Share via


az network vnet-gateway

Use an Azure Virtual Network Gateway to establish secure, cross-premises connectivity.

To learn more about Azure Virtual Network Gateways, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli.

Commands

Name Description Type Status
az network vnet-gateway aad

Manage AAD(Azure Active Directory) authentication of a virtual network gateway.

Core GA
az network vnet-gateway aad assign

Assign/Update AAD(Azure Active Directory) authentication to a virtual network gateway.

Core GA
az network vnet-gateway aad remove

Remove AAD(Azure Active Directory) authentication from a virtual network gateway.

Core GA
az network vnet-gateway aad show

Show AAD(Azure Active Directory) authentication of a virtual network gateway.

Core GA
az network vnet-gateway aad wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway create

Create a virtual network gateway.

Core GA
az network vnet-gateway delete

Delete a virtual network gateway.

Core GA
az network vnet-gateway disconnect-vpn-connections

Disconnect vpn connections of virtual network gateway.

Core Preview
az network vnet-gateway ipsec-policy

Manage virtual network gateway IPSec policies.

Core GA
az network vnet-gateway ipsec-policy add

Add a virtual network gateway IPSec policy.

Core GA
az network vnet-gateway ipsec-policy clear

Delete all IPsec policies on a virtual network gateway.

Core GA
az network vnet-gateway ipsec-policy list

List IPSec policies associated with a virtual network gateway.

Core GA
az network vnet-gateway ipsec-policy wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway list

List virtual network gateways.

Core GA
az network vnet-gateway list-advertised-routes

List the routes of a virtual network gateway advertised to the specified peer.

Core GA
az network vnet-gateway list-bgp-peer-status

Retrieve the status of BGP peers.

Core GA
az network vnet-gateway list-learned-routes

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

Core GA
az network vnet-gateway nat-rule

Manage nat rule in a virtual network gateway.

Core GA
az network vnet-gateway nat-rule add

Add nat rule in a virtual network gateway.

Core Preview
az network vnet-gateway nat-rule list

List nat rule for a virtual network gateway.

Core Preview
az network vnet-gateway nat-rule remove

Remove nat rule from a virtual network gateway.

Core Preview
az network vnet-gateway nat-rule wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway packet-capture

Manage packet capture on a virtual network gateway.

Core GA
az network vnet-gateway packet-capture start

Start packet capture on a virtual network gateway.

Core Preview
az network vnet-gateway packet-capture stop

Stop packet capture on a virtual network gateway.

Core Preview
az network vnet-gateway packet-capture wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway reset

Reset a virtual network gateway.

Core GA
az network vnet-gateway revoked-cert

Manage revoked certificates in a virtual network gateway. Prevent machines using this certificate from accessing Azure through this gateway.

Core GA
az network vnet-gateway revoked-cert create

Revoke a certificate.

Core GA
az network vnet-gateway revoked-cert delete

Delete a revoked certificate.

Core GA
az network vnet-gateway revoked-cert wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway root-cert

Manage root certificates of a virtual network gateway.

Core GA
az network vnet-gateway root-cert create

Upload a root certificate.

Core GA
az network vnet-gateway root-cert delete

Delete a root certificate.

Core GA
az network vnet-gateway root-cert wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway show

Get the details of a virtual network gateway.

Core GA
az network vnet-gateway show-supported-devices

Get a xml format representation for supported vpn devices.

Core Preview
az network vnet-gateway update

Update a virtual network gateway.

Core GA
az network vnet-gateway vpn-client

Download a VPN client configuration required to connect to Azure via point-to-site.

Core GA
az network vnet-gateway vpn-client generate

Generate VPN client configuration.

Core GA
az network vnet-gateway vpn-client ipsec-policy

Manage the VPN client connection ipsec-policy for P2S client connection of the virtual network gateway.

Core GA
az network vnet-gateway vpn-client ipsec-policy set

Set the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.

Core Preview
az network vnet-gateway vpn-client ipsec-policy show

Get the VPN client connection ipsec policy per P2S client connection of the virtual network gateway.

Core Preview
az network vnet-gateway vpn-client ipsec-policy wait

Place the CLI in a waiting state until a condition is met.

Core GA
az network vnet-gateway vpn-client show-health

Get the VPN client connection health detail per P2S client connection of the virtual network gateway.

Core Preview
az network vnet-gateway vpn-client show-url

Retrieve a pre-generated VPN client configuration.

Core GA
az network vnet-gateway wait

Place the CLI in a waiting state until a condition is met.

Core GA

az network vnet-gateway create

Create a virtual network gateway.

az network vnet-gateway create --name
                               --resource-group
                               --vnet
                               [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--address-prefix]
                               [--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--edge-zone]
                               [--edge-zone-vnet-id]
                               [--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--location]
                               [--max-scale-unit]
                               [--min-scale-unit]
                               [--nat-rule]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address]
                               [--radius-secret]
                               [--radius-server]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--tags]
                               [--vpn-auth-type]
                               [--vpn-gateway-generation {Generation1, Generation2, None}]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Create a basic virtual network gateway for site-to-site connectivity.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --no-wait

Create a basic virtual network gateway that provides point-to-site connectivity with a RADIUS secret that matches what is configured on a RADIUS server.

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 SSTP --radius-secret 111_aaa --radius-server 30.1.1.15 --vpn-gateway-generation Generation1

Create a basic virtual network gateway with multi authentication

az network vnet-gateway create -g MyResourceGroup -n MyVnetGateway --public-ip-address MyGatewayIp --vnet MyVnet --gateway-type Vpn --sku VpnGw1 --vpn-type RouteBased --address-prefixes 40.1.0.0/24 --client-protocol OpenVPN --radius-secret 111_aaa --radius-server 30.1.1.15 --aad-issuer https://sts.windows.net/00000-000000-00000-0000-000/ --aad-tenant https://login.microsoftonline.com/000 --aad-audience 0000-000 --root-cert-name root-cert --root-cert-data "root-cert.cer" --vpn-auth-type AAD Certificate Radius

Create a virtual network gateway.

az network vnet-gateway create --gateway-type Vpn --location westus2 --name MyVnetGateway --no-wait --public-ip-addresses myVGPublicIPAddress --resource-group MyResourceGroup --sku Basic --vnet MyVnet --vpn-type PolicyBased

Required Parameters

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

Optional Parameters

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.

--allow-remote-vnet-traffic

Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-vwan-traffic

Configures this gateway to accept traffic from remote Virtual WAN networks.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--edge-zone

The name of edge zone.

--edge-zone-vnet-id

The Extended vnet resource id of the local gateway.

--enable-private-ip

Whether private IP needs to be enabled on this gateway for connections or not.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

Accepted values: ExpressRoute, LocalGateway, Vpn
Default value: Vpn
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-scale-unit

Maximum scale units for auto-scale configuration.

--min-scale-unit

Minimum scale units for auto-scale configuration.

--nat-rule --nat-rules

VirtualNetworkGatewayNatRule Resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --nat-rule.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--root-cert-data

Base64 contents of the root certificate file or file path.

--root-cert-name

Root certificate name.

--sku

VNet gateway SKU.

Accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ
Default value: Basic
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-gateway-generation

The generation for the virtual network gateway. vpn_gateway_generation should not be provided if gateway_type is not Vpn.

Accepted values: Generation1, Generation2, None
--vpn-type

VPN routing type.

Accepted values: PolicyBased, RouteBased
Default value: RouteBased
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway delete

Delete a virtual network gateway.

In order to delete a Virtual Network Gateway, you must first delete ALL Connection objects in Azure that are connected to the Gateway. After deleting the Gateway, proceed to delete other resources now not in use. For more information, follow the order of instructions on this page: https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-delete-vnet-gateway-portal.

az network vnet-gateway delete [--ids]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--resource-group]
                               [--subscription]

Examples

Delete a virtual network gateway.

az network vnet-gateway delete -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway disconnect-vpn-connections

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections [--ids]
                                                   [--name]
                                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--resource-group]
                                                   [--subscription]
                                                   [--vpn-connections]

Examples

Disconnect vpn connections of virtual network gateway.

az network vnet-gateway disconnect-vpn-connections -g MyResourceGroup -n MyVnetGateway --vpn-connections MyConnetion1ByName MyConnection2ByID

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vpn-connections

List of Name or ID of VPN connections. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list

List virtual network gateways.

az network vnet-gateway list --resource-group
                             [--max-items]
                             [--next-token]

Examples

List virtual network gateways in a resource group.

az network vnet-gateway list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-advertised-routes

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes --peer
                                               [--ids]
                                               [--name]
                                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                               [--resource-group]
                                               [--subscription]

Examples

List the routes of a virtual network gateway advertised to the specified peer.

az network vnet-gateway list-advertised-routes -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Required Parameters

--peer

The IP address of the peer.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-bgp-peer-status

Retrieve the status of BGP peers.

az network vnet-gateway list-bgp-peer-status [--ids]
                                             [--name]
                                             [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                             [--peer]
                                             [--resource-group]
                                             [--subscription]

Examples

Retrieve the status of a BGP peer.

az network vnet-gateway list-bgp-peer-status -g MyResourceGroup -n MyVnetGateway --peer 23.10.10.9

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer

The IP address of the peer to retrieve the status of. Default value is None.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway list-learned-routes

This operation retrieves a list of routes the virtual network gateway has learned, including routes learned from BGP peers.

az network vnet-gateway list-learned-routes [--ids]
                                            [--name]
                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                            [--resource-group]
                                            [--subscription]

Examples

Retrieve a list of learned routes.

az network vnet-gateway list-learned-routes -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway reset

Reset a virtual network gateway.

az network vnet-gateway reset [--gateway-vip]
                              [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]

Examples

Reset a virtual network gateway.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway

Reset a virtual network gateway with Active-Active feature enabled.

az network vnet-gateway reset -g MyResourceGroup -n MyVnetGateway --gateway-vip MyGatewayIP

Optional Parameters

--gateway-vip

Virtual network gateway vip address supplied to the begin reset of the active-active feature enabled gateway.

Default value: None
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway show

Get the details of a virtual network gateway.

az network vnet-gateway show [--ids]
                             [--name]
                             [--resource-group]
                             [--subscription]

Examples

Get the details of a virtual network gateway.

az network vnet-gateway show -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway show-supported-devices

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices [--ids]
                                               [--name]
                                               [--resource-group]
                                               [--subscription]

Examples

Get a xml format representation for supported vpn devices.

az network vnet-gateway show-supported-devices -g MyResourceGroup -n MyVnetGateway

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway update

Update a virtual network gateway.

az network vnet-gateway update [--aad-audience]
                               [--aad-issuer]
                               [--aad-tenant]
                               [--add]
                               [--address-prefix]
                               [--allow-remote-vnet-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vwan-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--asn]
                               [--bgp-peering-address]
                               [--client-protocol]
                               [--custom-routes]
                               [--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
                               [--enable-private-ip {0, 1, f, false, n, no, t, true, y, yes}]
                               [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                               [--gateway-default-site]
                               [--gateway-type {ExpressRoute, LocalGateway, Vpn}]
                               [--ids]
                               [--max-scale-unit]
                               [--min-scale-unit]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-weight]
                               [--public-ip-address]
                               [--radius-secret]
                               [--radius-server]
                               [--remove]
                               [--resource-group]
                               [--root-cert-data]
                               [--root-cert-name]
                               [--set]
                               [--sku {Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ}]
                               [--subscription]
                               [--tags]
                               [--vnet]
                               [--vpn-auth-type]
                               [--vpn-type {PolicyBased, RouteBased}]

Examples

Change the SKU of a virtual network gateway.

az network vnet-gateway update -g MyResourceGroup -n MyVnetGateway --sku VpnGw2

Update a virtual network gateway.

az network vnet-gateway update --address-prefixes 40.1.0.0/24 --client-protocol IkeV2 --name MyVnetGateway --resource-group MyResourceGroup

Optional Parameters

--aad-audience

The AADAudience ID of the VirtualNetworkGateway.

--aad-issuer

The AAD Issuer URI of the VirtualNetworkGateway.

--aad-tenant

The AAD Tenant URI of the VirtualNetworkGateway.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--address-prefix --address-prefixes

Space-separated list of CIDR prefixes representing the address space for the P2S Vpnclient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --address-prefix.

--allow-remote-vnet-traffic

Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-vwan-traffic

Configures this gateway to accept traffic from remote Virtual WAN networks.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--asn

Autonomous System Number to use for the BGP settings.

--bgp-peering-address

IP address to use for BGP peering.

--client-protocol

Protocols to use for connecting. Allowed values: IkeV2, OpenVPN, SSTP. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--custom-routes

Space-separated list of CIDR prefixes representing the custom routes address space specified by the customer for VpnClient. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-bgp

Enable BGP (Border Gateway Protocol).

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-private-ip

Whether private IP needs to be enabled on this gateway for connections or not.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--gateway-default-site

Name or ID of a local network gateway representing a local network site with default routes.

--gateway-type

The gateway type.

Accepted values: ExpressRoute, LocalGateway, Vpn
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--max-scale-unit

Maximum scale units for auto-scale configuration.

--min-scale-unit

Minimum scale units for auto-scale configuration.

--name -n

Name of the VNet gateway.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-weight

Weight (0-100) added to routes learned through BGP peering.

--public-ip-address --public-ip-addresses

Specify a single public IP (name or ID) for an active-standby gateway. Specify two space-separated public IPs for an active-active gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--radius-secret

Radius secret to use for authentication.

--radius-server

Radius server address to connect to.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--root-cert-data

Base64 contents of the root certificate file or file path.

--root-cert-name

Root certificate name.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

VNet gateway SKU.

Accepted values: Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, ErGwScale, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vnet

Name or ID of an existing virtual network which has a subnet named 'GatewaySubnet'.

--vpn-auth-type

VPN authentication types enabled for the virtual network gateway. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--vpn-type

VPN routing type.

Accepted values: PolicyBased, RouteBased
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet-gateway wait

Place the CLI in a waiting state until a condition is met.

az network vnet-gateway wait [--created]
                             [--custom]
                             [--deleted]
                             [--exists]
                             [--ids]
                             [--interval]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--timeout]
                             [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

Name of the VNet gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.