Skip to content

Portal Accelerator: Remove regional VPN Gateways option #2073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Springstone wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Portal Accelerator: Remove regional VPN Gateways option #2073

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
84d5c1a
Remove Non-AZ VPN GW options (#2072)
Springstone Oct 9, 2025
a47390d
Updated What's New text.
Springstone Oct 9, 2025
c356871
Minor text update
Springstone Oct 9, 2025
8bf7b2f
Merge branch 'main' into spring-nonAzVPN
Springstone Oct 15, 2025
aa5dd0e
Merge branch 'main' into spring-nonAzVPN
Springstone Jan 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/wiki/Whats-new.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:

- Implemented default [Cloud Adoption Framework (CAF) naming standards](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming) across all resources. In addition, you now have the flexibility to apply custom naming conventions to suit your unique organizational requirements.
- The portal accelerator now deploys all SKUs of Azure Firewall with the [management NIC](https://learn.microsoft.com/azure/firewall/management-nic) to route its management traffic via the `AzureFirewallManagementSubnet`.
- Updated the ALZ portal accelerator to remove the option to select regional VPN gateways as these are being deprecated. All regions that support VPN gateways now deploy zone redundant VPN gateways by default.
- **NEW** ALZ Portal Accelerator:
- Added support for Bastion and Private DNS Resolver in the portal experience. These can be selected in the networking section of the portal experience.
- For Private DNS Resolver, last mile configuration is required. This requires configuring forwarding rules to your own domain. By default peered networks are not configured to use the Private DNS Resolver. Please see [Private DNS Resolver documentation](https://learn.microsoft.com/azure/dns/resolver/overview) for more information, these need to be updated once Private DNS Resolver is fully configured.
Expand Down
86 changes: 6 additions & 80 deletions eslzArm/eslz-portal.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2628,7 +2628,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy zone redundant or regional VPN Gateway",
"defaultValue": "Zone redundant (recommended)",
"visible": "[and(and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]",
"visible": false,
"toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -2708,7 +2708,7 @@
"selectAll": false,
"filter": false,
"multiLine": true,
"visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), equals(steps('connectivity').gwRegionalOrAz, 'Zone') ,contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]",
"visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]",
"toolTip": "Select the required SKU for the VPN gateway.",
"constraints": {
"allowedValues": [
Expand All @@ -2735,42 +2735,6 @@
]
}
},
{
"name": "gwRegionalSku",
"type": "Microsoft.Common.DropDown",
"label": "Select the VPN Gateway SKU",
"defaultValue": "",
"multiselect": false,
"selectAll": false,
"filter": false,
"multiLine": true,
"visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), equals(steps('connectivity').gwRegionalOrAz, 'Regional'))]",
"toolTip": "Select the required SKU for the VPN gateway.",
"constraints": {
"allowedValues": [
{
"label": "VpnGw2",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps",
"value": "VpnGw2"
},
{
"label": "VpnGw3",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps",
"value": "VpnGw3"
},
{
"label": "VpnGw4",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps",
"value": "VpnGw4"
},
{
"label": "VpnGw5",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps",
"value": "VpnGw5"
}
]
}
},
{
"name": "vpnGateWayScaleUnit",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -4087,7 +4051,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy zone redundant or regional VPN Gateway in your second region",
"defaultValue": "Zone redundant (recommended)",
"visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]",
"visible": false,
"toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.",
"constraints": {
"allowedValues": [
Expand Down Expand Up @@ -4167,7 +4131,7 @@
"selectAll": false,
"filter": false,
"multiLine": true,
"visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Zone') ,contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]",
"visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]",
"toolTip": "Select the required SKU for the VPN gateway.",
"constraints": {
"allowedValues": [
Expand All @@ -4194,42 +4158,6 @@
]
}
},
{
"name": "gwRegionalSkuSecondary",
"type": "Microsoft.Common.DropDown",
"label": "Select the VPN Gateway SKU for your second region",
"defaultValue": "",
"multiselect": false,
"selectAll": false,
"filter": false,
"multiLine": true,
"visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Regional'))]",
"toolTip": "Select the required SKU for the VPN gateway.",
"constraints": {
"allowedValues": [
{
"label": "VpnGw2",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps",
"value": "VpnGw2"
},
{
"label": "VpnGw3",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps",
"value": "VpnGw3"
},
{
"label": "VpnGw4",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps",
"value": "VpnGw4"
},
{
"label": "VpnGw5",
"description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps",
"value": "VpnGw5"
}
]
}
},
{
"name": "vpnGateWayScaleUnitSecondary",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -10974,9 +10902,8 @@
"enablePrivateDnsZones": "[steps('connectivity').enablePrivateDnsZones]",
"privateDnsZonesToDeploy": "[steps('connectivity').privateDnsZones]",
"enableVpnGw": "[steps('connectivity').enableVpnGw]",
"gwRegionalOrAz": "[steps('connectivity').gwRegionalOrAz]",
"gwRegionalOrAz": "Zone",
"enableVpnActiveActive": "[steps('connectivity').enableVpnActiveActive]",
"gwRegionalSku": "[coalesce(steps('connectivity').gwRegionalSku, steps('connectivity').esGwNoAzSku)]",
"gwAzSku": "[steps('connectivity').gwAzSku]",
"vpnGateWayScaleUnit": "[steps('connectivity').vpnGateWayScaleUnit]",
"subnetMaskForGw": "[steps('connectivity').subnetMaskForGw]",
Expand Down Expand Up @@ -11019,9 +10946,8 @@
"enablePrivateDnsZonesSecondary": "No",
"privateDnsZonesToDeploySecondary": null,
"enableVpnGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary]",
"gwRegionalOrAzSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary]",
"gwRegionalOrAzSecondary": "Zone",
"enableVpnActiveActiveSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnActiveActiveSecondary]",
"gwRegionalSkuSecondary": "[coalesce(steps('connectivity').esNetworkSecondarySubSection.gwRegionalSkuSecondary, steps('connectivity').esNetworkSecondarySubSection.esGwNoAzSkuSecondary)]",
"gwAzSkuSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwAzSkuSecondary]",
"vpnGateWayScaleUnitSecondary": "[steps('connectivity').esNetworkSecondarySubSection.vpnGateWayScaleUnitSecondary]",
"subnetMaskForGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary]",
Expand Down
4 changes: 2 additions & 2 deletions eslzArm/eslzArm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@
},
"gwRegionalOrAz": {
"type": "string",
"defaultValue": ""
"defaultValue": "Zone"
},
"gwRegionalSku": {
"type": "string",
Expand Down Expand Up @@ -685,7 +685,7 @@
},
"gwRegionalOrAzSecondary": {
"type": "string",
"defaultValue": ""
"defaultValue": "Zone"
},
"gwRegionalSkuSecondary": {
"type": "string",
Expand Down
Loading