型:	Nullable<T>[Boolean]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-GatewayDefaultSite

用于强制隧道的默认站点。如果指定了默认站点，则网关 vnet 中的所有 Internet 流量将路由到该站点。

类型:	PSLocalNetworkGateway
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-GatewaySku

虚拟网络网关的 SKU

类型:	String
接受的值:	Basic, Standard, HighPerformance, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, VpnGw4AZ, VpnGw5AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-IpConfigurationBgpPeeringAddresses

虚拟网络网关 bgpsettings 的 BgpPeeringAddresses。

类型:	PSIpConfigurationBgpPeeringAddress[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-MaxScaleUnit

为可缩放网关设置最大缩放单元

类型:	Int32
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-MinScaleUnit

为可缩放网关设置最小缩放单元

类型:	Int32
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-NatRule

虚拟网络网关的 NatRules。

类型:	PSVirtualNetworkGatewayNatRule[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-PeerWeight

添加到通过此虚拟网络网关通过 BGP 学习的路由的权重

类型:	Int32
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-RadiusServerAddress

P2S 外部 Radius 服务器地址。

类型:	String
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-RadiusServerList

P2S 多个外部 Radius 服务器。

类型:	PSRadiusServer[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-RadiusServerSecret

P2S 外部 Radius 服务器机密。

类型:	SecureString
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-RemoveAadAuthentication

从虚拟网络网关中删除 P2S 客户端的 AAD 身份验证的标志。

类型:	SwitchParameter
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

-Tag

P2S 外部 Radius 服务器地址。

类型:	Hashtable
Position:	Named
默认值:	None
必需:	True
接受管道输入:	False
接受通配符:	False

-VirtualNetworkGateway

要从其基础修改的虚拟网络网关对象。这可以使用 Get-AzVirtualNetworkGateway 进行检索

类型:	PSVirtualNetworkGateway
Position:	Named
默认值:	None
必需:	True
接受管道输入:	True
接受通配符:	False

-VirtualNetworkGatewayPolicyGroup

添加到此网关的 P2S 策略组

类型:	PSVirtualNetworkGatewayPolicyGroup[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnAuthenticationType

P2S VPN 客户端身份验证类型的列表。

类型:	String[]
接受的值:	Certificate, Radius, AAD
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnClientAddressPool

要从中分配 VPN 客户端 IP 地址的地址空间。这不应与虚拟网络或本地范围重叠。

类型:	String[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnClientIpsecPolicy

P2S VPN 客户端隧道协议的 IPSec 策略列表。

类型:	PSIpsecPolicy[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnClientProtocol

P2S VPN 客户端隧道协议列表

类型:	String[]
接受的值:	SSTP, IkeV2, OpenVPN
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnClientRevokedCertificates

吊销的 VPN 客户端证书的列表。一个提供与其中一个匹配的证书的 VPN 客户端将被告知要消失。

类型:	PSVpnClientRevokedCertificate[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-VpnClientRootCertificates

用于 VPN 客户端身份验证的 VPN 客户端根证书列表。连接 VPN 客户端必须提供从其中一个根证书生成的证书。

类型:	PSVpnClientRootCertificate[]
Position:	Named
默认值:	None
必需:	False
接受管道输入:	True
接受通配符:	False

-WhatIf

显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。

类型:	SwitchParameter
别名:	wi
Position:	Named
默认值:	None
必需:	False
接受管道输入:	False
接受通配符:	False

输入

PSVirtualNetworkGateway

String

PSLocalNetworkGateway

String[]

PSVpnClientRootCertificate[]

PSVpnClientRevokedCertificate[]

PSIpsecPolicy[]

UInt32

Int32

PSIpConfigurationBgpPeeringAddress[]

SecureString

PSRadiusServer[]

PSVirtualNetworkGatewayNatRule[]

输出

PSVirtualNetworkGateway

通过

Set-AzVirtualNetworkGateway

语法

说明

示例

示例 1：更新虚拟网络网关的 ASN

示例 2：将 IPsec 策略添加到虚拟网络网关

示例 3：向现有虚拟网络网关添加/更新标记

示例 4：为现有虚拟网络网关的 VpnClient 添加/更新 AAD 身份验证配置

示例 5：将 IpConfigurationBgpPeeringAddresses 添加到现有虚拟网络网关

示例 6：更新/删除虚拟网络网关的现有 IpConfigurationBgpPeeringAddresses 的 CustomAddress

示例 7：将 NatRules 添加到现有虚拟网络网关

示例 8：删除现有虚拟网络网关的多个过期 VpnClientRootCertificates

示例 9：配置 ExpressRoute 虚拟网络网关，以允许通过 ExpressRoute 与虚拟 Wan 网络中的其他 ExpressRoute 虚拟网络网关通信。

示例 10：配置 ExpressRoute 虚拟网络网关，以阻止与虚拟网络 Wan 网络中的其他 ExpressRoute 虚拟网络网关通过 ExpressRoute 通信。

示例 11：配置 ExpressRoute 虚拟网络网关，以允许与其他 VNet 中的其他 ExpressRoute 虚拟网络网关通过 ExpressRoute 进行通信。

示例 12：配置 ExpressRoute 虚拟网络网关，以阻止与其他 VNet 中的其他虚拟网络网关通过 ExpressRoute 进行通信。

参数

-AadAudienceId

-AadIssuerUri

-AadTenantUri

-AdminState

-AllowRemoteVnetTraffic

-AllowVirtualWanTraffic

-AsJob

-Asn

-BgpRouteTranslationForNat

-ClientConnectionConfiguration

-Confirm

-CustomRoute

-DefaultProfile

-DisableActiveActiveFeature

-EnableActiveActiveFeature

-EnablePrivateIpAddress

-GatewayDefaultSite

-GatewaySku

-IpConfigurationBgpPeeringAddresses

-MaxScaleUnit

-MinScaleUnit

-NatRule

-PeerWeight

-RadiusServerAddress

-RadiusServerList

-RadiusServerSecret

-RemoveAadAuthentication

-Tag

-VirtualNetworkGateway

-VirtualNetworkGatewayPolicyGroup

-VpnAuthenticationType

-VpnClientAddressPool

-VpnClientIpsecPolicy

-VpnClientProtocol

-VpnClientRevokedCertificates

-VpnClientRootCertificates

-WhatIf

输入

输出

其他资源