Get Started with Azure Virtual WAN

Azure Virtual WAN is a networking service that brings together various Microsoft cloud networking capabilities into a single operational interface. This hub-and-spoke architecture is optimized and automated for end-to-end connectivity and routing. This guide will walk you through the initial steps to set up and configure your Virtual WAN environment.

Before You Begin

Ensure you have an active Azure subscription. For detailed prerequisites and considerations, refer to the Virtual WAN Overview page.

Step 1: Create a Virtual WAN Resource

The Virtual WAN resource is the central management point for your Virtual WAN. You can create this resource through the Azure portal, Azure CLI, or Azure PowerShell.

Navigate to the Azure portal and search for "Virtual WAN".

Click "Create".

Fill in the required details: Subscription, Resource group, Resource name, Region, and Virtual WAN type. Choose "Standard" for advanced features.

Click "Review + create", then "Create" to deploy the resource.

Step 2: Create a Virtual Hub

A Virtual Hub is a Microsoft-managed virtual network that acts as a connectivity hub. It contains a hub router, VPN endpoints, and other networking services.

Once your Virtual WAN resource is deployed, navigate to it in the Azure portal.

Under "Connectivity", click "Hubs", then "+ Create hub".

Select the Region, Resource group, provide a Hub name, and define a Hub private address space (e.g., 10.0.0.0/24).

Configure the Hub routing preference (e.g., "Azure-to-internet" for direct internet access). Click "Review + create", then "Create".

Tip:

The hub deployment can take 30 minutes or more. You can monitor the progress in the Azure portal notifications.

Step 3: Connect Your Virtual Networks

To enable connectivity between your virtual networks and the hub, you need to create VNet connections.

In your Virtual WAN resource, navigate to "Hubs" and select the hub you created.

Under "Connectivity", click "Virtual network connections", then "+ Add connection".

Provide a Connection name, select the Target Virtual Hub, and choose the Virtual network you want to connect.

Enable "Propagate to none" or specific route tables based on your routing needs. Click "Create".

Step 4: Connect Your Branch Offices (Optional)

You can connect your on-premises sites to your Virtual WAN hub using Site-to-Site VPN connections.

Important:

Before proceeding, ensure you have a VPN device configured at your branch office with compatible settings. Refer to the Azure VPN Gateway documentation for supported devices and configuration steps.

In your Virtual WAN resource, navigate to "Site-to-site VPNs", then "+ Create VPN site".

Provide a Name, Region, IP address of your VPN device, and configure the Address space of your on-premises network.

Navigate to "Hubs", select your hub, go to "VPN (Site to site)", and click "+ Create VPN connection".

Select your Virtual WAN, Hub, VPN site, and provide the Shared key. Click "Create".

Next Steps

Congratulations! You have successfully set up the foundational components of Azure Virtual WAN. From here, you can explore advanced configurations:

Explore Virtual WAN Features
Understand the Architecture
Consult How-to Guides for more complex scenarios like ExpressRoute, Hub-to-hub routing, and firewall integration.