Fortigate Vm Sizing Azure Upd

For example, an Standard_F4sv2 VM offers a maximum of 4,000 Mbps (4 Gbps) of Azure network bandwidth. No matter how efficiently FortiOS processes packets, the VM cannot exceed this cloud-enforced ceiling. Accelerated Networking (SR-IOV)

Finally, test with your real traffic – not synthetic UDP floods. Cloud networking behaves differently on Tuesday at 2 PM vs. Friday at 5 PM. Use FortiView’s “Top Threats” and “Top Applications” to refine your sizing every quarter.

You can run a 2-vCPU license on an 8-vCPU Azure VM if you need more NICs, but the FortiGate will only use 2 of those CPUs for traffic processing. 2. Recommended Azure Instance Families For security appliances, Fortinet generally recommends Compute-Optimized General-Purpose instances.

Choosing the right FortiGate VM size in Azure is critical for balancing security performance with cloud costs. Because Azure instances have specific limits on CPU, RAM, and network throughput, your selection directly impacts how much traffic your firewall can inspect. Determining Your Throughput Requirements fortigate vm sizing azure

: Provides a balanced mix of CPU and memory. The newer Dsv5 or Dsv6 series (supported in FortiOS 7.6.1+) leverage advanced Intel processors and MANA network cards for improved reliability .

A common best practice is to match a BYOL license with a VM instance type that has an equal or greater number of vCPUs:

It is critical to match your Fortinet license with the Azure VM's vCPU count: For example, an Standard_F4sv2 VM offers a maximum

Shutdown the VM from the Azure Portal to allow resizing. Resize: Change the instance size under the "Size" menu.

Generally recommended for FortiGate because they offer a higher NIC-to-CPU ratio , which is essential for network-heavy workloads.

Fortinet supports several Azure VM types, but certain families are highly optimized for network virtual appliances (NVAs). The F-Series (Compute-Optimized) — Highly Recommended Cloud networking behaves differently on Tuesday at 2 PM vs

uses Azure Virtual Machine Scale Sets (VMSS) and Azure Functions to automatically add or remove FortiGate-VM instances based on real-time traffic metrics (e.g., CPU utilization, packet rate). It leverages FortiGate-native features like config-sync to synchronize configurations across all instances in the scale set.

Before picking a size, identify your "real-world" traffic needs. Marketing spec sheets often highlight "UDP Throughput," but enterprise environments rely on more demanding metrics.

The table below serves as a baseline mapping for production environments based on real-world throughput demands. Target NGFW Throughput Recommended Azure VM Size Max Data NICs Accelerated Networking Typical Use Case Standard_F4sv2 Small branch Hub, Dev/Test environments 1 Gbps – 3 Gbps Standard_D4s_v5 Medium enterprise edge, inbound DMZ protection 3 Gbps – 6 Gbps Standard_F8sv2 Core Hub-and-Spoke routing, basic IPS 6 Gbps – 10 Gbps Standard_D8s_v5 Large Enterprise Hub, deep inspection workloads 10 Gbps+ Standard_F16sv2 / D16s_v5 High-throughput data center interconnects

Sizing FortiGate VMs in Microsoft Azure: A Comprehensive Engineering Guide

: Starting with FortiOS 7.4.0 , if you want to use the full "extended IPS database," Fortinet recommends a minimum of 8 vCPUs . 2. Recommended Azure Instance Families Best Use Case Recommended Models F-Series (Compute Optimized)