Getting Started with Azure Virtual WAN

Azure Virtual WAN is a networking service that brings together networking, security, and routing capabilities into a single operational interface. It is a fully managed WAN that allows you to connect and manage your infrastructure and branch offices.

This guide will walk you through the essential steps to get started with Azure Virtual WAN, from creation to connecting your first site.

Prerequisites

Before you begin, ensure you have the following:

  • An Azure subscription. If you don't have one, create a free account.
  • Sufficient permissions to create resources in your Azure subscription (e.g., Contributor or Owner role).
  • Basic understanding of Azure networking concepts (e.g., VNets, subnets, IP addressing).

Step 1: Create a Virtual WAN Resource

The Virtual WAN resource acts as a global endpoint for your WAN. It doesn't contain any resources itself but is the management container for your Virtual WAN components.

  1. Navigate to the Azure portal.
  2. Search for "Virtual WAN" in the top search bar and select it from the results.
  3. Click "+ Create" to start the Virtual WAN creation process.
  4. On the "Basics" tab:
    • Subscription: Select your Azure subscription.
    • Resource group: Create a new one or select an existing one.
    • Resource group location: Choose a region for your resource group.
    • Name: Provide a descriptive name for your Virtual WAN (e.g., MyVirtualWAN).
    • Type: Select "Virtual WAN".
    • Location: This is the region where the Virtual WAN resource itself is deployed. It acts as the management endpoint.
  5. Click "Review + create", and then "Create".
Note: The Virtual WAN resource location does not dictate the location of your hubs. Hubs can be deployed in any Azure region.

Step 2: Deploy a Virtual Hub

A Virtual Hub is a Microsoft-managed VNet that acts as the central point of connectivity for your Virtual WAN. It contains various network services like VPN gateway, ExpressRoute gateway, and VNet peering.

  1. Once your Virtual WAN resource is created, navigate to it in the Azure portal.
  2. In the Virtual WAN menu, under "Connectivity", select "Hubs".
  3. Click "+ Create hub".
  4. On the "Create a virtual hub" page:
    • Region: Select the Azure region where you want to deploy your hub. This should typically be a region close to your connected sites or resources.
    • Name: Provide a name for your hub (e.g., Hub-WestUS).
    • Hub private address space: Specify an IP address range for the hub VNet (e.g., 10.0.0.0/24). This range cannot overlap with any of your connected VNets or on-premises networks.
    • Virtual hub capacity: Choose the capacity based on your expected throughput.
    • Hub routing preference: Select "Express Route" or "VPN" based on your primary connection type (you can change this later).
  5. Click "Review + create", and then "Create".
Tip: It's recommended to deploy hubs in regions that best serve your geographic distribution of resources and sites.

Step 3: Connect Your Sites to the Hub

You can connect your on-premises sites (using VPN devices) or Azure VNets to your Virtual Hub.

3.1 Connecting an Azure VNet

  1. In the Virtual WAN menu, select "Virtual network connections".
  2. Click "+ Add connection".
  3. On the "Add connection" page:
    • Connection name: Give your connection a name (e.g., VNet-to-Hub).
    • Hubs: Select the hub you created.
    • Resource group: The resource group of your Virtual WAN.
    • Subscription: Your Azure subscription.
    • Virtual network: Select the Azure VNet you want to connect.
    • Propagate to none: Leave as default unless you have specific routing needs.
    • Static routing: Configure static routes if needed.
    • Enable internet security: Toggle to enable Azure Firewall for internet-bound traffic if desired.
  4. Click "Create".

3.2 Connecting an On-Premises Site (VPN)

This involves configuring a VPN site and then creating a VPN connection from that site to your Virtual Hub.

  1. In the Virtual WAN menu, select "VPN sites".
    Click "+ Create VPN site".
  2. Fill in the details for your on-premises site, including its public IP address, address space, and any specific configuration details.
  3. Once the VPN site is created, select "Site-to-site VPN" under "Connectivity" in the Virtual WAN menu.
    Click "+ Create a site-to-site VPN connection".
  4. Configure the connection details, linking your VPN site to your Virtual Hub. You'll typically need to download a configuration file to apply to your on-premises VPN device.

Next Steps

Congratulations! You have successfully set up a basic Azure Virtual WAN. Here are some next steps to further enhance your network:

  • Deploy more hubs: For global reach and redundancy.
  • Connect more VNets and sites: Expand your network coverage.
  • Configure routing: Manage traffic flow between connected networks.
  • Integrate Azure Firewall: Enhance security for your WAN.
  • Explore ExpressRoute connectivity: For dedicated, high-bandwidth connections.
  • Monitor your WAN: Use Azure Monitor to track performance and identify issues.

For more in-depth information, refer to the official Azure Virtual WAN documentation.