If you use Bring Your Own License (BYOL) , you can upgrade from a VM-01S to a VM-02S and then resize the Azure VM to match the new vCPU count within minutes. 3. Critical Sizing Constraints
Mastering FortiGate VM Sizing on Azure: A Complete Guide Choosing the right size for your on Microsoft Azure is a critical balancing act between security performance and cost optimization. Unlike physical appliances, virtual machines (VMs) share hardware resources, meaning your choice of Azure VM instance series directly impacts throughput, latency, and your firewall’s overall efficacy. 1. Understanding Azure VM Series for FortiGate
In public clouds, Fortinet licensing only restricts the you can use.
Note: Sizing metrics are estimates based on standard enterprise traffic mixes. Actual performance varies based on average packet size (IMIX), session duration, and specific security profiles enabled. 4. Architectural Sizing Considerations fortigate vm sizing azure
: Deep packet inspection (DPI) and SSL/TLS inspection significantly increase CPU load. For example, one user's browsing and file downloading can consume up to 12% of a single CPU core when deep inspection is active.
Azure enforces a strict maximum number of Network Interfaces based on the VM size. A standard Hub-and-Spoke architecture often requires separate NICs for External, Internal, Management, and High Availability (HA) sync traffic. Ensure your selected VM size permits the required number of physical NIC attachments. 3. Recommended Azure VM Series for FortiGate
High throughput, IPS, and SSL inspection. Often the best price-to-performance ratio for firewalls. Standard_F4s_v2 , Standard_F8s_v2 (General Purpose) If you use Bring Your Own License (BYOL)
Accelerated Networking is a mandatory requirement for any production FortiGate VM deployment. It bypasses the Azure host hypervisor, channeling network traffic directly to the physical NIC.
Suitable for environments requiring larger memory pools relative to vCPU counts, such as FortiGates handling massive concurrent session tables or running extensive local logging/FortiGuard caching.
High-concurrency environments (e.g., large e-commerce backends or public-facing applications) demand substantial RAM. Every open network session consumes a specific allocation of system memory. If the VM runs out of memory, FortiOS enters , dropping or bypassing traffic to save the system from crashing. 3. Recommended Azure VM Series for FortiGate Note: Sizing metrics are estimates based on standard
There are two primary ways to license your FortiGate-VM, and each impacts how you size the underlying VM: FortiGate VM on Microsoft Azure Data Sheet - Fortinet
Ideal if you need higher throughput for a lower price point and have high CPU demand but lower memory requirements.
| VM Size | Max Network Bandwidth (Gbps) | FortiGate Realistic Inspection Throughput | |---------|------------------------------|--------------------------------------------| | D2s v3 | ~1.5 Gbps | ~0.8 Gbps (with basic firewall) | | D4s v3 | ~3.0 Gbps | ~1.5-2 Gbps (with IPS) | | D8s v3 | ~6.0 Gbps | ~3 Gbps (with SSL inspection) | | D16s v3 | ~12.0 Gbps | ~5-6 Gbps (mixed traffic) |