Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The virtualNetworkGateways/natRules resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways/natRules resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/virtualNetworkGateways/natRules@2024-03-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    externalMappings: [
      {
        addressSpace: 'string'
        portRange: 'string'
      }
    ]
    internalMappings: [
      {
        addressSpace: 'string'
        portRange: 'string'
      }
    ]
    ipConfigurationId: 'string'
    mode: 'string'
    type: 'string'
  }
}
Property Values
Microsoft.Network/virtualNetworkGateways/natRules
| Name | Description | Value | 
|---|---|---|
| name | The resource name | string (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. | Symbolic name for resource of type: virtualNetworkGateways | 
| properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties | 
VirtualNetworkGatewayNatRuleProperties
| Name | Description | Value | 
|---|---|---|
| externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] | 
| internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] | 
| ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string | 
| mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' | 
| type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' | 
VpnNatRuleMapping
| Name | Description | Value | 
|---|---|---|
| addressSpace | Address space for Vpn NatRule mapping. | string | 
| portRange | Port range for Vpn NatRule mapping. | string | 
ARM template resource definition
The virtualNetworkGateways/natRules resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways/natRules resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/virtualNetworkGateways/natRules",
  "apiVersion": "2024-03-01",
  "name": "string",
  "properties": {
    "externalMappings": [
      {
        "addressSpace": "string",
        "portRange": "string"
      }
    ],
    "internalMappings": [
      {
        "addressSpace": "string",
        "portRange": "string"
      }
    ],
    "ipConfigurationId": "string",
    "mode": "string",
    "type": "string"
  }
}
Property Values
Microsoft.Network/virtualNetworkGateways/natRules
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2024-03-01' | 
| name | The resource name | string (required) | 
| properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties | 
| type | The resource type | 'Microsoft.Network/virtualNetworkGateways/natRules' | 
VirtualNetworkGatewayNatRuleProperties
| Name | Description | Value | 
|---|---|---|
| externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] | 
| internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] | 
| ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string | 
| mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' | 
| type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' | 
VpnNatRuleMapping
| Name | Description | Value | 
|---|---|---|
| addressSpace | Address space for Vpn NatRule mapping. | string | 
| portRange | Port range for Vpn NatRule mapping. | string | 
Usage Examples
Terraform (AzAPI provider) resource definition
The virtualNetworkGateways/natRules resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/virtualNetworkGateways/natRules resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/virtualNetworkGateways/natRules@2024-03-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      externalMappings = [
        {
          addressSpace = "string"
          portRange = "string"
        }
      ]
      internalMappings = [
        {
          addressSpace = "string"
          portRange = "string"
        }
      ]
      ipConfigurationId = "string"
      mode = "string"
      type = "string"
    }
  }
}
Property Values
Microsoft.Network/virtualNetworkGateways/natRules
| Name | Description | Value | 
|---|---|---|
| name | The resource name | string (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: virtualNetworkGateways | 
| properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties | 
| type | The resource type | "Microsoft.Network/virtualNetworkGateways/natRules@2024-03-01" | 
VirtualNetworkGatewayNatRuleProperties
| Name | Description | Value | 
|---|---|---|
| externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] | 
| internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] | 
| ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string | 
| mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' | 
| type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' | 
VpnNatRuleMapping
| Name | Description | Value | 
|---|---|---|
| addressSpace | Address space for Vpn NatRule mapping. | string | 
| portRange | Port range for Vpn NatRule mapping. | string | 
Usage Examples
Terraform Samples
A basic example of deploying Virtual Network Gateway Nat Rule.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}
resource "azapi_resource" "publicIPAddress" {
  type      = "Microsoft.Network/publicIPAddresses@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      ddosSettings = {
        protectionMode = "VirtualNetworkInherited"
      }
      idleTimeoutInMinutes     = 4
      publicIPAddressVersion   = "IPv4"
      publicIPAllocationMethod = "Dynamic"
    }
    sku = {
      name = "Basic"
      tier = "Regional"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = "GatewaySubnet"
  body = {
    properties = {
      addressPrefix = "10.0.1.0/24"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "virtualNetworkGateway" {
  type      = "Microsoft.Network/virtualNetworkGateways@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      activeActive           = false
      enableBgp              = false
      enablePrivateIpAddress = false
      gatewayType            = "Vpn"
      ipConfigurations = [
        {
          name = "vnetGatewayConfig"
          properties = {
            privateIPAllocationMethod = "Dynamic"
            publicIPAddress = {
              id = azapi_resource.publicIPAddress.id
            }
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
      sku = {
        name = "Basic"
        tier = "Basic"
      }
      vpnType = "RouteBased"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  timeouts {
    create = "180m"
    update = "180m"
    delete = "60m"
  }
}
resource "azapi_resource" "natRule" {
  type      = "Microsoft.Network/virtualNetworkGateways/natRules@2022-07-01"
  parent_id = azapi_resource.virtualNetworkGateway.id
  name      = var.resource_name
  body = {
    properties = {
      externalMappings = [
        {
          addressSpace = "10.1.0.0/26"
        },
      ]
      internalMappings = [
        {
          addressSpace = "10.3.0.0/26"
        },
      ]
      mode = "EgressSnat"
      type = "Static"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}