Azure VPN Gateway pricing
https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/
I’m planning to focus more on Azure with cloud being more mainstream.
If you require 30 site to site IPsec vpn tunnels, you are looking at like $500/month just for the tunnel itself. You still need to factor in data transfer costs.
Is Azure VPN Gateway IPv4 or IPv6?
If you are looking at just 1 x site to site vpn, it is $0.2593/hr or $186/month without including the data transfer costs. It’s quite pricey. Who’s really benefiting from Azure VPN Gateway? Doesn’t seem like a good fit for small businesses.
Does it make sense to have a company of say 20 users go with Azure VPN Gateway to access Azure Virtual Machines? Or does it make more sense to just have a local router like a Fortigate and setup 1 x local server on premise for eg. sage 300. If it is just 1 x server, seems like on premise makes more sense than going cloud.
There are a slew of vendor supported Virtual Appliances that are deployable if you prefer.
We mix between VPNGW and Meraki vMX depending on the situation. And in small SKU deployments (vMX-S), the Meraki is pretty close if not a bit lower in License + VM cost.
Does it make sense to have a company of say 20 users go with Azure VPN Gateway to access Azure Virtual Machines
No. I’d put those VMs
- Under the Umbrella of Azure Virtual Desktop
- Use straight RDP behind Azure App Proxy
- Or use Bastion
All depending on the use case.
We’ve just assessed this also and found it cheaper to run up a pfSense firewall (there are tutorials online for community edition - single NIC) and use some routing between the VM and firewall just for VPN connectivity. Cost of a B1s and premium disk is about $15 month.
Another gotcha was that the Azure VPN gateway basic only support 1 site-2-site VPN using IKEv1 which is what the customer routers support.
Why don’t you use WVD. Then you don’t need so many VPNs. We have a client using sage200 we only have one VPN the free site to site one.
I know this is old but the gateway prices are stupid. Like the transfer data costs are fine and logical. But seriously doesn’t take that much compute and resource for a basic gateway with 20x VPN connections.
I think this is why most even larger companies I have seen don’t utilise azure VPN services so much 
really they could be making a lot more money with better pricing and tiers.
We moved from Azure VPN Gateway to Fortigate due to the need for 32 tunnels and the cost skyrocketing.
Azure VPN gateway basic only supports 1 site to site VPN using IKEV1? That’s crazy.
Do the non basic ones support more than 1 site to site VPN using IKEv1?
We need the site to site vpn as there are quite a number of retail stores.
Is the Fortigate VM in the cloud or physical FortiGate?
Would you mind sharing a cost estimate compared to Azure VPN?
This post was removed because it was deemed to be promotional or for the purpose of sales. Vendor participation is encouraged. Feedback and assistance can be invaluable. However, promotion of any products, including webinars, must be kept to the Weekly Promo thread.
I was able to track down the doco from Microsoft -----
Traditionally we allowed IKEv1 connections for Basic SKUs only and allowed IKEv2 connections for all VPN gateway SKUs other than Basic SKUs.
The Basic SKUs allow only 1 connection and along with other limitations such as performance, customers using legacy devices that support only IKEv1 protocols were having limited experience.
In order to enhance the experience of customers using IKEv1 protocols, we are now allowing IKEv1 connections for all of the VPN gateway SKUs, except Basic SKU.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto#about-ikev1-and-ikev2-for-azure-vpn-connections
The following table shows that with a non basic SKU you can have 10-30 route based S2S connections.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto#about-ikev1-and-ikev2-for-azure-vpn-connections
So to answer your question according to the above you can have more than 1 IKEv1 route based VPN connection when not using a basic SKU.
Seems like a cash grab to force users onto the higher SKUs and it was far too expensive for our customers that only have 2 sites.
Can you not using basic VPN. I know Microsoft don’t advise it for production but we have been using it fine.
Running in Azure, fully integrated to azure route tables etc.
It is limited to 10 site to site connections only with no ability to pay more for additional site to site connections and speed is only 100mbps.
Has this been pretty stable?
really they could be making a lot more money with better pricing and tiers.