Azure VPN Gateway
Business VPN software
Network security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Azure VPN Gateway and its alternatives fit your requirements.
Pay-as-you-go
Free Trial
Free version unavailable
Small
Medium
Large
- Information technology and software
- Public sector and nonprofit organizations
- Energy and utilities
What is Azure VPN Gateway
Azure VPN Gateway is a managed VPN service in Microsoft Azure that provides encrypted connectivity between on-premises networks, individual clients, and Azure virtual networks. It is primarily used by IT and network teams to implement site-to-site VPN, point-to-site remote access, and VNet-to-VNet connectivity as part of a hybrid cloud network design. The service integrates with Azure networking constructs (VNets, route tables, BGP) and supports policy- or route-based VPN configurations depending on the gateway SKU and scenario.
Native Azure network integration
Azure VPN Gateway integrates directly with Azure Virtual Network, routing, and gateway subnet requirements, which simplifies deployment in Azure-centric environments. It supports common hybrid patterns such as site-to-site connectivity to datacenters and branch locations and VNet-to-VNet connectivity across Azure networks. It also works with Azure networking features such as BGP for dynamic routing in supported configurations.
Managed gateway operations
Microsoft operates the gateway infrastructure, reducing the need to deploy and patch self-managed VPN appliances or virtual routers. Scaling and availability options are handled through gateway SKUs and Azure platform capabilities rather than manual capacity planning on customer-managed hosts. This can lower operational overhead compared with running VPN concentrators on IaaS instances.
Multiple VPN connectivity modes
The service supports site-to-site IPsec/IKE tunnels for network-to-network connectivity and point-to-site for user/device remote access. It also supports route-based and policy-based approaches depending on requirements and SKU, which helps with interoperability across different on-prem VPN devices. These options make it suitable for mixed environments where both branch connectivity and remote access are needed.
Feature set varies by SKU
Capabilities such as throughput, tunnel limits, and certain routing options depend on the selected gateway SKU and configuration. This can require careful sizing and periodic re-evaluation as usage grows or as requirements change. Mis-sizing can lead to avoidable cost increases or performance constraints.
Azure-centric by design
Azure VPN Gateway is designed primarily to connect into Azure VNets, so it is less suitable as a general-purpose overlay network or multi-cloud VPN hub without additional architecture. Organizations with significant non-Azure footprints may need extra components to achieve consistent policy and connectivity across environments. This can increase design complexity compared with solutions built for heterogeneous networks.
Not a full ZTNA platform
While it provides encrypted transport and supports remote access, it does not inherently deliver application-level access controls and identity-centric segmentation associated with zero-trust network access products. Organizations often need to pair it with identity, device compliance, and conditional access controls to reach a ZTNA-style posture. For granular per-application access, additional services or architectures may be required.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Basic | Region & currency dependent (see Azure pricing page) | 100 Mbps; S2S tunnels: Max 10 (1–10 included); P2S tunnels: Max 128 (1–128 included); billed hourly while provisioned. |
| VpnGw1 | Region & currency dependent (see Azure pricing page) | 650 Mbps; S2S tunnels: Max 30 (1–10 included; 11–30 billed per-hour per tunnel beyond included); P2S tunnels: Max 250 (1–128 included; 129–250 billed per-hour per connection beyond included). |
| VpnGw2 | Region & currency dependent (see Azure pricing page) | ~1 Gbps; S2S tunnels: Max 30; P2S tunnels: Max 500. Hourly gateway charge applies. |
| VpnGw3 | Region & currency dependent (see Azure pricing page) | ~1.25 Gbps; S2S tunnels: Max 30; P2S tunnels: Max 1,000. Hourly gateway charge applies. |
| VpnGw4 | Region & currency dependent (see Azure pricing page) | ~5 Gbps; S2S tunnels: Max 100; P2S tunnels: Max 5,000. Hourly gateway charge applies. |
| VpnGw5 | Region & currency dependent (see Azure pricing page) | ~10 Gbps; S2S tunnels: Max 100; P2S tunnels: Max 10,000. Hourly gateway charge applies. |
| VpnGw1AZ - VpnGw5AZ (Zone-redundant SKUs) | Region & currency dependent (see Azure pricing page) | Zone-redundant versions of VpnGw1–VpnGw5; same bandwidth thresholds; billed hourly. |
| Advanced connectivity add-on (VpnGw5AZ only) | Region & currency dependent (see Azure pricing page) | 20 Gbps add-on billed per deployment hour; available only for newly deployed VpnGw5AZ gateways. |
Notes:
- Azure bills VPN Gateway compute on an hourly basis while the gateway is provisioned; monthly estimates on the pricing page are based on 730 hours/month. (See official pricing page.)
- Data transfer (egress/inter-virtual) is billed separately; the pricing page lists inter-virtual outbound rates by zone (example: Zone 1: $0.035/GB; Zone 2: $0.09/GB; Zone 3: $0.16/GB) — these are region/zone-specific and the full data-transfer table is on the official pricing page.
Seller details
Microsoft Corporation
Redmond, Washington, United States
1975
Public
https://www.microsoft.com/
https://x.com/Microsoft
https://www.linkedin.com/company/microsoft/
