Redundant VPN Gateway reset (Azure WAN)

If you happen to have a redundant setup of a VPN gateway, which happens to be delivered as well with Azure Virtual WAN, you might encounter issues where you want to reset the VPN Gateway. One thing that is not clearly mentioned in the documentation, nor is it in the Azure Portal. If you have a redundant setup, you need to reset the Gateway twice.

To reset a single gateway, reset the Gateway once. If you want to reset a redundant setup, you will have to reset the gateway 2 times.

image 1

Effectively this process means the following:

  • Reset 1: The secondary node (node 2), will become the primary node, and will take over all tasks from the first node. After the reset completes (15-45 minutes later). The load will be split again. Primary role stays where it is, it won’t be failed over again.
  • Reset 2: The newly made primary node (node 2) will now transfer the roles back to the rebooted node (Node 1) and become primary again. Node 2 will become secondary again after the reboot.


More information and documentation can be found on Microsoft Docs:

