Configure a virtual network gateway for ExpressRoute using PowerShell

This article walks you through the steps to add, resize, and remove a virtual network gateway for a preexisting virtual network (VNet) using PowerShell. The steps for this configuration apply to VNets that were created using the Resource Manager deployment model for an ExpressRoute configuration. For more information about virtual network gateways and gateway configuration settings for ExpressRoute, see About virtual network gateways for ExpressRoute.

Prerequisites

Configuration reference list

The steps for this task use a VNet based on the values in the following configuration reference list. More settings and names are also outlined in this list. We don't use this list directly in any of the steps, although we do add variables based on the values in this list. You can copy the list to use as a reference, replacing the values with your own.

Add a gateway

1. To connect with Azure, run Connect-AzAccount.

2. Declare your variables for this tutorial. Be sure to edit the sample to reflect the settings that you want to use.

   $RG = "TestRG"
   $Location = "West US"
   $GWName = "GW"
   $GWIPName = "GWIP"
   $GWIPconfName = "gwipconf"
   $VNetName = "TestVNet"
   

   If you want to create the gateway in an Azure Extended Zone, add the $ExtendedLocation variable.

   $RG = "TestRG"
   $Location = "West US"
   $ExtendedLocation = "losangeles"
   $GWName = "GW"
   $GWIPName = "GWIP"
   $GWIPconfName = "gwipconf"
   $VNetName = "TestVNet"
   

3. Store the virtual network object as a variable.

   $vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
   

4. Add a gateway subnet to your Virtual Network. The gateway subnet must be named "GatewaySubnet". The gateway subnet has to be /27 or larger (/26, /25, and so on). If you plan on connecting 16 ExpressRoute circuits to your gateway, you must create a gateway subnet of /26 or larger.

   Add-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix 192.168.200.0/26
   

   If you're using a dual stack virtual network and plan to use IPv6-based private peering over ExpressRoute, create a dual stack gateway subnet instead.

   Add-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix "10.0.0.0/26","ace:daa:daaa:deaa::/64"
   

5. Set the configuration.

   $vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
   

6. Store the gateway subnet as a variable.

   $subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
   

7. Public IP is no longer required for ExpressRoute gateways, except in the case of extended zone gateways. If you want to create the gateway in an Azure Extended Zone, request a public IP address in the Extended Zone using the -ExtendedLocation parameter.

   $pip = New-AzPublicIpAddress -Name $GWIPName  -ResourceGroupName $RG -Location $Location -ExtendedLocation $ExtendedLocation -AllocationMethod Static -SKU Standard
   

   Note

   Basic SKU public IP isn't supported with new ExpressRoute virtual network gateway. Creating a public IP is no longer required, Microsoft will create and manage your public IP. This means all ExpressRoute virtual network gateways are created as zone-redundant.

8. Create the configuration for your gateway. The gateway configuration defines the subnet to use. In this step, you're specifying the configuration that will be used when you create the gateway. Use the following sample to create your gateway configuration.

   $ipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet 
   

   If you want to create the gateway in an Azure Extended Zone, Use the following sample.

   $ipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddressId $pip.Id 
   

9. Create the gateway. In this step, the -GatewayType is especially important. You must use the value ExpressRoute. After running these cmdlets, the gateway can take 45 minutes or more to create.

   New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Expressroute -GatewaySku Standard
   

   If you want to create the gateway in an Azure Extended Zone, add the -ExtendedLocation parameter.

   New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -ExtendedLocation $ExtendedLocation -IpConfigurations $ipconf -GatewayType Expressroute -GatewaySku Standard
   

   Note

   To create the gateway in an Azure Extended Zone, you must first request access to the Extended Zone. Once you have access, you can create the gateway.

   The following considerations apply when creating a virtual network gateway in an Extended Zone:

   • Availability Zones aren't supported in Azure Extended Zones.
   • The following SKUs are currently supported in Azure Extended Zones: Standard, HighPerformance, UltraPerformance.
   • Local SKU circuit isn't supported with gateways in Azure Extended Zone.

Verify the gateway was created

Use the following commands to verify that the gateway has been created:

Get-AzVirtualNetworkGateway -ResourceGroupName $RG

Resize a gateway

There are a number of gateway SKUs. You can use the following command to change the Gateway SKU at any time.

$gw = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
Resize-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -GatewaySku HighPerformance

Clean up resources

Use the following command to remove the gateway:

Remove-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG

Next steps

After you've created the VNet gateway, you can link your VNet to an ExpressRoute circuit.