Configure a virtual network gateway for ExpressRoute using PowerShell
This article helps you add, resize, and remove a virtual network (VNet) gateway for a pre-existing VNet. The steps for this configuration apply to VNets that were created using the Resource Manager deployment model for an ExpressRoute configuration. For more information, see About virtual network gateways for ExpressRoute.
Working with PowerShell
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.
This article uses PowerShell cmdlets. To run the cmdlets, you can use Azure Cloud Shell, an interactive shell environment hosted in Azure and used through the browser. Azure Cloud Shell comes with the Azure PowerShell cmdlets pre-installed.
To run any code contained in this article on Azure Cloud Shell, open a Cloud Shell session, use the Copy button on a code block to copy the code, and paste it into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS. Pasted text is not automatically executed, so press Enter to run code.
You can launch Azure Cloud Shell with:
|Select Try It in the upper-right corner of a code block. This doesn't automatically copy text to Cloud Shell.|
|Open shell.azure.com in your browser.|
|Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal.|
If you don't want to use Azure Cloud Shell, install Azure PowerShell locally instead. Be sure to install the latest version of the Azure PowerShell Az module to get up-to-date functionality. For more information, see Install Azure PowerShell.
Configuration reference list
The steps for this task use a VNet based on the values in the following configuration reference list. Additional settings and names are also outlined in this list. We don't use this list directly in any of the steps, although we do add variables based on the values in this list. You can copy the list to use as a reference, replacing the values with your own.
- Virtual Network Name = "TestVNet"
- Virtual Network address space = 192.168.0.0/16
- Resource Group = "TestRG"
- Subnet1 Name = "FrontEnd"
- Subnet1 address space = "192.168.1.0/24"
- Gateway Subnet name: "GatewaySubnet" You must always name a gateway subnet GatewaySubnet.
- Gateway Subnet address space = "192.168.200.0/26"
- Region = "East US"
- Gateway Name = "GW"
- Gateway IP Name = "GWIP"
- Gateway IP configuration Name = "gwipconf"
- Type = "ExpressRoute" This type is required for an ExpressRoute configuration.
- Gateway Public IP Name = "gwpip"
Add a gateway
Connect to your Azure Subscription.
If you are using the Azure Cloud Shell, you sign in to your Azure account automatically after clicking 'Try it'. To sign in locally, open your PowerShell console with elevated privileges and run the cmdlet to connect.
If you have more than one subscription, get a list of your Azure subscriptions.
Specify the subscription that you want to use.
Select-AzSubscription -SubscriptionName "Name of subscription"
Declare your variables for this exercise. Be sure to edit the sample to reflect the settings that you want to use.
$RG = "TestRG" $Location = "East US" $GWName = "GW" $GWIPName = "GWIP" $GWIPconfName = "gwipconf" $VNetName = "TestVNet"
Store the virtual network object as a variable.
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
Add a gateway subnet to your Virtual Network. The gateway subnet must be named "GatewaySubnet". You should create a gateway subnet that is /27 or larger (/26, /25, etc.).
Add-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix 192.168.200.0/26
Set the configuration.
$vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
Store the gateway subnet as a variable.
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
Request a public IP address. The IP address is requested before creating the gateway. You cannot specify the IP address that you want to use; it’s dynamically allocated. You'll use this IP address in the next configuration section. The AllocationMethod must be Dynamic.
$pip = New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic
Create the configuration for your gateway. The gateway configuration defines the subnet and the public IP address to use. In this step, you are specifying the configuration that will be used when you create the gateway. This step does not actually create the gateway object. Use the sample below to create your gateway configuration.
$ipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip
Create the gateway. In this step, the -GatewayType is especially important. You must use the value ExpressRoute. After running these cmdlets, the gateway can take 45 minutes or more to create.
New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Expressroute -GatewaySku Standard
Verify the gateway was created
Use the following commands to verify that the gateway has been created:
Get-AzVirtualNetworkGateway -ResourceGroupName $RG
Resize a gateway
There are a number of Gateway SKUs. You can use the following command to change the Gateway SKU at any time.
This command doesn't work for UltraPerformance gateway. To change your gateway to an UltraPerformance gateway, first remove the existing ExpressRoute gateway, and then create a new UltraPerformance gateway. To downgrade your gateway from an UltraPerformance gateway, first remove the UltraPerformance gateway, and then create a new gateway.
$gw = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG Resize-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -GatewaySku HighPerformance
Remove a gateway
Use the following command to remove a gateway:
Remove-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
After you have created the VNet gateway, you can link your VNet to an ExpressRoute circuit. See Link a Virtual Network to an ExpressRoute circuit.