Skill

azure-virtual-wan

Expert knowledge for Azure Virtual WAN development including troubleshooting, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building, debugging, or optimizing Azure Virtual WAN applications. Not for Azure Virtual Network (use azure-virtual-network), Azure VPN Gateway (use azure-vpn-gateway), Azure ExpressRoute (use azure-expressroute), Azure Traffic Manager (use azure-traffic-manager).

From azure

Install

Run in your terminal

npx claudepluginhub atc-net/atc-agentic-toolkit --plugin azure

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Azure Virtual WAN Skill

This skill provides expert guidance for Azure Virtual WAN. Covers troubleshooting, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.

How to Use This Skill

IMPORTANT for Agent: This file may be large. Use the Category Index below to locate relevant sections, then use read_file with specific line ranges (e.g., L136-L144) to read the sections needed for the user's question This skill requires network access to fetch documentation content. Use mcp_microsoftdocs:microsoft_docs_fetch to retrieve full articles.

Fallback: Use the built-in WebFetch tool if the Microsoft Learn MCP server is not available.

Category Index

Category	Lines	Description
Troubleshooting	L36-L41	Diagnosing and fixing Virtual WAN issues, including P2S VPN client prerequisite checks, connectivity problems, and using built-in tools and diagnostics for troubleshooting.
Decision Making	L42-L47	Guidance on when/how to upgrade Virtual WAN from Basic to Standard, and how to choose Virtual WAN partners and hub locations for your network design.
Architecture & Design Patterns	L48-L73	Designing and routing Virtual WAN hubs: secure internet/branch access, NVA/Azure Firewall patterns, VNet isolation, BGP/ExpressRoute/SD‑WAN integration, DR, and global transit architectures.
Limits & Quotas	L74-L79	P2S VPN client IP pool sizing, scale limits, and Virtual WAN hub routing capabilities, throughput caps, and performance constraints
Security	L80-L92	Configuring secure P2S VPN access in Virtual WAN using Microsoft Entra ID (MFA, app registrations, custom app IDs), Azure VPN Client, role assignments, and Azure Firewall–protected spoke access.
Configuration	L93-L144	Configuring Azure Virtual WAN hubs, routing, BGP, NVAs, Azure Firewall, VPN NAT, P2S/Always On VPN (certs, clients, Entra ID), IPsec policies, and monitoring metrics/logs.
Integrations & Coding Patterns	L145-L152	PowerShell and automation patterns for integrating Virtual WAN with ExpressRoute, SD-WAN/VPN CPEs, RADIUS user groups, and sharing services via Azure Private Link
Deployment	L153-L157	PowerShell-based deployment of cross-tenant VNet connections to Virtual WAN hubs and step-by-step setup of integrated NVAs inside Virtual WAN hubs.

Troubleshooting

Topic	URL
Use Azure VPN Client prerequisites check for P2S	https://learn.microsoft.com/en-us/azure/virtual-wan/azure-vpn-client-prerequisites-check
Troubleshooting tools and diagnostics for Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-troubleshooting-overview

Decision Making

Topic	URL
Decide and perform upgrade from Basic to Standard Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/upgrade-virtual-wan
Select Azure Virtual WAN partners and hub locations	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-locations-partners

Architecture & Design Patterns

Topic	URL
Routing intent patterns to secure internet access	https://learn.microsoft.com/en-us/azure/virtual-wan/about-internet-routing
Use Network Virtual Appliances inside Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/about-nva-hub
Understand Virtual WAN hub routing preference behavior	https://learn.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing-preference
Design disaster recovery architecture for Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/disaster-recovery-design
Architect China interconnect using Virtual WAN secured hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/interconnect-china
Migrate hub-and-spoke networks to Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology
Deep dive into Azure Virtual WAN routing behavior	https://learn.microsoft.com/en-us/azure/virtual-wan/routing-deep-dive
Connect Microsoft 365 via ExpressRoute private peering in Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-365-expressroute-private
Implement any-to-any routing with Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-any-to-any
Configure BGP peering with Azure Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-bgp-peering-hub
Isolate VNets and branches with Virtual WAN and Azure Firewall	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-isolate-virtual-networks-branches
Design Virtual WAN routing to isolate VNets	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-isolate-vnets
Configure custom VNet isolation with Virtual WAN routing	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-isolate-vnets-custom
Use Azure Firewall for branch and internet traffic in Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-route-between-vnets-firewall
Route branch and VNet traffic through NVAs in Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-route-through-nva
Use custom NVA routing for internet and branch traffic	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-route-through-nvas-custom
Secure Application Gateway traffic via Virtual WAN secured hub	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-secured-hub-app-gateway
Route to shared services VNets using Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-shared-services-vnet
Integrate private SD-WAN with Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/sd-wan-connectivity-architecture
Select third-party integrations in Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/third-party-integrations
Choose connectivity options between Azure Virtual WANs	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-connectivity
Design global transit network architecture with Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-global-transit-network-architecture

Limits & Quotas

Topic	URL
Plan P2S client address pools and scale for Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/about-client-address-pools
Virtual hub routing capabilities and throughput limits	https://learn.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing

Security

Topic	URL
Secure P2S client access to spoke VNets with Azure Firewall	https://learn.microsoft.com/en-us/azure/virtual-wan/manage-secure-access-resources-spoke-p2s
Enable Microsoft Entra multifactor authentication for VPN users	https://learn.microsoft.com/en-us/azure/virtual-wan/openvpn-azure-ad-mfa
Configure a Microsoft Entra tenant for Virtual WAN P2S OpenVPN	https://learn.microsoft.com/en-us/azure/virtual-wan/openvpn-azure-ad-tenant
Configure multiple Entra apps for segmented P2S VPN access	https://learn.microsoft.com/en-us/azure/virtual-wan/openvpn-azure-ad-tenant-multi-app
Migrate P2S VPN to Microsoft-registered Azure VPN Client app	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-gateway-update
Create custom Entra app IDs for P2S VPN authentication	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-register-custom-app
Configure Azure VPN Client for P2S with Microsoft Entra ID	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-vpn-client-windows
Assign roles and permissions for Azure Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/roles-permissions
Configure P2S User VPN with Microsoft Entra ID authentication	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-point-to-site-azure-ad

Configuration

Topic	URL
Work with Azure Virtual WAN User VPN client profiles	https://learn.microsoft.com/en-us/azure/virtual-wan/about-vpn-profile-download
Configure optional Azure VPN Client OpenVPN settings	https://learn.microsoft.com/en-us/azure/virtual-wan/azure-vpn-client-optional-configurations
Azure VPN Client version and feature reference	https://learn.microsoft.com/en-us/azure/virtual-wan/azure-vpn-client-versions
Generate P2S User VPN certificates using PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/certificates-point-to-site
Generate P2S User VPN certificates using MakeCert	https://learn.microsoft.com/en-us/azure/virtual-wan/certificates-point-to-site-makecert
Configure BGP peering from Virtual WAN hub to NVA (portal)	https://learn.microsoft.com/en-us/azure/virtual-wan/create-bgp-peering-hub-portal
Configure BGP peering from Virtual WAN hub to NVA (PowerShell)	https://learn.microsoft.com/en-us/azure/virtual-wan/create-bgp-peering-hub-powershell
View effective routes for a Virtual WAN hub	https://learn.microsoft.com/en-us/azure/virtual-wan/effective-routes-virtual-hub
Configure and understand Virtual WAN gateway settings	https://learn.microsoft.com/en-us/azure/virtual-wan/gateway-settings
Configure forced tunneling for Virtual WAN P2S VPN	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-forced-tunnel
Manage IP configurations for NVAs in Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-network-virtual-appliance-add-ip-configurations
Configure DNAT for Virtual WAN integrated NVAs	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-network-virtual-appliance-inbound
Configure Palo Alto Cloud NGFW in Azure Virtual WAN hub	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-palo-alto-cloud-ngfw
Configure Virtual WAN hub routing policies (intent)	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-routing-policies
Configure virtual hub routing in Azure portal	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing
Configure virtual hub routing with Azure PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing-powershell
Set virtual hub routing preference with PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing-preference-powershell
Configure Always On VPN device tunnels for Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/howto-always-on-device-tunnel
Configure Always On VPN user tunnels for Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/howto-always-on-user-tunnel
Configure Azure Firewall in a Virtual WAN secured hub	https://learn.microsoft.com/en-us/azure/virtual-wan/howto-firewall
Set virtual hub routing preference in Azure portal	https://learn.microsoft.com/en-us/azure/virtual-wan/howto-virtual-hub-routing-preference
Configure Azure Virtual WAN hub settings and scale units	https://learn.microsoft.com/en-us/azure/virtual-wan/hub-settings
Reference monitoring metrics and logs for Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/monitor-virtual-wan-reference
Configure VPN NAT rules on Azure Virtual WAN gateways	https://learn.microsoft.com/en-us/azure/virtual-wan/nat-rules-vpn-gateway
Configure VPN NAT rules for Virtual WAN using PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/nat-rules-vpn-gateway-powershell
Use next hop IP and BGP peering in Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/next-hop-ip
Configure Azure path selection across multiple WAN links	https://learn.microsoft.com/en-us/azure/virtual-wan/path-selection-multiple-links
Generate P2S User VPN certificates on Linux with OpenSSL	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-certificates-linux-openssl
Generate P2S User VPN certificates on Linux with strongSwan	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-certificates-linux-strongswan
Configure Entra ID P2S VPN with Microsoft-registered client	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-gateway
Configure Azure VPN Client with Entra ID on Linux	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-vpn-client-linux
Configure Azure VPN Client with Entra ID on macOS	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-entra-vpn-client-mac
Reference IPsec policy combinations for Virtual WAN P2S	https://learn.microsoft.com/en-us/azure/virtual-wan/point-to-site-ipsec
Understand and configure Virtual WAN Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-about
Drop inbound branch routes with Virtual WAN Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-drop-inbound-branch-sites
Configure Route-maps for Azure Virtual WAN hubs	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-how-to
Summarize routes leaving Virtual WAN using Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-how-to-summarize-routes-leaving-your-virtual-wan
Prepend routes using Virtual WAN Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-prepend-routes
Summarize NVA spoke routes with Virtual WAN Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-summarize-from-device-spoke-vnet-nva
Tag routes using Virtual WAN Route-maps	https://learn.microsoft.com/en-us/azure/virtual-wan/route-maps-tag-routes
Understand user groups and IP pools for P2S VPN	https://learn.microsoft.com/en-us/azure/virtual-wan/user-groups-about
Configure P2S user groups and IP address pools	https://learn.microsoft.com/en-us/azure/virtual-wan/user-groups-create
Configure custom IPsec policies for Virtual WAN in the portal	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-custom-ipsec-portal
Reference IPsec policy combinations for Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-ipsec
Create virtual hub route tables to NVAs via PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-route-table-nva
Create virtual hub route tables to NVAs via portal	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-route-table-nva-portal
Configure IPsec over ExpressRoute in Azure Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/vpn-over-expressroute
Create Intune custom profiles for Azure VPN clients	https://learn.microsoft.com/en-us/azure/virtual-wan/vpn-profile-intune

Integrations & Coding Patterns

Topic	URL
Create ExpressRoute associations to Virtual WAN via PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/expressroute-powershell
Share Azure Private Link services via Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/howto-private-link
Configure RADIUS VSAs for Virtual WAN user groups	https://learn.microsoft.com/en-us/azure/virtual-wan/user-groups-radius
Automate SD-WAN and VPN CPE integration with Virtual WAN	https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-configure-automation-providers

Deployment

Topic	URL
Connect cross-tenant VNets to Virtual WAN hubs with PowerShell	https://learn.microsoft.com/en-us/azure/virtual-wan/cross-tenant-vnet
Deploy an integrated NVA in an Azure Virtual WAN hub	https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-nva-hub

Similar Skills

payload

11 files

Use when working with Payload CMS projects (payload.config.ts, collections, fields, hooks, access control, Payload API). Use when debugging validation errors, security issues, relationship queries, transactions, or hook behavior.

41.4k

data-quality-frameworks

Implement data quality validation with Great Expectations, dbt tests, and data contracts. Use when building data quality pipelines, implementing validation rules, or establishing data contracts.

32.2k

airflow-dag-patterns

Build production Apache Airflow DAGs with best practices for operators, sensors, testing, and deployment. Use when creating data pipelines, orchestrating workflows, or scheduling batch jobs.

32.2k

Stats

Parent Repo Stars0

Parent Repo Forks1

Last CommitMar 19, 2026

Actions

View Source View Plugin View on GitHub View README