How to Troubleshoot Azure Virtual WAN
This guide provides step‑by‑step procedures to identify, diagnose, and resolve common issues when using Azure Virtual WAN.
Common Issues
| Issue | Symptoms | Root Cause |
|---|---|---|
| Connectivity loss | Ping/ICMP fails, VPN tunnels down | Misconfigured BGP, expired certificate |
| Policy not applied | Traffic not routed through hub | Incorrect hub association |
| Performance degradation | High latency, packet loss | Insufficient SKU, congested link |
Diagnostic Steps
- Validate hub and site connectivity using
az network vwan hub show. - Check VPN tunnel health with
az network vpn-connection list. - Review BGP sessions via Azure portal → Virtual WAN → Hub → BGP peers.
- Run Network Watcher IP flow verification:
az network watcher test-ip-flow. - Examine NSG and firewall rules for unintended deny entries.
Tools & Resources
- Azure Network Watcher
- Virtual WAN portal wizard
- Diagnostic logs & metrics
- Official troubleshooting guide
Sample PowerShell Script
# Retrieve hub details Get-AzVirtualWAN -ResourceGroupName "MyRG" -Name "MyWAN" | Get-AzVirtualHub # List VPN connections and status Get-AzVpnSite -ResourceGroupName "MyRG" | Get-AzVpnConnection | Select-Object Name, ProvisioningState, ConnectionStatus
FAQ
- Why is my VPN tunnel showing "Disconnected"?
- Check the shared key, ensure the on‑premises device uses the same IKE version, and confirm that the public IP of the VPN gateway hasn't changed.
- How can I enable logging for Virtual WAN?
- Navigate to Virtual WAN → Diagnostic settings → Add diagnostic setting. Choose "AllMetrics" and "AllLogs" and point to a Log Analytics workspace.