To help with FortiGate VM sizing, Fortinet provides several tools and resources:
: Premium SSD recommended for data disk (especially with disk logging enabled). Standard HDD will cause performance drops under load.
: If using BYOL, ensure your new vCPU count matches your license capacity.
Sizing a FortiGate-VM on Azure requires balancing three interrelated dimensions: , NIC count needs , and licensed vCPU capacity . The most successful deployments start with a clear understanding of peak traffic expectations and architect for headroom. In the cloud, the ability to resize and adjust means initial sizing doesn't have to be perfect—but informed decisions upfront prevent costly re-architecting later. Use the checklist provided, consult Fortinet's official documentation for the latest supported instance types, and always validate your chosen VM size against your specific feature set and security policy requirements. fortigate vm sizing azure
Azure enforces strict limits on the number of virtual network interfaces attached to a VM based on its size. A 2-vCPU machine often limits you to 2 NICs.
The most common sizing mistake in Azure is selecting a VM that is much larger than your licensed FortiGate vCPU capacity. Because Azure bills for the entire virtual machine regardless of how many vCPUs the FortiGate license can actually use, you can end up paying for idle compute resources.
Segmented East-West inspection inside a Hub-and-Spoke VNet architecture where memory-intensive routing tables (BGP) are used. Recommended Sizes: Standard_D4ds_v5 or Standard_D8ds_v5. Memory-Optimized: E-Series (Esv3, Edsv4) To help with FortiGate VM sizing, Fortinet provides
Do not bottleneck your firewall log generation. Pair your FortiGate VM with or Azure Ultra Disk storage for the OS and logging drives. If logging volume is extremely high, offload traffic logs to a centralized FortiAnalyzer instance or an Azure Log Analytics workspace to save local CPU cycles. 6. How to Validate and Monitor Your Sizing
Deploying next-generation firewalls (NGFW) in the cloud requires a fundamental shift from traditional hardware planning. In Microsoft Azure, hardware limitations like physical ASIC chips are replaced by software-defined constraints, virtual machine (VM) architectures, and cloud-specific network throttling.
: When the kingdom needed high-speed packet processing, Alex turned to the Compute-optimized F-series Standard_F2s or F8 Sizing a FortiGate-VM on Azure requires balancing three
Your sizing decision must sync with your licensing model to avoid "dead" resources. Pay-As-You-Go (PAYG):
Standard_F4sv2 (4 vCPUs, 8 GB RAM) up to Standard_F16sv2 (16 vCPUs, 32 GB RAM). General Purpose: D-Series (Dv3, Dsv3, Dv4, Dsv4, Ddv5)
Moderate CPU overhead. Packets are reassembled to match signatures.