Partner Integration Guidelines
Table of Contents
Overview
This guide provides best‑practice recommendations for integrating third‑party network and security solutions with Azure Virtual WAN. It covers authentication, routing, and policy synchronization to ensure secure and reliable connectivity.
Prerequisites
- Active Azure subscription with Virtual WAN enabled.
- Partner device with firmware version ≥ 2024.2.
- Service principal with
Network Contributorrole on the Virtual WAN resource. - Public IP address allocated for the partner edge.
Integration Steps
- Create a Virtual WAN Hub (or identify an existing hub).
- Register the partner edge using the Azure portal or CLI.
- Configure BGP peering on both Azure and the partner device.
- Apply security policies to traffic flowing through the hub.
- Validate connectivity with test traffic.
Step 1 – Create a Hub (CLI Example)
az network vhub create \
--resource-group MyResourceGroup \
--name MyHub \
--address-prefix 10.0.0.0/24 \
--virtual-wan MyVirtualWan \
--sku StandardStep 2 – Register Partner Edge (Portal)
Navigate to Virtual WAN → Hubs → <Your Hub> → Partner Edge and click Add partner edge. Provide the device's public IP, ASN, and BGP settings.
Sample Configuration
Azure BGP Settings
{
"asn": 65515,
"bgpPeeringAddress": "10.0.0.254",
"peerWeight": 0
}Partner Device BGP Settings
router bgp 65515
neighbor 10.0.0.254 remote-as 65515
neighbor 10.0.0.254 description "Azure Virtual WAN Hub"
network 10.1.0.0 mask 255.255.255.0FAQs
Can I use multiple partner edges on a single hub?
Yes. Azure Virtual WAN supports up to 20 partner edges per hub. Each edge must have a unique BGP ASN.
What is the recommended BGP hold time?
Set the hold time to 90 seconds to align with most vendor defaults and ensure quick failover.