freshness review

Author: cherylmc

articles/vpn-gateway/point-to-site-certificate-gateway.md

@@ -5,12 +5,12 @@ description: Learn how to configure VPN Gateway server settings for point-to-sit
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 11/07/2024
+ms.date: 03/10/2025
 ms.author: cherylmc
 ---
 # Configure server settings for P2S VPN Gateway certificate authentication
 
-This article helps you configure the necessary VPN Gateway point-to-site (P2S) server settings to let you securely connect individual clients running Windows, Linux, or macOS to an Azure virtual network (VNet). P2S VPN connections are useful when you want to connect to your virtual network from a remote location, such as when you're telecommuting from home or a conference. You can also use P2S instead of a site-to-site (S2S) VPN when you have only a few clients that need to connect to a virtual network.
+This article helps you configure the necessary VPN Gateway point-to-site (P2S) server settings to let you securely connect from individual client computers running Windows, Linux, or macOS to an Azure virtual network (VNet). P2S VPN connections are useful when you want to connect to your virtual network from a remote location, such as when you're telecommuting from home or a conference. You can also use P2S instead of a site-to-site (S2S) VPN when you have only a few clients that need to connect to a virtual network.
 
 P2S connections don't require a VPN device or a public-facing IP address. There are various different configuration options available for P2S. For more information about point-to-site VPN, see [About point-to-site VPN](point-to-site-about.md).
 
@@ -22,12 +22,11 @@ The steps in this article use the Azure portal to configure your Azure VPN gatew
 
 ## Prerequisites
 
-This article assumes the following prerequisites:
+This article assumes that you have already created a route-based VPN gateway that's compatible with the P2S configuration that you want to create, the authentication method that you want to use, and the connecting VPN clients.
 
-* An Azure virtual network.
-* A route-based VPN gateway that's compatible with the P2S configuration that you want to create and the connecting VPN clients. To help determine the P2S configuration that you need, see the [VPN client table](#type). If your gateway uses the Basic SKU, understand that the Basic SKU has P2S limitations and doesn't support IKEv2 or RADIUS authentication. For more information, see [About gateway SKUs](about-gateway-skus.md).
-
-If you don't yet have a functioning VPN gateway that's compatible with the P2S configuration that you want to create, see [Create and manage a VPN gateway](tutorial-create-gateway-portal.md). Create a compatible VPN gateway, then return to this article to configure P2S settings.
+* If you don't yet have a VPN gateway, see [Create and manage a VPN gateway](tutorial-create-gateway-portal.md), then return to this page to configure the point-to-site VPN gateway settings.
+* To help determine the P2S configuration that you need, see the [VPN client table](#type).
+* If you have a VPN gateway that uses the Basic SKU, understand that the Basic SKU has P2S limitations and doesn't support IKEv2 or RADIUS authentication. For more information, see [About gateway SKUs](about-gateway-skus.md).
 
 ## <a name="generatecert"></a>Generate certificates
 

articles/vpn-gateway/tutorial-create-gateway-portal.md

@@ -6,7 +6,7 @@ author: cherylmc
 ms.author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: tutorial
-ms.date: 11/20/2024
+ms.date: 03/10/2025
 
 ---
 
@@ -18,6 +18,7 @@ This tutorial helps you create and manage a virtual network gateway (VPN gateway
 
 * The left side of the diagram shows the virtual network and the VPN gateway that you create by using the steps in this article.
 * You can later add different types of connections, as shown on the right side of the diagram. For example, you can create [site-to-site](tutorial-site-to-site-portal.md) and [point-to-site](point-to-site-about.md) connections. To view different design architectures that you can build, see [VPN gateway design](design.md).
+* For more information about Azure VPN Gateway, see [What is Azure VPN Gateway](vpn-gateway-about-vpngateways.md)? If you want to learn more about the configuration settings used in this tutorial, see [About VPN Gateway configuration settings](vpn-gateway-about-vpn-gateway-settings.md).
 
 In this tutorial, you learn how to:
 
@@ -28,12 +29,6 @@ In this tutorial, you learn how to:
 > * Resize a VPN gateway (resize SKU).
 > * Reset a VPN gateway.
 
-* If you want to learn more about the configuration settings used in this tutorial, see [About VPN Gateway configuration settings](vpn-gateway-about-vpn-gateway-settings.md).
-* For more information about Azure VPN Gateway, see [What is Azure VPN Gateway](vpn-gateway-about-vpngateways.md).
-* If you want to create a gateway using the Basic SKU (instead of VpnGw2AZ), see [Create a Basic SKU VPN gateway](create-gateway-basic-sku-powershell.md).
-* For more information about active-active mode gateways, see [About active-active mode](about-active-active-gateways.md).
-* For more information about zone-redundant gateways, see [About zone-redundant gateways](about-zone-redundant-vnet-gateways.md).
-
 > [!NOTE]
 > [!INCLUDE [AZ SKU region support note](../../includes/vpn-gateway-az-regions-support-include.md)]
 
@@ -43,18 +38,11 @@ You need an Azure account with an active subscription. If you don't have one, [c
 
 ## <a name="CreateVNet"></a>Create a virtual network
 
-Create a virtual network using the following example values:
-
-* **Resource group:** TestRG1
-* **Name:** VNet1
-* **Region:** (US) East US (or region of your choosing)
-* **IPv4 address space:** 10.1.0.0/16
-* **Subnet name:** Use the default name, or specify a name. Example: FrontEnd
-* **Subnet address space:** 10.1.0.0/24
+This article uses the Azure portal to create a virtual network. You can also use a different tool or method to create a virtual network. For more information or steps, see [Create a virtual network](../virtual-network/quick-create-portal.md). For this exercise, the virtual network doesn't require the configuration of additional services, such as [Azure Bastion](../bastion/bastion-overview.md) or [DDoS Protection](../ddos-protection/ddos-protection-overview.md). However, you can add these services if you want to use them.
 
-[!INCLUDE [Create a VNet](../../includes/vpn-gateway-basic-vnet-rm-portal-include.md)]
+[!INCLUDE [Virtual network values](../../includes/vpn-gateway-virtual-network-values.md)]
 
-After you create your virtual network, you can optionally configure Azure DDoS Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS Protection, see [What is Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md).
+[!INCLUDE [Create a VNet](../../includes/vpn-gateway-virtual-network-steps.md)]
 
 ## Create a gateway subnet
 
@@ -66,40 +54,24 @@ After you create your virtual network, you can optionally configure Azure DDoS P
 
 ## <a name="VNetGateway"></a>Create a VPN gateway
 
-In this section, you create the virtual network gateway (VPN gateway) for your virtual network. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU.
-
-Create a gateway using the following values:
-
-* **Name**: VNet1GW
-* **Gateway type**: VPN
-* **SKU**: VpnGw2AZ
-* **Generation**: Generation 2
-* **Virtual network**: VNet1
-* **Gateway subnet address range**: 10.1.255.0/27
-* **Public IP address**: Create new
-* **Public IP address name:** VNet1GWpip1
-* **Public IP address SKU:** Standard
-* **Assignment:** Static
-* **Second Public IP address name:** VNet1GWpip2
+In this section, you create the virtual network gateway (VPN gateway) for your virtual network. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. Use the following steps to create a VPN gateway. Note that the VPN Gateway Basic SKU is only available in [PowerShell](create-gateway-basic-sku-powershell.md) or CLI.
 
-[!INCLUDE [Create a vpn gateway](../../includes/vpn-gateway-add-azgw-portal-include.md)]
-[!INCLUDE [Configure PIP settings](../../includes/vpn-gateway-add-azgw-pip-portal-include.md)]
+[!INCLUDE [Create a vpn gateway](../../includes/vpn-gateway-add-gateway-portal.md)]
+[!INCLUDE [Configure PIP settings](../../includes/vpn-gateway-add-gw-pip-portal.md)]
 
-A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the **Overview** page for your gateway. After the gateway is created, you can view the IP address assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device.
+You can see the deployment status on the **Overview** page for your gateway. Once the gateway is created, you can view the IP address assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device.
 
 ## <a name="view"></a>View public IP address
 
 To view public IP addresses associated to your virtual network gateway, navigate to your gateway in the portal.
 
-1. On the portal page for your virtual network gateway, under **Settings**, open the **Properties** page.
+1. On the **Virtual network gateway** portal page, under **Settings**, open the **Properties** page.
 1. To view more information about the IP address object, click the associated IP address link.
 
 ## <a name="resize"></a>Resize a gateway SKU
 
 There are specific rules for resizing versus changing a gateway SKU. In this section, you resize the SKU. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange).
 
-The basic steps are:
-
 1. Go to the **Configuration** page for your virtual network gateway.
 1. On the right side of the page, select the dropdown arrow to show a list of available SKUs. Notice that the list only populates SKUs that you're able to use to resize your current SKU. If you don't see the SKU you want to use, instead of resizing, you have to change to a new SKU.
 1. Select the SKU from the dropdown list and save your changes.
@@ -108,8 +80,6 @@ The basic steps are:
 
 Gateway resets behave differently, depending on your gateway configuration. For more information, see [Reset a VPN gateway or a connection](reset-gateway.md).
 
-The basic steps are:
-
 [!INCLUDE [reset a gateway](../../includes/vpn-gateway-reset-gw-portal-include.md)]
 
 ## Clean up resources
@@ -129,4 +99,7 @@ After you create a VPN gateway, you can configure more gateway settings and conn
 > [Site-to-site VPN connections](./tutorial-site-to-site-portal.md)
 
 > [!div class="nextstepaction"]
-> [Point-to-site VPN connections](point-to-site-certificate-gateway.md)
+> [Point-to-site - Certificate authentication VPN connections](point-to-site-certificate-gateway.md)
+
+> [!div class="nextstepaction"]
+> [Point-to-site - Microsoft Entra ID authentication VPN connections](point-to-site-entra-gateway.md)

includes/media/vpn-gateway-add-gateway-portal/vpn-gateway-portal.png

@@ -2,7 +2,7 @@
  ms.topic: include
  author: cherylmc
  ms.service: azure-vpn-gateway
- ms.date: 11/18/2024
+ ms.date: 03/10/2025
  ms.author: cherylmc
 ---
 

includes/vpn-gateway-about-gwsubnet-include.md

@@ -0,0 +1,26 @@
+---
+ author: cherylmc
+ ms.service: azure-vpn-gateway
+ ms.topic: include
+ ms.date: 03/12/2025
+ ms.author: cherylmc
+
+# The numbers in this include are correct. They add on to sections in multiple articles that are already numbered. Please do not change the numbers in any way.
+---
+
+
+1. In **Search resources, services, and docs (G+/)**, enter **virtual network gateway**. Locate **Virtual network gateway** in the **Marketplace** search results and select it to open the **Create virtual network gateway** page.
+
+   :::image type="content" source="./media/vpn-gateway-add-gateway-portal/vpn-gateway-portal.png" alt-text="Screenshot that shows the Instance fields." lightbox="./media/vpn-gateway-add-gateway-portal/vpn-gateway-portal.png":::
+
+2. On the **Basics** tab, fill in the values for **Project details** and **Instance details**.
+
+   | Setting | Value |
+   |---|---|
+   | Name | Example: VNet1GW |
+   | Region | The region for the gateway must be the same as the virtual network. |
+   | Gateway type | Select **VPN**. VPN gateways use the virtual network gateway type **VPN**. |
+   | SKU | Example: VpnGw2AZ. We recommend that you select a [Gateway SKU](../articles/vpn-gateway/about-gateway-skus.md) that ends in AZ if your region supports [availability zones](../articles/vpn-gateway/about-zone-redundant-vnet-gateways.md).|
+   | Generation | **Generation 2** |
+   | Virtual network | Example: VNet1. If your virtual network isn't available in the dropdown, you need to adjust the region you selected. |
+   | Subnet | Example: 10.1.255.0/27, A subnet named **GatewaySubnet** is required to create a VPN gateway. If the gateway subnet doesn't autopopulate, *and* you don't see the option to create one on this page, go back to your virtual network page and create the gateway subnet.|

includes/vpn-gateway-add-gateway-portal.md

@@ -0,0 +1,23 @@
+---
+ author: cherylmc
+ ms.service: azure-vpn-gateway
+ ms.topic: include
+ ms.date: 03/10/2025
+ ms.author: cherylmc
+
+# The numbers in this include are correct. They add on to sections in multiple articles that are already numbered.
+---
+3. Specify the values for **Public IP address**. These settings specify the public IP address object that gets associated to the VPN gateway. The public IP address is assigned to this object when the VPN gateway is created. The only time the primary public IP address changes is when the gateway is deleted and re-created. 
+
+   | Setting | Value |
+   | --- | --- |
+   | Public IP address name | Example: VNet1GWpip1 |
+   | Availability zone | This setting is available for AZ SKUs in regions that support [availability zones](../articles/vpn-gateway/about-zone-redundant-vnet-gateways.md). Example: **Zone-redundant**.  |
+   | Enable active-active mode | - Select **Enabled** to take advantage of the benefits of an [active-active gateway](../articles/vpn-gateway/about-active-active-gateways.md). An active-active gateway requires an additional public IP address.<br>- If you plan to use this gateway for site-to-site connections, verify the [active-active design](../articles/vpn-gateway/about-active-active-gateways.md#active-active-mode-design) that you want to use.<br>- Connections with your on-premises VPN device must be configured specifically to take advantage of active-active mode.<br>- Some VPN devices don't support active-active mode. If you're not sure, check with your VPN device vendor. If you're using a VPN device that doesn't support active-active mode, you can select **Disabled** for this setting.  |
+   | Second public IP address name | Only available for active-active mode gateways. Example: VNet1GWpip2 |
+   | Availability zone | Example: **Zone-redundant**.  |
+   | Configure BGP | Select **Disabled**, unless your configuration specifically requires this setting. If you do require this setting, the default ASN is 65515.|
+   | Enable Key Vault Access | Select **Disabled** unless you have a specific requirement to enable this setting. |
+
+4. Select **Review + create** to run validation.
+5. After validation passes, select **Create** to deploy the VPN gateway.

includes/vpn-gateway-add-gw-pip-portal.md

@@ -2,11 +2,12 @@
  author: cherylmc
  ms.service: azure-vpn-gateway
  ms.topic: include
- ms.date: 01/17/2024
+ ms.date: 03/10/2025
  ms.author: cherylmc
 ---
 
 1. On the page for your virtual network, on the left pane, select **Subnets** to open the **Subnets** page.
-1. At the top of the page, select **+ Gateway subnet** to open the **Add subnet** pane.
-1. The name is automatically entered as **GatewaySubnet**. Adjust the IP address range value, if necessary. An example is **10.1.255.0/27**.
-1. Don't adjust the other values on the page. Select **Save** at the bottom of the page to save the subnet.
+1. At the top of the page, select **+ Subnet** to open the **Add subnet** pane.
+1. For **Subnet purpose**, select **Virtual Network Gateway** from the dropdown.
+1. The name is automatically entered as **GatewaySubnet**. Adjust starting IP address and size if necessary. For example, **10.1.255.0/27**.
+1. Don't adjust the other values on the page. Click **Add** to add the subnet.

includes/vpn-gateway-create-gateway-subnet-portal-include.md

@@ -2,7 +2,7 @@
  author: cherylmc
  ms.service: azure-vpn-gateway
  ms.topic: include
- ms.date: 06/24/2024
+ ms.date: 03/10/2025
  ms.author: cherylmc
 ---
 > [!IMPORTANT]

includes/vpn-gateway-no-nsg-include.md

@@ -2,7 +2,7 @@
  author: cherylmc
  ms.service: azure-vpn-gateway
  ms.topic: include
- ms.date: 06/25/2024
+ ms.date: 03/10/2025
  ms.author: cherylmc
 ---
 

includes/vpn-gateway-reset-gw-portal-include.md

@@ -0,0 +1,17 @@
+---
+author: cherylmc
+ms.author: cherylmc
+ms.service: azure-vpn-gateway
+ms.topic: include
+ms.date: 03/10/2025
+---
+
+1. Sign in to the Azure portal.
+1. In **Search resources, service, and docs (G+/)** at the top of the portal page, enter **virtual network**. Select **Virtual network** from the **Marketplace** search results to open the **Virtual network** page.
+1. On the **Virtual network** page, select **Create** to open the **Create virtual network** page.
+1. Fill out the required values for the **Basics** tab.
+1. Select **Next** or **Security** to go to the **Security** tab. For this exercise, leave the default values for all the services on this page.
+1. Select **IP Addresses** to go to the **IP Addresses** tab. On the **IP Addresses** tab, configure the required settings.
+1. Review the **IP addresses** page and remove any address spaces or subnets that you don't need.
+1. Select **Review + create** to validate the virtual network settings.
+1. After the settings are validated, select **Create** to create the virtual network.