Set-AzVirtualNetworkGateway
更新虛擬網路閘道。
語法
Set-AzVirtualNetworkGateway
-VirtualNetworkGateway <PSVirtualNetworkGateway>
[-GatewaySku <String>]
[-GatewayDefaultSite <PSLocalNetworkGateway>]
[-VpnClientAddressPool <String[]>]
[-VpnClientProtocol <String[]>]
[-VpnAuthenticationType <String[]>]
[-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
[-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
[-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
[-Asn <UInt32>]
[-PeerWeight <Int32>]
[-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
[-EnableActiveActiveFeature]
[-EnablePrivateIpAddress <Boolean>]
[-DisableActiveActiveFeature]
[-RadiusServerAddress <String>]
[-RadiusServerSecret <SecureString>]
[-RadiusServerList <PSRadiusServer[]>]
[-AadTenantUri <String>]
[-AadAudienceId <String>]
[-AadIssuerUri <String>]
[-RemoveAadAuthentication]
[-CustomRoute <String[]>]
[-NatRule <PSVirtualNetworkGatewayNatRule[]>]
[-BgpRouteTranslationForNat <Boolean>]
[-MinScaleUnit <Int32>]
[-MaxScaleUnit <Int32>]
[-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
[-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
[-AdminState <String>]
[-AllowRemoteVnetTraffic <Boolean>]
[-AllowVirtualWanTraffic <Boolean>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzVirtualNetworkGateway
-VirtualNetworkGateway <PSVirtualNetworkGateway>
[-GatewaySku <String>]
[-GatewayDefaultSite <PSLocalNetworkGateway>]
[-VpnClientAddressPool <String[]>]
[-VpnClientProtocol <String[]>]
[-VpnAuthenticationType <String[]>]
[-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
[-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
[-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
[-Asn <UInt32>]
[-PeerWeight <Int32>]
[-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
[-EnableActiveActiveFeature]
[-EnablePrivateIpAddress <Boolean>]
[-DisableActiveActiveFeature]
[-RadiusServerAddress <String>]
[-RadiusServerSecret <SecureString>]
[-RadiusServerList <PSRadiusServer[]>]
[-AadTenantUri <String>]
[-AadAudienceId <String>]
[-AadIssuerUri <String>]
[-RemoveAadAuthentication]
[-CustomRoute <String[]>]
[-NatRule <PSVirtualNetworkGatewayNatRule[]>]
[-BgpRouteTranslationForNat <Boolean>]
[-MinScaleUnit <Int32>]
[-MaxScaleUnit <Int32>]
[-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
[-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
[-AdminState <String>]
[-AllowRemoteVnetTraffic <Boolean>]
[-AllowVirtualWanTraffic <Boolean>]
-Tag <Hashtable>
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Set-AzVirtualNetworkGateway Cmdlet 會更新虛擬網路網關。
範例
範例 1:更新虛擬網路閘道的 ASN
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Asn 1337
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會更新儲存在變數$Gateway中的虛擬網路網關。 此命令也會將 ASN 設定為 1337。
範例 2:將 IPsec 原則新增至虛擬網路閘道
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vpnclientipsecpolicy = New-AzVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86472 -SADataSize 429497 -IkeEncryption AES256 -IkeIntegrity SHA256 -DhGroup DHGroup2 -PfsGroup None
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientIpsecPolicy $vpnclientipsecpolicy
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會根據指定的 ipsec 參數建立 Vpn ipsec 原則物件。 第三個命令會更新儲存在變數$Gateway中的虛擬網路網關。 此命令也會設定虛擬網路網關上 $vpnclientipsecpolicy 物件中指定的自定義 vpn ipsec 原則。
範例 3:將標籤新增/更新至現有的虛擬網路閘道
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Tag @{ testtagKey="SomeTagKey"; testtagValue="SomeKeyValue" }
Name : Gateway001
ResourceGroupName : ResourceGroup001
Location : westus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid : 00000000-0000-0000-0000-000000000000
ProvisioningState : Succeeded
Tags :
Name Value
============ ============
testtagValue SomeKeyValue
testtagKey SomeTagKey
IpConfigurations : [
{
"PrivateIpAllocationMethod": "Dynamic",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
},
"Name": "vng1ipConfig",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
}
]
GatewayType : Vpn
VpnType : RouteBased
EnableBgp : False
ActiveActive : False
GatewayDefaultSite : null
Sku : {
"Capacity": 2,
"Name": "VpnGw1",
"Tier": "VpnGw1"
}
VpnClientConfiguration : null
BgpSettings : {
"Asn": 65515,
"BgpPeeringAddress": "1.2.3.4",
"PeerWeight": 0
}
第一個命令會取得名為 Gateway01 的虛擬網络網關,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會使用 @{ testtagKey=“SomeTagKey”; testtagValue=“SomeKeyValue” }標記來更新虛擬網络網關 Gateway01。
範例 4:為現有虛擬網路閘道的 VpnClient 新增/更新 AAD 驗證組態
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -AadTenantUri "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4" -AadIssuerUri "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/" -AadAudienceId "a21fce82-76af-45e6-8583-a08cb3b956f9"
Name : Gateway001
ResourceGroupName : ResourceGroup001
Location : westus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid : 00000000-0000-0000-0000-000000000000
ProvisioningState : Succeeded
Tags :
Name Value
============ ============
testtagValue SomeKeyValue
testtagKey SomeTagKey
IpConfigurations : [
{
"PrivateIpAllocationMethod": "Dynamic",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
},
"Name": "vng1ipConfig",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
}
]
GatewayType : Vpn
VpnType : RouteBased
EnableBgp : False
ActiveActive : False
GatewayDefaultSite : null
Sku : {
"Capacity": 2,
"Name": "VpnGw1",
"Tier": "VpnGw1"
}
vpnClientConfiguration : {
"vpnClientProtocols": [
"OpenVPN"
],
"vpnClientAddressPool": {
"addressPrefixes": [
"101.10.0.0/16"
]
},
"vpnClientRootCertificates": "",
"vpnClientRevokedCertificates": "",
"radiusServerAddress": "",
"radiusServerSecret": "",
"aadTenantUri": "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4\",
"aadAudienceId": "a21fce82-76af-45e6-8583-a08cb3b956g9\",
"aadIssuerUri": "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/\"
},
BgpSettings : {
"Asn": 65515,
"BgpPeeringAddress": "1.2.3.4",
"PeerWeight": 0
}
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCert -RemoveAadAuthentication
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會使用 AAD 驗證組態參數更新虛擬網路網關 Gateway01:aadTenantUri、aadAudienceId、aadIssuerUri for VpnClient。 第三個命令會從虛擬網路網關的 VpnClient 移除 AAD 驗證組態。
範例 5:將 IpConfigurationBgpPeeringAddresses 新增/更新至現有的虛擬網路網關
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @('169.254.21.25')
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1
Name : Gateway001
ResourceGroupName : ResourceGroup001
Location : westcentralus
Id : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"PrivateIpAllocationMethod": "Dynamic",
"Subnet": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
},
"Name": "default",
"Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
}
]
GatewayType : Vpn
VpnType : RouteBased
EnableBgp : False
ActiveActive : False
GatewayDefaultSite : null
Sku : {
"Capacity": 2,
"Name": "VpnGw1",
"Tier": "VpnGw1"
}
VpnClientConfiguration : null
BgpSettings : {
"Asn": 65515,
"BgpPeeringAddress": "10.1.255.30",
"PeerWeight": 0,
"BgpPeeringAddresses": [
{
"IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
"DefaultBgpIpAddresses": [
"10.1.255.30"
],
"CustomBgpIpAddresses": [
"169.254.21.55"
],
"TunnelIpAddresses": [
"13.78.146.151"
]
}
]
}
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會將虛擬網路網關 Gateway01 IpConfiguration Id 的值指派給變數 ipconfigurationId1。 第三個命令會將位址清單指派給 addresslist1。 第四個命令建立 PSIpConfigurationBgpPeeringAddress 物件。 第五個命令會將這個新建立的 PSIpConfigurationBgpPeeringAddress 設定為 IpConfigurationBgpPeeringAddresses 並更新網關。
範例 6:將 CustomAddress 更新/移除至虛擬網路網關的現有 IpConfigurationBgpPeeringAddresses
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @()
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1
Name : Gateway001
ResourceGroupName : ResourceGroup001
Location : westcentralus
Id : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"PrivateIpAllocationMethod": "Dynamic",
"Subnet": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
},
"Name": "default",
"Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
}
]
GatewayType : Vpn
VpnType : RouteBased
EnableBgp : False
ActiveActive : False
GatewayDefaultSite : null
Sku : {
"Capacity": 2,
"Name": "VpnGw1",
"Tier": "VpnGw1"
}
VpnClientConfiguration : null
BgpSettings : {
"Asn": 65515,
"BgpPeeringAddress": "10.1.255.30",
"PeerWeight": 0,
"BgpPeeringAddresses": [
{
"IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
"DefaultBgpIpAddresses": [
"10.1.255.30"
],
"CustomBgpIpAddresses": [],
"TunnelIpAddresses": [
"13.78.146.151"
]
}
]
}
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會將虛擬網路網關 Gateway01 IpConfiguration Id 的值指派給變數 ipconfigurationId1。 第三個命令會將位址清單指派給 addresslist1。 第四個命令建立 PSIpConfigurationBgpPeeringAddress 物件。 第五個命令會將這個新建立的 PSIpConfigurationBgpPeeringAddress 設定為 IpConfigurationBgpPeeringAddresses 並更新網關。
範例 7:將 NatRules 新增/更新至現有的虛擬網路網關
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vngNatRules = $Gateway.NatRules
$natRule = New-AzVirtualNetworkGatewayNatRule -Name "natRule1" -Type "Static" -Mode "IngressSnat" -InternalMapping @("25.0.0.0/16") -ExternalMapping @("30.0.0.0/16")
$vngNatRules.Add($natrule)
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -NatRule $vngNatRules.NatRules -BgpRouteTranslationForNat $true
Name : Gateway001
ResourceGroupName : ResourceGroup001
Location : westcentralus
Id : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"PrivateIpAllocationMethod": "Dynamic",
"Subnet": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
},
"Name": "default",
"Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
}
]
GatewayType : Vpn
VpnType : RouteBased
EnableBgp : False
ActiveActive : False
GatewayDefaultSite : null
Sku : {
"Capacity": 2,
"Name": "VpnGw1",
"Tier": "VpnGw1"
}
VpnClientConfiguration : null
BgpSettings : {
"Asn": 65515,
"BgpPeeringAddress": "10.1.255.30",
"PeerWeight": 0,
"BgpPeeringAddresses": [
{
"IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
"DefaultBgpIpAddresses": [
"10.1.255.30"
],
"CustomBgpIpAddresses": [
"169.254.21.55"
],
"TunnelIpAddresses": [
"13.78.146.151"
]
}
]
}
NatRules : [
{
"VirtualNetworkGatewayNatRulePropertiesType": "Static",
"Mode": "IngressSnat",
"InternalMappings": [
{
"AddressSpace": "25.0.0.0/16"
}
],
"ExternalMappings": [
{
"AddressSpace": "30.0.0.0/16"
}
],
"ProvisioningState": "Succeeded",
"Name": "natRule1",
"Etag": "W/\"5150d788-e165-42ba-99c4-8138a545fce9\"",
"Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/natRules/natRule1"
}
]
EnableBgpRouteTranslationForNat : True
第一個命令會取得名為 Gateway01 的虛擬網路網關,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會將現有的 natrules 指派給變數 vngNatRules。 第三個命令會將新建立的 PSVirtualNetworkGatewayNatRule 物件 natrule 指派給變數 natRule。 第四個命令會將這個 PSVirtualNetworkGatewayNatRule 物件新增至 vngNatRules 清單。 第五個命令會將這個新建立的 PSVirtualNetworkGatewayNatRule 設定為閘道的 NatRules,並更新閘道。
範例 8:刪除現有虛擬網路閘道的多個過期 VpnClientRootCertificates
$Gateway=Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$rootCerts=$Gateway.VpnClientConfiguration.VpnClientRootCertificates
$rootCerts.Count
$rootCerts[0]
$rootCerts[1]
$rootCerts.Remove($rootCerts[1])
$Gateway1 = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCerts
第一個命令會取得名為 Gateway01 的虛擬網路閘道,該閘道屬於資源群組 ResourceGroup001,並將它儲存至名為 $Gateway 第二個命令會取得 VirtualNetworkGateway 上的所有跟證書,並將它儲存至另一個變數$rootCerts第三個命令會顯示 VirtualNetworkGateway 上現有根證書總數。 第四和第五個命令會在客戶要刪除的對應索引處列印跟證書。 第六個命令會使用該索引移除過期的跟證書,例如這裡 1。 重複相同的步驟,從變數中移除多個過期的憑證:$rootCerts第七個命令會更新 VirtualNetworkGateway 以設定有效的跟證書,也就是變數中存在的憑證:$rootCerts
範例 9:設定 ExpressRoute 虛擬網路閘道,以允許透過 ExpressRoute 與虛擬網路 Wan 網路中的其他 ExpressRoute 虛擬網路閘道進行通訊。
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $true
在這兩種情況下,第一個命令會擷取閘道。 然後,您可以直接修改物件上的 屬性並加以保存,或者您可以在 Set-AzVirtualNetworkGateway Cmdlet 上使用 參數。
範例 10:設定 ExpressRoute 虛擬網路閘道,以封鎖透過 ExpressRoute 與虛擬網路 Wan 網路中其他 ExpressRoute 虛擬網路閘道的通訊。
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $false
在這兩種情況下,第一個命令會擷取閘道。 然後,您可以直接修改物件上的 屬性並加以保存,或者您可以在 Set-AzVirtualNetworkGateway Cmdlet 上使用 參數。
範例 11:設定 ExpressRoute 虛擬網路閘道,以允許與其他 VNet 中的其他 ExpressRoute 虛擬網路閘道透過 ExpressRoute 進行通訊。
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $true
在這兩種情況下,第一個命令會擷取閘道。 然後,您可以直接修改物件上的 屬性並加以保存,或者您可以在 Set-AzVirtualNetworkGateway Cmdlet 上使用 參數。
範例 12:設定 ExpressRoute 虛擬網路閘道,以封鎖與其他 VNet 中其他虛擬網路閘道透過 ExpressRoute 的通訊。
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $false
在這兩種情況下,第一個命令會擷取閘道。 然後,您可以直接修改物件上的 屬性並加以保存,或者您可以在 Set-AzVirtualNetworkGateway Cmdlet 上使用 參數。
參數
-AadAudienceId
P2S AAD 驗證選項:AadAudienceId。
類型: | String |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AadIssuerUri
P2S AAD 驗證選項:AadIssuerUri。
類型: | String |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AadTenantUri
P2S AAD 驗證選項:AadTenantUri。
類型: | String |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AdminState
屬性,指出 Express Route 閘道在 vnet 中有多個 Express Route 閘道時是否提供流量:已啟用/停用
類型: | String |
接受的值: | Enabled, Disabled |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AllowRemoteVnetTraffic
判斷此閘道是否應該接受來自其他 VNet 的流量。
類型: | Nullable<T>[Boolean] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AllowVirtualWanTraffic
判斷此閘道是否應該接受來自其他虛擬網路的流量。
類型: | Nullable<T>[Boolean] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-AsJob
在背景執行 Cmdlet
類型: | SwitchParameter |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-Asn
虛擬網路閘道的 ASN,用來在 IPsec 通道內設定 BGP 工作階段
類型: | UInt32 |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-BgpRouteTranslationForNat
這會在此 VirtualNetworkGateway 上啟用和停用 BgpRouteTranslationForNat
類型: | Nullable<T>[Boolean] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-ClientConnectionConfiguration
在地址和原則群組之間指派的 P2S 用戶端聯機組態
類型: | PSClientConnectionConfiguration[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-Confirm
執行 Cmdlet 之前先提示您確認。
類型: | SwitchParameter |
別名: | cf |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-CustomRoute
客戶指定的自定義路由 AddressPool
類型: | String[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-DefaultProfile
用於與 Azure 通訊的認證、帳戶、租用戶和訂用帳戶。
類型: | IAzureContextContainer |
別名: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-DisableActiveActiveFeature
在虛擬網路閘道上停用作用中功能的旗標
類型: | SwitchParameter |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-EnableActiveActiveFeature
在虛擬網路閘道上啟用作用中功能的旗標
類型: | SwitchParameter |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-EnablePrivateIpAddress
在虛擬網路閘道上啟用作用中功能的旗標
類型: | Nullable<T>[Boolean] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-GatewayDefaultSite
用於強制通道的預設月臺。 如果指定預設月臺,則來自網關 vnet 的所有因特網流量都會路由傳送至該月臺。
類型: | PSLocalNetworkGateway |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-GatewaySku
虛擬網路閘道的 SKU
類型: | String |
接受的值: | Basic, Standard, HighPerformance, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, VpnGw4AZ, VpnGw5AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-IpConfigurationBgpPeeringAddresses
虛擬網路閘道 bgpsettings 的 BgpPeeringAddresses。
類型: | PSIpConfigurationBgpPeeringAddress[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-MaxScaleUnit
設定可調整閘道的最大縮放單位
類型: | Int32 |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-MinScaleUnit
設定可調整閘道的最小縮放單位
類型: | Int32 |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-NatRule
虛擬網路閘道的 NatRules。
類型: | PSVirtualNetworkGatewayNatRule[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-PeerWeight
新增至透過此虛擬網路網關透過 BGP 學習的路由權數
類型: | Int32 |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-RadiusServerAddress
P2S 外部半徑伺服器位址。
類型: | String |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-RadiusServerList
P2S 多個外部Radius伺服器。
類型: | PSRadiusServer[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-RadiusServerSecret
P2S 外部半徑伺服器秘密。
類型: | SecureString |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-RemoveAadAuthentication
從虛擬網路閘道移除 P2S 用戶端的 AAD 驗證旗標。
類型: | SwitchParameter |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
-Tag
P2S 外部半徑伺服器位址。
類型: | Hashtable |
Position: | Named |
預設值: | None |
必要: | True |
接受管線輸入: | False |
接受萬用字元: | False |
-VirtualNetworkGateway
虛擬網路閘道物件,用來根據基礎修改。 這可以使用 Get-AzVirtualNetworkGateway 來擷取
類型: | PSVirtualNetworkGateway |
Position: | Named |
預設值: | None |
必要: | True |
接受管線輸入: | True |
接受萬用字元: | False |
-VirtualNetworkGatewayPolicyGroup
已新增至此閘道的 P2S 原則群組
類型: | PSVirtualNetworkGatewayPolicyGroup[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnAuthenticationType
P2S VPN 用戶端驗證類型的清單。
類型: | String[] |
接受的值: | Certificate, Radius, AAD |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnClientAddressPool
要配置 VPN 用戶端 IP 位址的來源地址空間。 這不應與虛擬網路或內部部署範圍重疊。
類型: | String[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnClientIpsecPolicy
P2S VPN 用戶端通道通訊協定的IPSec原則清單。
類型: | PSIpsecPolicy[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnClientProtocol
P2S VPN 用戶端通道通訊協議的清單
類型: | String[] |
接受的值: | SSTP, IkeV2, OpenVPN |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnClientRevokedCertificates
撤銷的 VPN 用戶端憑證清單。 呈現符合其中一個憑證的 VPN 用戶端將會被告知要消失。
類型: | PSVpnClientRevokedCertificate[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-VpnClientRootCertificates
用於 VPN 用戶端驗證的 VPN 用戶端跟證書清單。 線上 VPN 用戶端必須出示從其中一個跟證書產生的憑證。
類型: | PSVpnClientRootCertificate[] |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | True |
接受萬用字元: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
類型: | SwitchParameter |
別名: | wi |
Position: | Named |
預設值: | None |
必要: | False |
接受管線輸入: | False |
接受萬用字元: | False |
輸入
String[]
PSVpnClientRevokedCertificate[]
PSIpConfigurationBgpPeeringAddress[]
PSVirtualNetworkGatewayNatRule[]