MSDN / Documentation / Azure / Networking / Virtual WAN / Deployment

Deploying Azure Virtual WAN

Overview

Azure Virtual WAN provides a unified, global network architecture to connect your branches, remote users, and cloud resources. This guide walks you through creating a Virtual WAN, adding hubs, and establishing site‑to‑site, point‑to‑site, and VNet connections.

Virtual WAN architecture

Prerequisites

  • Azure subscription with Owner or Contributor rights.
  • Resource group where the resources will be deployed.
  • Existing Azure Virtual Networks (if you plan VNet connections).
  • Public IP address block for VPN gateways (if using site‑to‑site).
  • Azure PowerShell 7.x or Azure CLI 2.50+ installed.

Optional: Azure Policy to enforce naming conventions.

Step 1 – Create a Virtual WAN

Use the Azure portal or CLI to create the Virtual WAN resource.

az network vwan create \
    --resource-group MyResourceGroup \
    --name MyVirtualWAN \
    --location eastus \
    --type Standard \
    --disable-bgp-propagation false

Step 2 – Add Virtual Hubs

Virtual Hubs act as the regional central points for connectivity.

az network vhub create \
    --resource-group MyResourceGroup \
    --name HubEastUS \
    --address-prefix 10.0.0.0/24 \
    --vwan MyVirtualWAN \
    --location eastus \
    --sku Standard

Repeat for other regions as needed.

Step 3 – Configure Connections

Site‑to‑Site (S2S)

az network vpn-connection create \
    --resource-group MyResourceGroup \
    --name S2S-Conn1 \
    --vhub-name HubEastUS \
    --remote-vpn-site MyOnPremSite \
    --shared-key MySecretKey

Point‑to‑Site (P2S)

az network p2s-vpn-gateway create \
    --resource-group MyResourceGroup \
    --name P2SGateway \
    --vhub-name HubEastUS \
    --vpn-client-address-pool 172.16.0.0/24 \
    --scale-unit 2

VNet Peerings

az network vnet-gateway conn create \
    --resource-group MyResourceGroup \
    --name VNet-Conn \
    --vnet-gateway1 MyVNetGateway \
    --vhub-name HubEastUS \
    --connection-type VnetToVnet \
    --routing-weight 10

Validation

Confirm the deployment using Azure portal dashboards or CLI.

az network vwan show --resource-group MyResourceGroup --name MyVirtualWAN

Check hub status:

az network vhub show --resource-group MyResourceGroup --name HubEastUS

Next steps