Azure Virtual WAN – Getting Started

Azure Virtual WAN provides a unified wide‑area network service that connects branch offices, remote users, and data centers through a hub‑and‑spoke model. This guide walks you through provisioning a Virtual WAN, creating a hub, and connecting a site.

Prerequisites

• An active Azure subscription.
• Azure CLI 2.0+ installed or access to Azure Cloud Shell.
• Network address space defined for the hub and each site.

Create a Virtual WAN

Use Azure CLI to create the Virtual WAN resource.

az network vwan create \
    --resource-group MyResourceGroup \
    --name MyVirtualWAN \
    --location eastus \
    --type Basic

Add a Virtual Hub

Create a hub within the Virtual WAN to act as a central routing point.

az network vhub create \
    --resource-group MyResourceGroup \
    --name MyHub \
    --address-prefix 10.0.0.0/24 \
    --vwan MyVirtualWAN \
    --location eastus \
    --sku Standard

Connect Sites

Configure a site‑to‑site VPN connection from an on‑premises network.

# Create the VPN site
az network vpn-site create \
    --resource-group MyResourceGroup \
    --name OnPremSite \
    --address-prefixes 192.168.1.0/24 \
    --vpn-site-identifier "MyOnPrem" \
    --location eastus

# Link the site to the hub
az network vhub connection create \
    --resource-group MyResourceGroup \
    --name SiteToHub \
    --vhub-name MyHub \
    --remote-vpn-site OnPremSite \
    --routing-weight 10

Verification

Confirm that the hub and site are connected.

az network vhub connection list \
    --resource-group MyResourceGroup \
    --vhub-name MyHub

Successful output will show the connection state as Connected.

Next Steps

• Configure branch‑to‑branch connections.
• Enable Azure Firewall or Azure Firewall Manager on the hub.
• Set up ExpressRoute for dedicated connectivity.
• Explore hub routing policies and traffic analytics.

For detailed configuration, visit the Configuration guide.