Azure Fixed | Fortigate Vm Sizing

Unlike traditional physical appliances with custom ASIC chips (such as SPUs and CPUs), a FortiGate VM relies entirely on the host Azure CPU for packet processing, encryption, and deep packet inspection (DPI).

Often bundled with specific instance sizes in the Azure Marketplace. 2. Selecting the Right Azure VM Family

This is the most CPU-hungry feature. Multiply vCPUs x2.

For environments with fluctuating traffic (e.g., business hours vs. night), you can use FortiGate Autoscale for Azure. This feature dynamically adds or removes FortiGate-VM instances in a VM Scale Set (VMSS) based on predefined thresholds like CPU or network utilization. When a spike occurs, a new VM is automatically added to handle the load. fortigate vm sizing azure

: FortiOS is highly parallelized. Adding vCPUs directly increases throughput for compute-intensive tasks like IPS, Antivirus, and SSL Inspection. Memory Requirements : A minimum of

| Mistake | Consequence | Fix | | :--- | :--- | :--- | | Using B-series VMs | Dropped packets after CPU credit exhaustion | Switch to D or F series. | | Pairing 8‑vCPU VM with VM04 license | Wasted Azure cost, no performance gain | Match vCPUs to license tier. | | Forgetting SSL inspection overhead | Throughput drops 80% unexpectedly | Double vCPUs from raw baseline. | | Deploying single VM for critical path | No HA, Azure host maintenance causes outage | A-P pair + Azure LB or FortiGate FGCP. |

A minimum of is recommended for basic routing. Selecting the Right Azure VM Family This is

Before picking a size, identify your "real-world" traffic needs. Marketing spec sheets often highlight "UDP Throughput," but enterprise environments rely on more demanding metrics.

Azure imposes regional vCPU quotas on your subscription. If you plan to deploy multiple large FortiGate-VM instances, verify your quota before deployment. You can request increases from Microsoft if necessary.

The or Ds_v5 series are versatile options for smaller branch-office deployments. Why: Balanced memory-to-core ratio. Best for: Management segments or light SD-WAN duties. Key Technical Constraints night), you can use FortiGate Autoscale for Azure

To ensure stable performance, especially with high-demand features like or Proxy , a minimum of 4 GB RAM is strongly recommended . FortiGate Model vCPU Limit Recommended Azure Instance Key Performance (Firewall/NGFW) FG-VM01 Standard_F1 / D1 ~12 Gbps / 250 Mbps FG-VM02 Standard_F2 / D2s_v5 ~15 Gbps / 550 Mbps FG-VM04 Standard_F4 / D4s_v5 ~28 Gbps / 1.3 Gbps FG-VM08 Standard_F8 / D8s_v5 ~33 Gbps / 2.2 Gbps Recommended Azure Instance Families

B-series VMs accumulate CPU credits during idle periods but throttle performance when credits run out. This unpredictability is unacceptable for a security appliance that must process traffic consistently. Stick to compute-optimized Fsv2-series for production deployments.