Share via

Microsoft.Network virtualWans 2019-06-01

Bicep resource definition

The virtualWans resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualWans resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/virtualWans@2019-06-01' = {
  scope: resourceSymbolicName or scope
  ___location: 'string'
  name: 'string'
  properties: {
    allowBranchToBranchTraffic: bool
    allowVnetToVnetTraffic: bool
    disableVpnEncryption: bool
    p2SVpnServerConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          etag: 'string'
          name: 'string'
          p2SVpnServerConfigRadiusClientRootCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                thumbprint: 'string'
              }
            }
          ]
          p2SVpnServerConfigRadiusServerRootCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                publicCertData: 'string'
              }
            }
          ]
          p2SVpnServerConfigVpnClientRevokedCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                thumbprint: 'string'
              }
            }
          ]
          p2SVpnServerConfigVpnClientRootCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                publicCertData: 'string'
              }
            }
          ]
          radiusServerAddress: 'string'
          radiusServerSecret: 'string'
          vpnClientIpsecPolicies: [
            {
              dhGroup: 'string'
              ikeEncryption: 'string'
              ikeIntegrity: 'string'
              ipsecEncryption: 'string'
              ipsecIntegrity: 'string'
              pfsGroup: 'string'
              saDataSizeKilobytes: int
              saLifeTimeSeconds: int
            }
          ]
          vpnProtocols: [
            'string'
          ]
        }
      }
    ]
    securityProviderName: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.Network/virtualWans

Name Description Value
___location Resource ___location. string
name The resource name string (required)
properties Properties of the virtual WAN. VirtualWanProperties
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.
tags Resource tags Dictionary of tag names and values. See Tags in templates

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

P2SVpnServerConfigRadiusClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the Radius client root certificate. P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

Name Description Value
thumbprint The Radius client root certificate thumbprint. string

P2SVpnServerConfigRadiusServerRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration Radius Server root certificate. P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat (required)

P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

P2SVpnServerConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServer configuration. P2SVpnServerConfigurationProperties

P2SVpnServerConfigurationProperties

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The name of the P2SVpnServerConfiguration that is unique within a VirtualWan in a resource group. This name can be used to access the resource along with Paren VirtualWan resource name. string
p2SVpnServerConfigRadiusClientRootCertificates Radius client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusClientRootCertificate[]
p2SVpnServerConfigRadiusServerRootCertificates Radius Server root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusServerRootCertificate[]
p2SVpnServerConfigVpnClientRevokedCertificates VPN client revoked certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRevokedCertificate[]
p2SVpnServerConfigVpnClientRootCertificates VPN client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRootCertificate[]
radiusServerAddress The radius server address property of the P2SVpnServerConfiguration resource for point to site client connection. string
radiusServerSecret The radius secret property of the P2SVpnServerConfiguration resource for point to site client connection. string
vpnClientIpsecPolicies VpnClientIpsecPolicies for P2SVpnServerConfiguration. IpsecPolicy[]
vpnProtocols VPN protocols for the P2SVpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

P2SVpnServerConfigVpnClientRevokedCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the vpn client revoked certificate. P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

Name Description Value
thumbprint The revoked VPN client certificate thumbprint. string

P2SVpnServerConfigVpnClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration VPN client root certificate. P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat (required)

P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

ResourceTags

Name Description Value

VirtualWanProperties

Name Description Value
allowBranchToBranchTraffic True if branch to branch traffic is allowed. bool
allowVnetToVnetTraffic True if Vnet to Vnet traffic is allowed. bool
disableVpnEncryption Vpn encryption to be disabled or not. bool
p2SVpnServerConfigurations List of all P2SVpnServerConfigurations associated with the virtual wan. P2SVpnServerConfiguration[]
securityProviderName The Security Provider name. string

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Virtual WAN AVM Resource Module for Virtual WAN

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Creates Virtual WAN resources This template allows you to create virtual WAN resources including Virtual WAN, Virtual Hub, VPN Gateway, VPN Site and a VPN Connecton.
Secured virtual hubs This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.

ARM template resource definition

The virtualWans resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualWans resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/virtualWans",
  "apiVersion": "2019-06-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "allowBranchToBranchTraffic": "bool",
    "allowVnetToVnetTraffic": "bool",
    "disableVpnEncryption": "bool",
    "p2SVpnServerConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "etag": "string",
          "name": "string",
          "p2SVpnServerConfigRadiusClientRootCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "thumbprint": "string"
              }
            }
          ],
          "p2SVpnServerConfigRadiusServerRootCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "publicCertData": "string"
              }
            }
          ],
          "p2SVpnServerConfigVpnClientRevokedCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "thumbprint": "string"
              }
            }
          ],
          "p2SVpnServerConfigVpnClientRootCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "publicCertData": "string"
              }
            }
          ],
          "radiusServerAddress": "string",
          "radiusServerSecret": "string",
          "vpnClientIpsecPolicies": [
            {
              "dhGroup": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "pfsGroup": "string",
              "saDataSizeKilobytes": "int",
              "saLifeTimeSeconds": "int"
            }
          ],
          "vpnProtocols": [ "string" ]
        }
      }
    ],
    "securityProviderName": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.Network/virtualWans

Name Description Value
apiVersion The api version '2019-06-01'
___location Resource ___location. string
name The resource name string (required)
properties Properties of the virtual WAN. VirtualWanProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/virtualWans'

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

P2SVpnServerConfigRadiusClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the Radius client root certificate. P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

Name Description Value
thumbprint The Radius client root certificate thumbprint. string

P2SVpnServerConfigRadiusServerRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration Radius Server root certificate. P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat (required)

P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

P2SVpnServerConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServer configuration. P2SVpnServerConfigurationProperties

P2SVpnServerConfigurationProperties

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The name of the P2SVpnServerConfiguration that is unique within a VirtualWan in a resource group. This name can be used to access the resource along with Paren VirtualWan resource name. string
p2SVpnServerConfigRadiusClientRootCertificates Radius client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusClientRootCertificate[]
p2SVpnServerConfigRadiusServerRootCertificates Radius Server root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusServerRootCertificate[]
p2SVpnServerConfigVpnClientRevokedCertificates VPN client revoked certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRevokedCertificate[]
p2SVpnServerConfigVpnClientRootCertificates VPN client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRootCertificate[]
radiusServerAddress The radius server address property of the P2SVpnServerConfiguration resource for point to site client connection. string
radiusServerSecret The radius secret property of the P2SVpnServerConfiguration resource for point to site client connection. string
vpnClientIpsecPolicies VpnClientIpsecPolicies for P2SVpnServerConfiguration. IpsecPolicy[]
vpnProtocols VPN protocols for the P2SVpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

P2SVpnServerConfigVpnClientRevokedCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the vpn client revoked certificate. P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

Name Description Value
thumbprint The revoked VPN client certificate thumbprint. string

P2SVpnServerConfigVpnClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration VPN client root certificate. P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat (required)

P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

ResourceTags

Name Description Value

VirtualWanProperties

Name Description Value
allowBranchToBranchTraffic True if branch to branch traffic is allowed. bool
allowVnetToVnetTraffic True if Vnet to Vnet traffic is allowed. bool
disableVpnEncryption Vpn encryption to be disabled or not. bool
p2SVpnServerConfigurations List of all P2SVpnServerConfigurations associated with the virtual wan. P2SVpnServerConfiguration[]
securityProviderName The Security Provider name. string

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Azure Virtual WAN (vWAN) Multi-Hub Deployment

Deploy to Azure		 This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment including all gateways and VNET connections.
Azure vWAN Multi-Hub Deployment with Custom Routing Tables

Deploy to Azure		 This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment, including all gateways and VNET connections, and demonstrate the usage of Route Tables for custom routing.
Creates Virtual WAN resources

Deploy to Azure		 This template allows you to create virtual WAN resources including Virtual WAN, Virtual Hub, VPN Gateway, VPN Site and a VPN Connecton.
Secured virtual hubs

Deploy to Azure		 This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
vWAN P2S deployment with multi address pool and user groups

Deploy to Azure		 This template deploys Azure Virtual WAN (vWAN) with a P2S configured with multiple address pool and user groups

Terraform (AzAPI provider) resource definition

The virtualWans resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/virtualWans resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualWans@2019-06-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      allowBranchToBranchTraffic = bool
      allowVnetToVnetTraffic = bool
      disableVpnEncryption = bool
      p2SVpnServerConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            etag = "string"
            name = "string"
            p2SVpnServerConfigRadiusClientRootCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  thumbprint = "string"
                }
              }
            ]
            p2SVpnServerConfigRadiusServerRootCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  publicCertData = "string"
                }
              }
            ]
            p2SVpnServerConfigVpnClientRevokedCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  thumbprint = "string"
                }
              }
            ]
            p2SVpnServerConfigVpnClientRootCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  publicCertData = "string"
                }
              }
            ]
            radiusServerAddress = "string"
            radiusServerSecret = "string"
            vpnClientIpsecPolicies = [
              {
                dhGroup = "string"
                ikeEncryption = "string"
                ikeIntegrity = "string"
                ipsecEncryption = "string"
                ipsecIntegrity = "string"
                pfsGroup = "string"
                saDataSizeKilobytes = int
                saLifeTimeSeconds = int
              }
            ]
            vpnProtocols = [
              "string"
            ]
          }
        }
      ]
      securityProviderName = "string"
    }
  }
}

Property Values

Microsoft.Network/virtualWans

Name Description Value
___location Resource ___location. string
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Properties of the virtual WAN. VirtualWanProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/virtualWans@2019-06-01"

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

P2SVpnServerConfigRadiusClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the Radius client root certificate. P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

P2SVpnServerConfigRadiusClientRootCertificatePropertiesFormat

Name Description Value
thumbprint The Radius client root certificate thumbprint. string

P2SVpnServerConfigRadiusServerRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration Radius Server root certificate. P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat (required)

P2SVpnServerConfigRadiusServerRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

P2SVpnServerConfiguration

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServer configuration. P2SVpnServerConfigurationProperties

P2SVpnServerConfigurationProperties

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
name The name of the P2SVpnServerConfiguration that is unique within a VirtualWan in a resource group. This name can be used to access the resource along with Paren VirtualWan resource name. string
p2SVpnServerConfigRadiusClientRootCertificates Radius client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusClientRootCertificate[]
p2SVpnServerConfigRadiusServerRootCertificates Radius Server root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigRadiusServerRootCertificate[]
p2SVpnServerConfigVpnClientRevokedCertificates VPN client revoked certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRevokedCertificate[]
p2SVpnServerConfigVpnClientRootCertificates VPN client root certificate of P2SVpnServerConfiguration. P2SVpnServerConfigVpnClientRootCertificate[]
radiusServerAddress The radius server address property of the P2SVpnServerConfiguration resource for point to site client connection. string
radiusServerSecret The radius secret property of the P2SVpnServerConfiguration resource for point to site client connection. string
vpnClientIpsecPolicies VpnClientIpsecPolicies for P2SVpnServerConfiguration. IpsecPolicy[]
vpnProtocols VPN protocols for the P2SVpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

P2SVpnServerConfigVpnClientRevokedCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the vpn client revoked certificate. P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

P2SVpnServerConfigVpnClientRevokedCertificatePropertiesFormat

Name Description Value
thumbprint The revoked VPN client certificate thumbprint. string

P2SVpnServerConfigVpnClientRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the P2SVpnServerConfiguration VPN client root certificate. P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat (required)

P2SVpnServerConfigVpnClientRootCertificatePropertiesFormat

Name Description Value
publicCertData The certificate public data. string (required)

ResourceTags

Name Description Value

VirtualWanProperties

Name Description Value
allowBranchToBranchTraffic True if branch to branch traffic is allowed. bool
allowVnetToVnetTraffic True if Vnet to Vnet traffic is allowed. bool
disableVpnEncryption Vpn encryption to be disabled or not. bool
p2SVpnServerConfigurations List of all P2SVpnServerConfigurations associated with the virtual wan. P2SVpnServerConfiguration[]
securityProviderName The Security Provider name. string

Usage Examples

Terraform Samples

A basic example of deploying Virtual WAN.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "virtualWan" {
  type      = "Microsoft.Network/virtualWans@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      allowBranchToBranchTraffic     = true
      disableVpnEncryption           = false
      office365LocalBreakoutCategory = "None"
      type                           = "Standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}