Deploy a gateway into a Virtual WAN hub

2.4 Azure Virtual WAN

📘Microsoft Azure Networking Solutions (AZ-700)

Overview

Before we dive into deploying a gateway, you need to understand Azure Virtual WAN.

  • Azure Virtual WAN is a networking service that helps connect multiple networks, branch offices, and users globally in a simplified and centralized way.
  • It provides hubs that act as central points in Azure where you can connect:
    • Virtual networks (VNets)
    • On-premises networks
    • VPN connections
    • ExpressRoute circuits
  • A Virtual WAN hub is like a “network hub” in Azure where gateways and connections are deployed.

Think of the hub as a centralized location in Azure that handles all incoming and outgoing traffic between VNets, on-premises sites, and users.

What is a Virtual WAN Gateway?

A Virtual WAN gateway is a virtual appliance deployed inside a Virtual WAN hub. It allows traffic to move between:

  1. On-premises networks via VPN or ExpressRoute.
  2. Remote users via Azure VPN (point-to-site).
  3. Other VNets connected to the hub.

Types of gateways you can deploy in a Virtual WAN hub:

  1. VPN Gateway
    • Connects on-premises sites or remote users to the Virtual WAN.
    • Supports:
      • Site-to-site VPN (connects branch offices)
      • Point-to-site VPN (connects individual users securely)
      • VNet-to-VNet traffic via the hub
  2. ExpressRoute Gateway
    • Connects on-premises networks to Azure using ExpressRoute circuits.
    • Provides private, dedicated connectivity to Azure services.

Steps to Deploy a Gateway into a Virtual WAN Hub

Here’s a step-by-step explanation you need to know for the exam:

1. Create or Identify a Virtual WAN Hub

  • Each hub belongs to a Virtual WAN.
  • You can have multiple hubs in different regions.
  • A hub must exist before deploying a gateway.

2. Choose the Gateway Type

  • Decide based on your connectivity need:
    • VPN Gateway: For secure IPsec/IKE VPN connections or remote users.
    • ExpressRoute Gateway: For private, high-speed connections using ExpressRoute.

3. Deploy the Gateway

  • Go to the Azure portal, navigate to the Virtual WAN hub.
  • Select “VPN Gateway” or “ExpressRoute Gateway”.
  • Provide required configuration details:
    • Name of the gateway
    • VPN type (Policy-based or Route-based) for VPN gateways
    • SKU (Basic, Standard, or HighPerformance) depending on traffic needs
    • Virtual WAN Hub it will be associated with
  • Deployment is regional, so the gateway will exist in the same region as the hub.

4. Configure Connections

After the gateway is deployed, you can connect:

  • On-premises networks (site-to-site VPN or ExpressRoute circuits)
  • Remote users (point-to-site VPN)
  • Other VNets (VNet peering through the hub)

Important for the exam: Traffic between VNets connected via Virtual WAN flows through the hub and the gateway.

5. Monitor and Maintain

  • Use Azure Monitor or Network Watcher to check:
    • VPN connections status
    • ExpressRoute circuits
    • Gateway throughput and performance
  • You can scale up or down the gateway SKU if traffic patterns change.

Key Exam Points to Remember

  1. A gateway must be deployed inside a Virtual WAN hub. Without it, the hub cannot connect to external networks.
  2. VPN and ExpressRoute gateways are different types and cannot be mixed in a single deployment.
  3. Gateway SKUs determine throughput and number of tunnels supported:
    • Basic: Low throughput, limited tunnels
    • Standard: Medium throughput
    • HighPerformance: High throughput, enterprise-grade
  4. Gateways enable branch-to-Azure, VNet-to-VNet, and user-to-Azure connectivity.
  5. Traffic between connected VNets in different regions flows via the hub gateway unless using Global Transit (Virtual WAN Global routing).

IT Environment Example (Non-real-life analogies)

  • A company HQ in New York has a Virtual WAN hub in East US region.
  • They deploy a VPN gateway in the hub to allow remote employees worldwide to securely connect.
  • They also deploy an ExpressRoute gateway to connect a private data center in London directly to Azure VNets.
  • All VNets connected to this hub can communicate through these gateways, without creating individual VPNs for each network.

Exam Tip

  • Memorize the steps to deploy a gateway.
  • Know the difference between VPN and ExpressRoute gateways.
  • Remember that gateways are hub-specific, not global, but Virtual WAN supports global transit routing across hubs.
  • Understand the role of SKUs for gateway performance.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by