Set-AzVirtualNetworkGateway

Set-AzVirtualNetworkGateway
    -VirtualNetworkGateway <PSVirtualNetworkGateway>
    [-GatewaySku <String>]
    [-GatewayDefaultSite <PSLocalNetworkGateway>]
    [-VpnClientAddressPool <String[]>]
    [-VpnClientProtocol <String[]>]
    [-VpnAuthenticationType <String[]>]
    [-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
    [-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
    [-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
    [-Asn <UInt32>]
    [-PeerWeight <Int32>]
    [-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
    [-EnableActiveActiveFeature]
    [-EnablePrivateIpAddress <Boolean>]
    [-DisableActiveActiveFeature]
    [-RadiusServerAddress <String>]
    [-RadiusServerSecret <SecureString>]
    [-RadiusServerList <PSRadiusServer[]>]
    [-AadTenantUri <String>]
    [-AadAudienceId <String>]
    [-AadIssuerUri <String>]
    [-RemoveAadAuthentication]
    [-CustomRoute <String[]>]
    [-NatRule <PSVirtualNetworkGatewayNatRule[]>]
    [-BgpRouteTranslationForNat <Boolean>]
    [-MinScaleUnit <Int32>]
    [-MaxScaleUnit <Int32>]
    [-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
    [-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
    [-AdminState <String>]
    [-AllowRemoteVnetTraffic <Boolean>]
    [-ResiliencyModel <String>]
    [-AllowVirtualWanTraffic <Boolean>]
    [-UserAssignedIdentityId <String>]
    [-Identity <PSManagedServiceIdentity>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzVirtualNetworkGateway
    -VirtualNetworkGateway <PSVirtualNetworkGateway>
    -Tag <Hashtable>
    [-GatewaySku <String>]
    [-GatewayDefaultSite <PSLocalNetworkGateway>]
    [-VpnClientAddressPool <String[]>]
    [-VpnClientProtocol <String[]>]
    [-VpnAuthenticationType <String[]>]
    [-VpnClientRootCertificates <PSVpnClientRootCertificate[]>]
    [-VpnClientRevokedCertificates <PSVpnClientRevokedCertificate[]>]
    [-VpnClientIpsecPolicy <PSIpsecPolicy[]>]
    [-Asn <UInt32>]
    [-PeerWeight <Int32>]
    [-IpConfigurationBgpPeeringAddresses <PSIpConfigurationBgpPeeringAddress[]>]
    [-EnableActiveActiveFeature]
    [-EnablePrivateIpAddress <Boolean>]
    [-DisableActiveActiveFeature]
    [-RadiusServerAddress <String>]
    [-RadiusServerSecret <SecureString>]
    [-RadiusServerList <PSRadiusServer[]>]
    [-AadTenantUri <String>]
    [-AadAudienceId <String>]
    [-AadIssuerUri <String>]
    [-RemoveAadAuthentication]
    [-CustomRoute <String[]>]
    [-NatRule <PSVirtualNetworkGatewayNatRule[]>]
    [-BgpRouteTranslationForNat <Boolean>]
    [-MinScaleUnit <Int32>]
    [-MaxScaleUnit <Int32>]
    [-VirtualNetworkGatewayPolicyGroup <PSVirtualNetworkGatewayPolicyGroup[]>]
    [-ClientConnectionConfiguration <PSClientConnectionConfiguration[]>]
    [-AdminState <String>]
    [-AllowRemoteVnetTraffic <Boolean>]
    [-ResiliencyModel <String>]
    [-AllowVirtualWanTraffic <Boolean>]
    [-UserAssignedIdentityId <String>]
    [-Identity <PSManagedServiceIdentity>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

O cmdlet Set-AzVirtualNetworkGateway atualiza um gateway de rede virtual.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Asn 1337

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atualiza o gateway de rede virtual armazenado em $Gateway variável. O comando também define o ASN como 1337.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vpnclientipsecpolicy = New-AzVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86472 -SADataSize 429497 -IkeEncryption AES256 -IkeIntegrity SHA256 -DhGroup DHGroup2 -PfsGroup None
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientIpsecPolicy $vpnclientipsecpolicy

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando cria o objeto de política ipsec vpn de acordo com os parâmetros ipsec especificados. O terceiro comando atualiza o gateway de rede virtual armazenado em $Gateway variável. O comando também define a política ipsec de vpn personalizada especificada no objeto $vpnclientipsecpolicy no gateway de rede virtual.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -Tag @{ testtagKey="SomeTagKey"; testtagValue="SomeKeyValue" }

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westus
Id                     : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid           : 00000000-0000-0000-0000-000000000000
ProvisioningState      : Succeeded
Tags                   :
                         Name          Value
                         ============  ============
                         testtagValue  SomeKeyValue
                         testtagKey    SomeTagKey

IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
                             },
                             "Name": "vng1ipConfig",
                             "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
                             "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "1.2.3.4",
                           "PeerWeight": 0
                         }

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atualiza o gateway de rede virtual Gateway01 com as marcas @{ testtagKey="SomeTagKey"; testtagValue="SomeKeyValue" }.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -AadTenantUri "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4" -AadIssuerUri "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/" -AadAudienceId "a21fce82-76af-45e6-8583-a08cb3b956f9"

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westus
Id                     : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid           : 00000000-0000-0000-0000-000000000000
ProvisioningState      : Succeeded
Tags                   :
                         Name          Value
                         ============  ============
                         testtagValue  SomeKeyValue
                         testtagKey    SomeTagKey

IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/Gateway001Ip"
                             },
                             "Name": "vng1ipConfig",
                             "Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
                             "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/Gateway001IpConfig"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
vpnClientConfiguration : {
                    "vpnClientProtocols": [
					"OpenVPN"
					],

                    "vpnClientAddressPool": {
                    "addressPrefixes": [
                        "101.10.0.0/16"
                    ]
                	},
					"vpnClientRootCertificates": "",
                    "vpnClientRevokedCertificates": "",

                    "radiusServerAddress": "",
                    "radiusServerSecret": "",
					"aadTenantUri": "https://login.microsoftonline.com/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4\",
					"aadAudienceId": "a21fce82-76af-45e6-8583-a08cb3b956g9\",
					"aadIssuerUri": "https://sts.windows.net/0ab2c4f4-81e6-44cc-a0b2-b3a47a1443f4/\"
                },
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "1.2.3.4",
                           "PeerWeight": 0
                         }

Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCert -RemoveAadAuthentication

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atualiza o gateway de rede virtual Gateway01 com as configurações de autenticação do AAD params:aadTenantUri, aadAudienceId, aadIssuerUri para VpnClient. O terceiro comando remove a configuração de autenticação do AAD do VpnClient do gateway de rede virtual.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @('169.254.21.25')
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [
                                 "169.254.21.55"
                               ],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atribui o valor da ID do Gateway01 IpConfiguration de rede virtual à variável ipconfigurationId1. O terceiro comando atribui a lista de endereços à lista de endereços1. O quarto comando criou um objeto PSIpConfigurationBgpPeeringAddress. O quinto comando define este novo PSIpConfigurationBgpPeeringAddress criado para IpConfigurationBgpPeeringAddresses e atualiza o gateway.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$ipconfigurationId1 = '/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default'
$addresslist1 = @()
$gw1ipconfBgp1 = New-AzIpConfigurationBgpPeeringAddressObject -IpConfigurationId $ipconfigurationId1 -CustomAddress $addresslist1
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -IpConfigurationBgpPeeringAddresses $gw1ipconfBgp1

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atribui o valor da ID do Gateway01 IpConfiguration de rede virtual à variável ipconfigurationId1. O terceiro comando atribui a lista de endereços à lista de endereços1. O quarto comando criou um objeto PSIpConfigurationBgpPeeringAddress. O quinto comando define este novo PSIpConfigurationBgpPeeringAddress criado para IpConfigurationBgpPeeringAddresses e atualiza o gateway.

$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"
$vngNatRules = $Gateway.NatRules
$natRule = New-AzVirtualNetworkGatewayNatRule -Name "natRule1" -Type "Static" -Mode "IngressSnat" -InternalMapping @("25.0.0.0/16") -ExternalMapping @("30.0.0.0/16")
$vngNatRules.Add($natrule)
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -NatRule $vngNatRules.NatRules -BgpRouteTranslationForNat $true

Name                   : Gateway001
ResourceGroupName      : ResourceGroup001
Location               : westcentralus
Id                     : /subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001
Etag                   : W/"a08f13d3-6106-44e0-9127-e35e6f9793d5"
ResourceGuid           : 30993429-a1ed-42ca-9862-9156b013626e
ProvisioningState      : Succeeded
Tags                   :
IpConfigurations       : [
                           {
                             "PrivateIpAllocationMethod": "Dynamic",
                             "Subnet": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworks/newApipaNet/subnets/GatewaySubnet"
                             },
                             "PublicIpAddress": {
                               "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/publicIPAddresses/newapipaip"
                             },
                             "Name": "default",
                             "Etag": "W/\"a08f13d3-6106-44e0-9127-e35e6f9793d5\"",
                             "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default"
                           }
                         ]
GatewayType            : Vpn
VpnType                : RouteBased
EnableBgp              : False
ActiveActive           : False
GatewayDefaultSite     : null
Sku                    : {
                           "Capacity": 2,
                           "Name": "VpnGw1",
                           "Tier": "VpnGw1"
                         }
VpnClientConfiguration : null
BgpSettings            : {
                           "Asn": 65515,
                           "BgpPeeringAddress": "10.1.255.30",
                           "PeerWeight": 0,
                           "BgpPeeringAddresses": [
                             {
                               "IpconfigurationId": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/ipConfigurations/default",
                               "DefaultBgpIpAddresses": [
                                 "10.1.255.30"
                               ],
                               "CustomBgpIpAddresses": [
                                 "169.254.21.55"
                               ],
                               "TunnelIpAddresses": [
                                 "13.78.146.151"
                               ]
                             }
                           ]
                         }
NatRules                        : [
                                    {
                                      "VirtualNetworkGatewayNatRulePropertiesType": "Static",
                                      "Mode": "IngressSnat",
                                      "InternalMappings": [
                                        {
                                          "AddressSpace": "25.0.0.0/16"
                                        }
                                      ],
                                      "ExternalMappings": [
                                        {
                                          "AddressSpace": "30.0.0.0/16"
                                        }
                                      ],
                                      "ProvisioningState": "Succeeded",
                                      "Name": "natRule1",
                                      "Etag": "W/\"5150d788-e165-42ba-99c4-8138a545fce9\"",
                                      "Id": "/subscriptions/59ac12a6-f2b7-46d4-af3d-98ba9d9dbd92/resourceGroups/ResourceGroup001/providers/Microsoft.Network/virtualNetworkGateways/Gateway001/natRules/natRule1"
                                    }
                                  ]
EnableBgpRouteTranslationForNat : True

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando atribui as natrules existentes em vngNatRules variável. O terceiro comando atribui o valor recém-criado natrule de objeto PSVirtualNetworkGatewayNatRule em natRule variável. O quarto comando adiciona esse objeto PSVirtualNetworkGatewayNatRule à lista vngNatRules. O quinto comando define este novo PSVirtualNetworkGatewayNatRule criado para NatRules do gateway e atualiza o gateway.

$Gateway=Get-AzVirtualNetworkGateway -ResourceGroupName "ResourceGroup001" -Name "Gateway001"

$rootCerts=$Gateway.VpnClientConfiguration.VpnClientRootCertificates

$rootCerts.Count
$rootCerts[0]
$rootCerts[1]
$rootCerts.Remove($rootCerts[1])

$Gateway1 = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientRootCertificates $rootCerts

O primeiro comando obtém um gateway de rede virtual chamado Gateway01 que pertence ao grupo de recursos ResourceGroup001 e o armazena na variável chamada $Gateway O segundo comando obtém todos os certificados raiz no VirtualNetworkGateway e o salva em outra variável $rootCerts O terceiro comando mostra o total de certificados raiz existentes no VirtualNetworkGateway. Os próximos &cinco comandos imprimem certificados raiz nesses índices correspondentes para que o cliente veja quais deseja excluir. O sexto comando remove o certificado raiz expirado usando esse índice, por exemplo, aqui 1. Repita as mesmas etapas para remover vários certificados expirados da variável: $rootCerts O sétimo comando atualiza VirtualNetworkGateway para definir certificados raiz válidos, ou seja, certificados que existem na variável: $rootCerts

# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $true

Em ambos os casos, o primeiro comando recupera o gateway. Em seguida, você pode modificar a propriedade diretamente no objeto e persistê-la ou usar a opção no cmdlet Set-AzVirtualNetworkGateway.

# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowVirtualWanTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowVirtualWanTraffic $false

Em ambos os casos, o primeiro comando recupera o gateway. Em seguida, você pode modificar a propriedade diretamente no objeto e persistê-la ou usar a opção no cmdlet Set-AzVirtualNetworkGateway.

# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $true
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $true

Em ambos os casos, o primeiro comando recupera o gateway. Em seguida, você pode modificar a propriedade diretamente no objeto e persistê-la ou usar a opção no cmdlet Set-AzVirtualNetworkGateway.

# Option 1 - Retrieve the gateway object, modify the property and save the changes.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
$gateway.AllowRemoteVnetTraffic = $false
$gateway = Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway

# Option 2 - Use the cmdlet switch
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -AllowRemoteVnetTraffic $false

Em ambos os casos, o primeiro comando recupera o gateway. Em seguida, você pode modificar a propriedade diretamente no objeto e persistê-la ou usar a opção no cmdlet Set-AzVirtualNetworkGateway.

# Create or retrieve the user-assigned managed identity
$identity = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroup001" -Name "myIdentity001"

# Get the virtual network gateway
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "resourceGroup001" -Name "gateway001"

# Set the identity using the UserAssignedIdentityId parameter
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -UserAssignedIdentityId $identity.Id

Este exemplo demonstra como configurar um gateway de rede virtual com uma identidade gerenciada atribuída pelo usuário. Isso usa o parâmetro UserAssignedIdentityId para criar o objeto de identidade gerenciada. As identidades atribuídas pelo usuário são úteis para acessar certificados do Azure Key Vault para autenticação de gateway.

Este cmdlet suporta os parâmetros comuns: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction e -WarningVariable. Para obter mais informações, consulte about_CommonParameters.