The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command updates the virtual network gateway stored in variable $Gateway.
The command also sets the ASN to 1337.
Example 2: Add IPsec policy to a virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command creates the Vpn ipsec policy object as per specified ipsec parameters.
The third command updates the virtual network gateway stored in variable $Gateway.
The command also sets the custom vpn ipsec policy specified in the $vpnclientipsecpolicy object on Virtual network gateway.
Example 3: Add/Update Tags to an existing virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command updates the virtual network gateway Gateway01 with the tags @{ testtagKey="SomeTagKey"; testtagValue="SomeKeyValue" }.
Example 4: Add/Update AAD authentication configuration for VpnClient of an existing virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command updates the virtual network gateway Gateway01 with the AAD authentication configurations params:aadTenantUri, aadAudienceId, aadIssuerUri for VpnClient.
The third command removes the AAD authentication configuration from VpnClient of virtual network gateway.
Example 5: Add/Update IpConfigurationBgpPeeringAddresses to an existing virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command assigns the value of virtual network gateway Gateway01 IpConfiguration Id into variable ipconfigurationId1.
The third command assigns the address list into addresslist1.
The fourth command created a PSIpConfigurationBgpPeeringAddress object.
The fifth command set this new created PSIpConfigurationBgpPeeringAddress to IpConfigurationBgpPeeringAddresses and update the gateway.
Example 6: Update/Remove CustomAddress to an existing IpConfigurationBgpPeeringAddresses of virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command assigns the value of virtual network gateway Gateway01 IpConfiguration Id into variable ipconfigurationId1.
The third command assigns the address list into addresslist1.
The fourth command created a PSIpConfigurationBgpPeeringAddress object.
The fifth command set this new created PSIpConfigurationBgpPeeringAddress to IpConfigurationBgpPeeringAddresses and update the gateway.
Example 7: Add/Update NatRules to an existing virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command assigns the existing natrules into variable vngNatRules.
The third command assigns the value newly created PSVirtualNetworkGatewayNatRule object natrule into variable natRule.
The fourth command add this PSVirtualNetworkGatewayNatRule object into vngNatRules list.
The fifth command set this new created PSVirtualNetworkGatewayNatRule to NatRules of gateway and update the gateway.
Example 8: Delete multiple expired VpnClientRootCertificates of an existing virtual network gateway
The first command gets a virtual network gateway named Gateway01 that belongs to resource group ResourceGroup001 and stores it to the variable named $Gateway
The second command gets all the root certificates on VirtualNetworkGateway and save it to another variable $rootCerts
The third command shows total existing root certs on VirtualNetworkGateway.
The forth & fifth commands print root certificates at those corresponding indices for customer to see which ones they want to delete.
The sixth command removes expired root certificate by using that index e.g. here 1. Repeat same steps to remove multiple expired certificates from variable: $rootCerts
The seventh command updates VirtualNetworkGateway to set valid root certificates i.e. certificates that exists in variable: $rootCerts
Example 9: Configure an ExpressRoute virtual network gateway to allow communication over ExpressRoute with other ExpressRoute virtual network gateways in Virtual Wan networks.
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $true
In both cases, the first command retrieves the gateway. You may then either modify the property directly on the object and persist it, or you may use the switch on the Set-AzVirtualNetworkGateway cmdlet.
Example 10: Configure an ExpressRoute virtual network gateway to block communication over ExpressRoute with other ExpressRoute virtual network gateways in Virtual Wan networks.
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $false
In both cases, the first command retrieves the gateway. You may then either modify the property directly on the object and persist it, or you may use the switch on the Set-AzVirtualNetworkGateway cmdlet.
Example 11: Configure an ExpressRoute virtual network gateway to allow communication over ExpressRoute with other ExpressRoute virtual network gateways in other VNets.
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $true
In both cases, the first command retrieves the gateway. You may then either modify the property directly on the object and persist it, or you may use the switch on the Set-AzVirtualNetworkGateway cmdlet.
Example 12: Configure an ExpressRoute virtual network gateway to block communication over ExpressRoute with other virtual network gateways in other VNets.
# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway
# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $false
In both cases, the first command retrieves the gateway. You may then either modify the property directly on the object and persist it, or you may use the switch on the Set-AzVirtualNetworkGateway cmdlet.
Example 13: Configure a virtual network gateway with a user-assigned managed identity
# Create or retrieve the user-assigned managed identity
$identity = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroup001" -Name "myIdentity001"
# Get the virtual network gateway
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
# Set the identity using the UserAssignedIdentityId parameter
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -UserAssignedIdentityId $identity.Id
This example demonstrates how to configure a virtual network gateway with a user-assigned managed identity. This uses the UserAssignedIdentityId parameter to create the managed identity object. User-assigned identities are useful for accessing Azure Key Vault certificates for gateway authentication.
A list of VPN client root certificates to use for VPN client authentication.
Connecting VPN clients must present certificates generated from one of these root certificates.
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
