Microsoft.Network virtualWans template reference

Template format

To create a Microsoft.Network/virtualWans resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/virtualWans",
  "apiVersion": "2019-06-01",
  "location": "string",
  "tags": {},
  "properties": {
    "disableVpnEncryption": "boolean",
    "securityProviderName": "string",
    "allowBranchToBranchTraffic": "boolean",
    "allowVnetToVnetTraffic": "boolean",
    "office365LocalBreakoutCategory": "string",
    "p2SVpnServerConfigurations": [
      {
        "id": "string",
        "properties": {
          "name": "string",
          "vpnProtocols": [
            "string"
          ],
          "p2SVpnServerConfigVpnClientRootCertificates": [
            {
              "id": "string",
              "properties": {
                "publicCertData": "string"
              },
              "name": "string"
            }
          ],
          "p2SVpnServerConfigVpnClientRevokedCertificates": [
            {
              "id": "string",
              "properties": {
                "thumbprint": "string"
              },
              "name": "string"
            }
          ],
          "p2SVpnServerConfigRadiusServerRootCertificates": [
            {
              "id": "string",
              "properties": {
                "publicCertData": "string"
              },
              "name": "string"
            }
          ],
          "p2SVpnServerConfigRadiusClientRootCertificates": [
            {
              "id": "string",
              "properties": {
                "thumbprint": "string"
              },
              "name": "string"
            }
          ],
          "vpnClientIpsecPolicies": [
            {
              "saLifeTimeSeconds": "integer",
              "saDataSizeKilobytes": "integer",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "dhGroup": "string",
              "pfsGroup": "string"
            }
          ],
          "radiusServerAddress": "string",
          "radiusServerSecret": "string"
        },
        "name": "string"
      }
    ]
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/virtualWans object

Name Type Required Value
name string Yes The name of the VirtualWAN being created or updated.
type enum Yes Microsoft.Network/virtualWans
apiVersion enum Yes 2019-06-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the virtual WAN. - VirtualWanProperties object
resources array No p2sVpnServerConfigurations

VirtualWanProperties object

Name Type Required Value
disableVpnEncryption boolean No Vpn encryption to be disabled or not.
securityProviderName string No The Security Provider name.
allowBranchToBranchTraffic boolean No True if branch to branch traffic is allowed.
allowVnetToVnetTraffic boolean No True if Vnet to Vnet traffic is allowed.
office365LocalBreakoutCategory enum No The office local breakout category. - Optimize, OptimizeAndAllow, All, None
p2SVpnServerConfigurations array No List of all P2SVpnServerConfigurations associated with the virtual wan. - P2SVpnServerConfiguration object

P2SVpnServerConfiguration object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the P2SVpnServer configuration. - P2SVpnServerConfigurationProperties object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

P2SVpnServerConfigurationProperties object

Name Type Required Value
name string No The name of the P2SVpnServerConfiguration that is unique within a VirtualWan in a resource group. This name can be used to access the resource along with Paren VirtualWan resource name.
vpnProtocols array No VPN protocols for the P2SVpnServerConfiguration. - IkeV2 or OpenVPN
p2SVpnServerConfigVpnClientRootCertificates array No VPN client root certificate of P2SVpnServerConfiguration. - P2SVpnServerConfigVpnClientRootCertificate object
p2SVpnServerConfigVpnClientRevokedCertificates array No VPN client revoked certificate of P2SVpnServerConfiguration. - P2SVpnServerConfigVpnClientRevokedCertificate object
p2SVpnServerConfigRadiusServerRootCertificates array No Radius Server root certificate of P2SVpnServerConfiguration. - P2SVpnServerConfigRadiusServerRootCertificate object
p2SVpnServerConfigRadiusClientRootCertificates array No Radius client root certificate of P2SVpnServerConfiguration. - P2SVpnServerConfigRadiusClientRootCertificate object
vpnClientIpsecPolicies array No VpnClientIpsecPolicies for P2SVpnServerConfiguration. - IpsecPolicy object
radiusServerAddress string No The radius server address property of the P2SVpnServerConfiguration resource for point to site client connection.
radiusServerSecret string No The radius secret property of the P2SVpnServerConfiguration resource for point to site client connection.

P2SVpnServerConfigVpnClientRootCertificate object

Name Type Required Value
id string No Resource ID.
properties object Yes Properties of the P2SVpnServerConfiguration VPN client root certificate. - P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

P2SVpnServerConfigVpnClientRevokedCertificate object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the vpn client revoked certificate. - P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

P2SVpnServerConfigRadiusServerRootCertificate object

Name Type Required Value
id string No Resource ID.
properties object Yes Properties of the P2SVpnServerConfiguration Radius Server root certificate. - P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

P2SVpnServerConfigRadiusClientRootCertificate object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the Radius client root certificate. - P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat object

Name Type Required Value
publicCertData string Yes The certificate public data.

P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat object

Name Type Required Value
thumbprint string No The revoked VPN client certificate thumbprint.

P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat object

Name Type Required Value
publicCertData string Yes The certificate public data.

P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat object

Name Type Required Value
thumbprint string No The Radius client root certificate thumbprint.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates Virtual wan resources

Deploy to Azure
This template allows you to create virtual wan resources including virtual wan, virtual hub, vpn gateway, vpnsite and a vpn connecton.
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.