Merge pull request #214509 from cherylmc/vwan-faq-updates

Update virtual-wan-faq.md

Author: prmerger-automator[bot]

articles/virtual-wan/virtual-wan-faq.md

@@ -4,7 +4,7 @@ description: See answers to frequently asked questions about Azure Virtual WAN n
 author: cherylmc
 ms.service: virtual-wan
 ms.topic: conceptual
-ms.date: 05/20/2022
+ms.date: 10/13/2022
 ms.author: cherylmc
 # Customer intent: As someone with a networking background, I want to read more details about Virtual WAN in a FAQ format.
 ---
@@ -96,7 +96,7 @@ There are two options to add DNS servers for the P2S clients. The first method i
 
 ### For User VPN (point-to-site)- how many clients are supported?
 
-The table below describes the number of concurrent connections and aggregate throughput of the Point-to-site VPN Gateway supported at different scale units.
+The table below describes the number of concurrent connections and aggregate throughput of the Point-to-site VPN gateway supported at different scale units.
 
 Scale Unit | Gateway Instances | Supported Concurrent Connections | Aggregate Throughput|
 | ---- | ---| ---| ---|
@@ -188,6 +188,8 @@ All virtual WAN APIs are OpenAPI. You can go over the documentation [Virtual WAN
 
 Virtual WAN partners automate IPsec connectivity to Azure VPN end points. If the Virtual WAN partner is an SD-WAN provider, then it's implied that the SD-WAN controller manages automation and IPsec connectivity to Azure VPN end points. If the SD-WAN device requires its own end point instead of Azure VPN for any proprietary SD-WAN functionality, you can deploy the SD-WAN end point in an Azure VNet and coexist with Azure Virtual WAN.
 
+Virtual WAN supports [BGP Peering](create-bgp-peering-hub-portal.md) and also has the ability to [deploy NVA's into a virtual WAN hub](how-to-nva-hub.md).
+
 ### How many VPN devices can connect to a single hub?
 
 Up to 1,000 connections are supported per virtual hub. Each connection consists of four links and each link connection supports two tunnels that are in an active-active configuration. The tunnels terminate in an Azure virtual hub VPN gateway. Links represent the physical ISP link at the branch/VPN device.
@@ -204,6 +206,8 @@ An Azure Virtual WAN connection is composed of 2 tunnels. A Virtual WAN VPN gate
 
 The Gateway Reset button should be used if your on-premises devices are all working as expected, but the site-to-site VPN connection in Azure is in a Disconnected state. Virtual WAN VPN gateways are always deployed in an Active-Active state for high availability. This means there's always more than one instance deployed in a VPN gateway at any point of time. When the Gateway Reset button is used, it reboots the instances in the VPN gateway in a sequential manner so your connections aren't disrupted. There will be a brief gap as connections move from one instance to the other, but this gap should be less than a minute. Additionally, note that resetting the gateways won't change your Public IPs.
 
+This scenario only applies to the S2S connections.
+
 ### Can the on-premises VPN device connect to multiple hubs?
 
 Yes. Traffic flow, when commencing, is from the on-premises device to the closest Microsoft network edge, and then to the virtual hub.
@@ -218,7 +222,7 @@ Yes, you can connect your favorite network virtual appliance (NVA) VNet to the A
 
 ### Can I create a Network Virtual Appliance inside the virtual hub?
 
-A Network Virtual Appliance (NVA) can't be deployed inside a virtual hub. However, you can create it in a spoke VNet that is connected to the virtual hub and enable appropriate routing to direct traffic per your needs.
+A Network Virtual Appliance (NVA) can be deployed inside a virtual hub. For steps, see [About NVA's in a Virtual WAN hub](about-nva-hub.md).
 
 ### Can a spoke VNet have a virtual network gateway?
 
@@ -266,9 +270,9 @@ When VPN sites connect into a hub, they do so with connections. Virtual WAN supp
 
 Yes, NAT traversal (NAT-T) is supported. The Virtual WAN VPN gateway will NOT perform any NAT-like functionality on the inner packets to/from the IPsec tunnels. In this configuration, ensure the on-premises device initiates the IPsec tunnel.
 
-### I don't see the 20-Gbps setting for the virtual hub in portal. How do I configure that?
+### How can I configure a scale unit to a specific setting like 20-Gbps?
 
-Navigate to the VPN gateway inside a hub on the portal, then click on the scale unit to change it to the appropriate setting.
+Go to the VPN gateway inside a hub on the portal, then click on the scale unit to change it to the appropriate setting.
 
 ### Does Virtual WAN allow the on-premises device to utilize multiple ISPs in parallel, or is it always a single VPN tunnel?
 
@@ -303,7 +307,7 @@ If a virtual hub learns the same route from multiple remote hubs, the order in w
 1. Longest prefix match.
 1. Local routes over interhub.
 1. Static routes over BGP: This is in context to the decision being made by the virtual hub router. However, if the decision maker is the VPN gateway where a site advertises routes via BGP or provides static address prefixes, static routes may be preferred over BGP routes.
-1. ExpressRoute (ER) over VPN: ER is preferred over VPN when the context is a local hub. Transit connectivity between ExpressRoute circuits is only available through Global Reach. Therefore, in scenarios where ExpressRoute circuit is connected to one hub and there is another ExpressRoute circuit connected to a different hub with VPN connection, VPN may be preferred for inter-hub scenarios.
+1. ExpressRoute (ER) over VPN: ER is preferred over VPN when the context is a local hub. Transit connectivity between ExpressRoute circuits is only available through Global Reach. Therefore, in scenarios where ExpressRoute circuit is connected to one hub and there is another ExpressRoute circuit connected to a different hub with VPN connection, VPN may be preferred for inter-hub scenarios. However, you can [configure virtual hub routing preference](howto-virtual-hub-routing-preference.md) to change the default preference.
 1. AS path length (Virtual hubs prepend routes with the AS path 65520-65520 when advertising routes to each other).
 
 ### Does the Virtual WAN hub allow connectivity between ExpressRoute circuits?
@@ -316,7 +320,7 @@ When multiple ExpressRoute circuits are connected to a virtual hub, routing weig
 
 ### Does Virtual WAN prefer ExpressRoute over VPN for traffic egressing Azure
 
-Yes. Virtual WAN prefers ExpressRoute over VPN for traffic egressing Azure.
+Yes. Virtual WAN prefers ExpressRoute over VPN for traffic egressing Azure. However, you can configure virtual hub routing preference to change the default preference. For steps, see [Configure virtual hub routing preference](howto-virtual-hub-routing-preference.md).
 
 ### When a Virtual WAN hub has an ExpressRoute circuit and a VPN site connected to it, what would cause a VPN connection route to be preferred over ExpressRoute?
 
@@ -356,7 +360,7 @@ For the point-to-site User VPN scenario with internet breakout via Azure Firewal
 
 ### What is the recommended API version to be used by scripts automating various Virtual WAN functionalities?
 
-A minimum version of 05-01-2020 (May 1 2020) is required.
+A minimum version of 05-01-2022 (May 1, 2022) is required.
 
 ### Are there any Virtual WAN limits?