Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The serviceGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/serviceGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/serviceGateways@2025-05-01' = {
location: 'string'
name: 'string'
properties: {
routeTargetAddress: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
subnet: {
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
networkIdentifier: {
id: 'string'
}
service: 'string'
}
]
serviceGateway: {
id: 'string'
}
sharingScope: 'string'
}
}
}
routeTargetAddressV6: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
subnet: {
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
networkIdentifier: {
id: 'string'
}
service: 'string'
}
]
serviceGateway: {
id: 'string'
}
sharingScope: 'string'
}
}
}
virtualNetwork: {
extendedLocation: {
name: 'string'
type: 'string'
}
id: 'string'
location: 'string'
properties: {
addressSpace: {
addressPrefixes: [
'string'
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
}
bgpCommunities: {
virtualNetworkCommunity: 'string'
}
ddosProtectionPlan: {
id: 'string'
}
dhcpOptions: {
dnsServers: [
'string'
]
}
enableDdosProtection: bool
enableVmProtection: bool
encryption: {
enabled: bool
enforcement: 'string'
}
flowTimeoutInMinutes: int
ipAllocations: [
{
id: 'string'
}
]
privateEndpointVNetPolicies: 'string'
subnets: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
networkIdentifier: {
id: 'string'
}
service: 'string'
}
]
serviceGateway: {
id: 'string'
}
sharingScope: 'string'
}
}
]
virtualNetworkPeerings: [
{
id: 'string'
name: 'string'
properties: {
allowForwardedTraffic: bool
allowGatewayTransit: bool
allowVirtualNetworkAccess: bool
doNotVerifyRemoteGateways: bool
enableOnlyIPv6Peering: bool
localAddressSpace: {
addressPrefixes: [
'string'
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
}
localSubnetNames: [
'string'
]
localVirtualNetworkAddressSpace: {
addressPrefixes: [
'string'
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
}
peerCompleteVnets: bool
peeringState: 'string'
peeringSyncLevel: 'string'
remoteAddressSpace: {
addressPrefixes: [
'string'
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
}
remoteBgpCommunities: {
virtualNetworkCommunity: 'string'
}
remoteSubnetNames: [
'string'
]
remoteVirtualNetwork: {
id: 'string'
}
remoteVirtualNetworkAddressSpace: {
addressPrefixes: [
'string'
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
}
useRemoteGateways: bool
}
}
]
}
tags: {
{customized property}: 'string'
}
}
}
sku: {
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property Values
Microsoft.Network/serviceGateways
| Name | Description | Value |
|---|---|---|
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of service gateway. | ServiceGatewayPropertiesFormat |
| sku | The service gateway SKU. | ServiceGatewaySku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| zones | A list of availability zones denoting the zone in which service gateway should be deployed. - The zone values must be provided as strings representing numeric identifiers like "1", "2", "3" etc. |
string[] |
AddressSpace
| Name | Description | Value |
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
ApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
Delegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
| type | Resource type. | string |
DhcpOptions
| Name | Description | Value |
|---|---|---|
| dnsServers | The list of DNS servers IP addresses. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
IpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | IpamPoolPrefixAllocationPool |
IpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | SecurityRule[] |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
RouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | RouteTablePropertiesFormat |
| tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | Route[] |
RouteTargetAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | The private IPv4 or IPv6 address of the service gateway route target address. | string |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | Subnet |
SecurityPerimeterTrackedResourceTags
| Name | Description | Value |
|---|
SecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
ServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
ServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | SubResource |
| service | The type of the endpoint service. | string |
ServiceGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| routeTargetAddress | Route Target address of Service gateway | RouteTargetAddressPropertiesFormat |
| routeTargetAddressV6 | Route Target address V6 of Service gateway | RouteTargetAddressPropertiesFormat |
| virtualNetwork | Reference to an existing virtual network. | VirtualNetwork |
ServiceGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of a service gateway SKU. | 'Standard' |
| tier | Tier of a service gateway SKU. | 'Regional' |
Subnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | Delegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | SubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | RouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | SubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
VirtualNetwork
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the virtual network. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the virtual network. | VirtualNetworkPropertiesFormat |
| tags | Resource tags. | ResourceTags |
VirtualNetworkBgpCommunities
| Name | Description | Value |
|---|---|---|
| virtualNetworkCommunity | The BGP community associated with the virtual network. | string (required) |
VirtualNetworkEncryption
| Name | Description | Value |
|---|---|---|
| enabled | Indicates if encryption is enabled on the virtual network. | bool (required) |
| enforcement | If the encrypted VNet allows VM that does not support encryption. This field is for future support, AllowUnencrypted is the only supported value at general availability. | 'AllowUnencrypted' 'DropUnencrypted' |
VirtualNetworkPeering
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the virtual network peering. | VirtualNetworkPeeringPropertiesFormat |
VirtualNetworkPeeringPropertiesFormat
| Name | Description | Value |
|---|---|---|
| allowForwardedTraffic | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | bool |
| allowGatewayTransit | If gateway links can be used in remote virtual networking to link to this virtual network. | bool |
| allowVirtualNetworkAccess | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | bool |
| doNotVerifyRemoteGateways | If we need to verify the provisioning state of the remote gateway. | bool |
| enableOnlyIPv6Peering | Whether only Ipv6 address space is peered for subnet peering. | bool |
| localAddressSpace | The local address space of the local virtual network that is peered. | AddressSpace |
| localSubnetNames | List of local subnet names that are subnet peered with remote virtual network. | string[] |
| localVirtualNetworkAddressSpace | The current local address space of the local virtual network that is peered. | AddressSpace |
| peerCompleteVnets | Whether complete virtual network address space is peered. | bool |
| peeringState | The status of the virtual network peering. | 'Connected' 'Disconnected' 'Initiated' |
| peeringSyncLevel | The peering sync status of the virtual network peering. | 'FullyInSync' 'LocalAndRemoteNotInSync' 'LocalNotInSync' 'RemoteNotInSync' |
| remoteAddressSpace | The reference to the address space peered with the remote virtual network. | AddressSpace |
| remoteBgpCommunities | The reference to the remote virtual network's Bgp Communities. | VirtualNetworkBgpCommunities |
| remoteSubnetNames | List of remote subnet names from remote virtual network that are subnet peered. | string[] |
| remoteVirtualNetwork | The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). | SubResource |
| remoteVirtualNetworkAddressSpace | The reference to the current address space of the remote virtual network. | AddressSpace |
| useRemoteGateways | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. | bool |
VirtualNetworkPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressSpace | The AddressSpace that contains an array of IP address ranges that can be used by subnets. | AddressSpace |
| bgpCommunities | Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. | VirtualNetworkBgpCommunities |
| ddosProtectionPlan | The DDoS protection plan associated with the virtual network. | SubResource |
| dhcpOptions | The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. | DhcpOptions |
| enableDdosProtection | Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. | bool |
| enableVmProtection | Indicates if VM protection is enabled for all the subnets in the virtual network. | bool |
| encryption | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. | VirtualNetworkEncryption |
| flowTimeoutInMinutes | The FlowTimeout value (in minutes) for the Virtual Network | int |
| ipAllocations | Array of IpAllocation which reference this VNET. | SubResource[] |
| privateEndpointVNetPolicies | Private Endpoint VNet Policies. | 'Basic' 'Disabled' |
| subnets | A list of subnets in a Virtual Network. | Subnet[] |
| virtualNetworkPeerings | A list of peerings in a Virtual Network. | VirtualNetworkPeering[] |
ARM template resource definition
The serviceGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/serviceGateways resource, add the following JSON to your template.
{
"type": "Microsoft.Network/serviceGateways",
"apiVersion": "2025-05-01",
"name": "string",
"location": "string",
"properties": {
"routeTargetAddress": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"networkIdentifier": {
"id": "string"
},
"service": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sharingScope": "string"
}
}
},
"routeTargetAddressV6": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"networkIdentifier": {
"id": "string"
},
"service": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sharingScope": "string"
}
}
},
"virtualNetwork": {
"extendedLocation": {
"name": "string",
"type": "string"
},
"id": "string",
"location": "string",
"properties": {
"addressSpace": {
"addressPrefixes": [ "string" ],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
]
},
"bgpCommunities": {
"virtualNetworkCommunity": "string"
},
"ddosProtectionPlan": {
"id": "string"
},
"dhcpOptions": {
"dnsServers": [ "string" ]
},
"enableDdosProtection": "bool",
"enableVmProtection": "bool",
"encryption": {
"enabled": "bool",
"enforcement": "string"
},
"flowTimeoutInMinutes": "int",
"ipAllocations": [
{
"id": "string"
}
],
"privateEndpointVNetPolicies": "string",
"subnets": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"networkIdentifier": {
"id": "string"
},
"service": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sharingScope": "string"
}
}
],
"virtualNetworkPeerings": [
{
"id": "string",
"name": "string",
"properties": {
"allowForwardedTraffic": "bool",
"allowGatewayTransit": "bool",
"allowVirtualNetworkAccess": "bool",
"doNotVerifyRemoteGateways": "bool",
"enableOnlyIPv6Peering": "bool",
"localAddressSpace": {
"addressPrefixes": [ "string" ],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
]
},
"localSubnetNames": [ "string" ],
"localVirtualNetworkAddressSpace": {
"addressPrefixes": [ "string" ],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
]
},
"peerCompleteVnets": "bool",
"peeringState": "string",
"peeringSyncLevel": "string",
"remoteAddressSpace": {
"addressPrefixes": [ "string" ],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
]
},
"remoteBgpCommunities": {
"virtualNetworkCommunity": "string"
},
"remoteSubnetNames": [ "string" ],
"remoteVirtualNetwork": {
"id": "string"
},
"remoteVirtualNetworkAddressSpace": {
"addressPrefixes": [ "string" ],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
]
},
"useRemoteGateways": "bool"
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
},
"sku": {
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property Values
Microsoft.Network/serviceGateways
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-05-01' |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of service gateway. | ServiceGatewayPropertiesFormat |
| sku | The service gateway SKU. | ServiceGatewaySku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/serviceGateways' |
| zones | A list of availability zones denoting the zone in which service gateway should be deployed. - The zone values must be provided as strings representing numeric identifiers like "1", "2", "3" etc. |
string[] |
AddressSpace
| Name | Description | Value |
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
ApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
Delegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
| type | Resource type. | string |
DhcpOptions
| Name | Description | Value |
|---|---|---|
| dnsServers | The list of DNS servers IP addresses. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
IpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | IpamPoolPrefixAllocationPool |
IpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | SecurityRule[] |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
RouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | RouteTablePropertiesFormat |
| tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | Route[] |
RouteTargetAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | The private IPv4 or IPv6 address of the service gateway route target address. | string |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | Subnet |
SecurityPerimeterTrackedResourceTags
| Name | Description | Value |
|---|
SecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
ServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
ServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | SubResource |
| service | The type of the endpoint service. | string |
ServiceGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| routeTargetAddress | Route Target address of Service gateway | RouteTargetAddressPropertiesFormat |
| routeTargetAddressV6 | Route Target address V6 of Service gateway | RouteTargetAddressPropertiesFormat |
| virtualNetwork | Reference to an existing virtual network. | VirtualNetwork |
ServiceGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of a service gateway SKU. | 'Standard' |
| tier | Tier of a service gateway SKU. | 'Regional' |
Subnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | Delegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | SubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | RouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | SubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
VirtualNetwork
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the virtual network. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the virtual network. | VirtualNetworkPropertiesFormat |
| tags | Resource tags. | ResourceTags |
VirtualNetworkBgpCommunities
| Name | Description | Value |
|---|---|---|
| virtualNetworkCommunity | The BGP community associated with the virtual network. | string (required) |
VirtualNetworkEncryption
| Name | Description | Value |
|---|---|---|
| enabled | Indicates if encryption is enabled on the virtual network. | bool (required) |
| enforcement | If the encrypted VNet allows VM that does not support encryption. This field is for future support, AllowUnencrypted is the only supported value at general availability. | 'AllowUnencrypted' 'DropUnencrypted' |
VirtualNetworkPeering
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the virtual network peering. | VirtualNetworkPeeringPropertiesFormat |
VirtualNetworkPeeringPropertiesFormat
| Name | Description | Value |
|---|---|---|
| allowForwardedTraffic | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | bool |
| allowGatewayTransit | If gateway links can be used in remote virtual networking to link to this virtual network. | bool |
| allowVirtualNetworkAccess | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | bool |
| doNotVerifyRemoteGateways | If we need to verify the provisioning state of the remote gateway. | bool |
| enableOnlyIPv6Peering | Whether only Ipv6 address space is peered for subnet peering. | bool |
| localAddressSpace | The local address space of the local virtual network that is peered. | AddressSpace |
| localSubnetNames | List of local subnet names that are subnet peered with remote virtual network. | string[] |
| localVirtualNetworkAddressSpace | The current local address space of the local virtual network that is peered. | AddressSpace |
| peerCompleteVnets | Whether complete virtual network address space is peered. | bool |
| peeringState | The status of the virtual network peering. | 'Connected' 'Disconnected' 'Initiated' |
| peeringSyncLevel | The peering sync status of the virtual network peering. | 'FullyInSync' 'LocalAndRemoteNotInSync' 'LocalNotInSync' 'RemoteNotInSync' |
| remoteAddressSpace | The reference to the address space peered with the remote virtual network. | AddressSpace |
| remoteBgpCommunities | The reference to the remote virtual network's Bgp Communities. | VirtualNetworkBgpCommunities |
| remoteSubnetNames | List of remote subnet names from remote virtual network that are subnet peered. | string[] |
| remoteVirtualNetwork | The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). | SubResource |
| remoteVirtualNetworkAddressSpace | The reference to the current address space of the remote virtual network. | AddressSpace |
| useRemoteGateways | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. | bool |
VirtualNetworkPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressSpace | The AddressSpace that contains an array of IP address ranges that can be used by subnets. | AddressSpace |
| bgpCommunities | Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. | VirtualNetworkBgpCommunities |
| ddosProtectionPlan | The DDoS protection plan associated with the virtual network. | SubResource |
| dhcpOptions | The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. | DhcpOptions |
| enableDdosProtection | Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. | bool |
| enableVmProtection | Indicates if VM protection is enabled for all the subnets in the virtual network. | bool |
| encryption | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. | VirtualNetworkEncryption |
| flowTimeoutInMinutes | The FlowTimeout value (in minutes) for the Virtual Network | int |
| ipAllocations | Array of IpAllocation which reference this VNET. | SubResource[] |
| privateEndpointVNetPolicies | Private Endpoint VNet Policies. | 'Basic' 'Disabled' |
| subnets | A list of subnets in a Virtual Network. | Subnet[] |
| virtualNetworkPeerings | A list of peerings in a Virtual Network. | VirtualNetworkPeering[] |
Usage Examples
Terraform (AzAPI provider) resource definition
The serviceGateways resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/serviceGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/serviceGateways@2025-05-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
routeTargetAddress = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
subnet = {
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
networkIdentifier = {
id = "string"
}
service = "string"
}
]
serviceGateway = {
id = "string"
}
sharingScope = "string"
}
}
}
routeTargetAddressV6 = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
subnet = {
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
networkIdentifier = {
id = "string"
}
service = "string"
}
]
serviceGateway = {
id = "string"
}
sharingScope = "string"
}
}
}
virtualNetwork = {
extendedLocation = {
name = "string"
type = "string"
}
id = "string"
location = "string"
properties = {
addressSpace = {
addressPrefixes = [
"string"
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
}
bgpCommunities = {
virtualNetworkCommunity = "string"
}
ddosProtectionPlan = {
id = "string"
}
dhcpOptions = {
dnsServers = [
"string"
]
}
enableDdosProtection = bool
enableVmProtection = bool
encryption = {
enabled = bool
enforcement = "string"
}
flowTimeoutInMinutes = int
ipAllocations = [
{
id = "string"
}
]
privateEndpointVNetPolicies = "string"
subnets = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
networkIdentifier = {
id = "string"
}
service = "string"
}
]
serviceGateway = {
id = "string"
}
sharingScope = "string"
}
}
]
virtualNetworkPeerings = [
{
id = "string"
name = "string"
properties = {
allowForwardedTraffic = bool
allowGatewayTransit = bool
allowVirtualNetworkAccess = bool
doNotVerifyRemoteGateways = bool
enableOnlyIPv6Peering = bool
localAddressSpace = {
addressPrefixes = [
"string"
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
}
localSubnetNames = [
"string"
]
localVirtualNetworkAddressSpace = {
addressPrefixes = [
"string"
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
}
peerCompleteVnets = bool
peeringState = "string"
peeringSyncLevel = "string"
remoteAddressSpace = {
addressPrefixes = [
"string"
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
}
remoteBgpCommunities = {
virtualNetworkCommunity = "string"
}
remoteSubnetNames = [
"string"
]
remoteVirtualNetwork = {
id = "string"
}
remoteVirtualNetworkAddressSpace = {
addressPrefixes = [
"string"
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
}
useRemoteGateways = bool
}
}
]
}
tags = {
{customized property} = "string"
}
}
}
sku = {
name = "string"
tier = "string"
}
zones = [
"string"
]
}
}
Property Values
Microsoft.Network/serviceGateways
| Name | Description | Value |
|---|---|---|
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of service gateway. | ServiceGatewayPropertiesFormat |
| sku | The service gateway SKU. | ServiceGatewaySku |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/serviceGateways@2025-05-01" |
| zones | A list of availability zones denoting the zone in which service gateway should be deployed. - The zone values must be provided as strings representing numeric identifiers like "1", "2", "3" etc. |
string[] |
AddressSpace
| Name | Description | Value |
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
ApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
ApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
ApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
Delegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
| type | Resource type. | string |
DhcpOptions
| Name | Description | Value |
|---|---|---|
| dnsServers | The list of DNS servers IP addresses. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
IpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | IpamPoolPrefixAllocationPool |
IpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | SecurityRule[] |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
RouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | RouteTablePropertiesFormat |
| tags | Resource tags. | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | Route[] |
RouteTargetAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | The private IPv4 or IPv6 address of the service gateway route target address. | string |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | Subnet |
SecurityPerimeterTrackedResourceTags
| Name | Description | Value |
|---|
SecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
ServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
ServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | ResourceTags |
ServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
ServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
ServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
ServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | SubResource |
| service | The type of the endpoint service. | string |
ServiceGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| routeTargetAddress | Route Target address of Service gateway | RouteTargetAddressPropertiesFormat |
| routeTargetAddressV6 | Route Target address V6 of Service gateway | RouteTargetAddressPropertiesFormat |
| virtualNetwork | Reference to an existing virtual network. | VirtualNetwork |
ServiceGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of a service gateway SKU. | 'Standard' |
| tier | Tier of a service gateway SKU. | 'Regional' |
Subnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | ApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | Delegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | SubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | IpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | SubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | NetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | RouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | SubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
VirtualNetwork
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the virtual network. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the virtual network. | VirtualNetworkPropertiesFormat |
| tags | Resource tags. | ResourceTags |
VirtualNetworkBgpCommunities
| Name | Description | Value |
|---|---|---|
| virtualNetworkCommunity | The BGP community associated with the virtual network. | string (required) |
VirtualNetworkEncryption
| Name | Description | Value |
|---|---|---|
| enabled | Indicates if encryption is enabled on the virtual network. | bool (required) |
| enforcement | If the encrypted VNet allows VM that does not support encryption. This field is for future support, AllowUnencrypted is the only supported value at general availability. | 'AllowUnencrypted' 'DropUnencrypted' |
VirtualNetworkPeering
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the virtual network peering. | VirtualNetworkPeeringPropertiesFormat |
VirtualNetworkPeeringPropertiesFormat
| Name | Description | Value |
|---|---|---|
| allowForwardedTraffic | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | bool |
| allowGatewayTransit | If gateway links can be used in remote virtual networking to link to this virtual network. | bool |
| allowVirtualNetworkAccess | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | bool |
| doNotVerifyRemoteGateways | If we need to verify the provisioning state of the remote gateway. | bool |
| enableOnlyIPv6Peering | Whether only Ipv6 address space is peered for subnet peering. | bool |
| localAddressSpace | The local address space of the local virtual network that is peered. | AddressSpace |
| localSubnetNames | List of local subnet names that are subnet peered with remote virtual network. | string[] |
| localVirtualNetworkAddressSpace | The current local address space of the local virtual network that is peered. | AddressSpace |
| peerCompleteVnets | Whether complete virtual network address space is peered. | bool |
| peeringState | The status of the virtual network peering. | 'Connected' 'Disconnected' 'Initiated' |
| peeringSyncLevel | The peering sync status of the virtual network peering. | 'FullyInSync' 'LocalAndRemoteNotInSync' 'LocalNotInSync' 'RemoteNotInSync' |
| remoteAddressSpace | The reference to the address space peered with the remote virtual network. | AddressSpace |
| remoteBgpCommunities | The reference to the remote virtual network's Bgp Communities. | VirtualNetworkBgpCommunities |
| remoteSubnetNames | List of remote subnet names from remote virtual network that are subnet peered. | string[] |
| remoteVirtualNetwork | The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (/azure/virtual-network/virtual-network-create-peering). | SubResource |
| remoteVirtualNetworkAddressSpace | The reference to the current address space of the remote virtual network. | AddressSpace |
| useRemoteGateways | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. | bool |
VirtualNetworkPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressSpace | The AddressSpace that contains an array of IP address ranges that can be used by subnets. | AddressSpace |
| bgpCommunities | Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. | VirtualNetworkBgpCommunities |
| ddosProtectionPlan | The DDoS protection plan associated with the virtual network. | SubResource |
| dhcpOptions | The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. | DhcpOptions |
| enableDdosProtection | Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource. | bool |
| enableVmProtection | Indicates if VM protection is enabled for all the subnets in the virtual network. | bool |
| encryption | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. | VirtualNetworkEncryption |
| flowTimeoutInMinutes | The FlowTimeout value (in minutes) for the Virtual Network | int |
| ipAllocations | Array of IpAllocation which reference this VNET. | SubResource[] |
| privateEndpointVNetPolicies | Private Endpoint VNet Policies. | 'Basic' 'Disabled' |
| subnets | A list of subnets in a Virtual Network. | Subnet[] |
| virtualNetworkPeerings | A list of peerings in a Virtual Network. | VirtualNetworkPeering[] |