🛡️ Azure Virtual Network Gateway has no connections🟢

• Contextual name: 🛡️ Virtual Network Gateway has no connections🟢
• ID: /ce/ca/azure/virtual-network/virtual-network-gateway-without-connection
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Virtual Network Gateway
  • 🔌 Azure Virtual Network Gateway - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Ensure that Azure Virtual Network Gateway has at least one connection. Delete unnecessary gateways that don’t have any connections. A gateway provisioned but not actively connected represents wasted cost.

Azure Virtual Network Gateway should have at least one active connection. VPN Gateways without any established connections should be decommissioned to eliminate avoidable costs.

Rationale

Azure Virtual Network Gateways incur charges regardless of whether they are actively used. Gateways without configured connections often indicate misconfigurations or abandoned infrastructure. Identifying and removing such resources helps optimize network architecture, reduce unnecessary expenditure, and improve operational hygiene.

Audit

This policy marks an Azure Virtual Network Gateway as INCOMPLIANT if it has no related Azure Virtual Network Gateway Connects, indicating that it is not currently participating in any site-to-site, point-to-site, or VNet-to-VNet VPN configurations.

Remediation

Open File

Remediation

Delete the Unused Virtual Network Gateway

If a Virtual Network Gateway is confirmed to have no active connections and is not required for current or future network configurations, it should be deleted to prevent ongoing charges and reduce infrastructure complexity.

Azure CLI

az network vnet-gateway delete \
    --name {{gateway-name}} \
    --resource-group {{resource-group-name}}

PowerShell

Remove-AzVirtualNetworkGateway `
    -Name "{{gateway-name}}" `
    -ResourceGroupName "{{resource-group-name}}"

Considerations

• Confirm that the gateway is not reserved for planned VPN or ExpressRoute configurations.
• Ensure no virtual network or hybrid connectivity scenarios depend on the gateway being removed.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data