Find Station

Fortigate Vm Sizing Azure

Fortinet recommends specific Azure VM series that provide the best balance of compute and high-speed networking. 1. F-Series (Compute Optimized) The series is the "gold standard" for FortiGate VMs.

Higher vCPU counts allow FortiOS to distribute the processing packet load across multiple workers.

The error SkuNotAvailable means your selected VM size is not available in your chosen region or availability zone. This is common when using the latest, high-performance VM series.

: A minimum of 8 GB RAM is recommended for standard operation. For advanced features like Unified Threat Management (UTM) or Zero Trust Network Access (ZTNA), at least 4 GB is strictly necessary. fortigate vm sizing azure

: Accelerated Networking uses Single Root I/O Virtualization (SR-IOV) to provide high-throughput, low-latency networking for Azure VMs. It is highly recommended to enable it on your FortiGate-VM's interfaces where supported by the chosen instance family.

Rather than deploying a massive 32-core FortiGate VM to handle all cloud traffic, scale horizontally. Use a utilizing Azure Virtual WAN or a centralized transit VNet. If throughput demands grow, scale out by adding more FortiGate instances behind an Azure Load Balancer rather than scaling up to increasingly expensive VM sizes. Disk Performance

You can safely lean closer to Azure’s maximum network bandwidth limits. A 4-vCPU instance can often handle multi-gigabit throughput. 2. Flow-Based vs. Proxy-Based Inspection Fortinet recommends specific Azure VM series that provide

| | Example Instance | Max NICs | |---|---|---| | Fsv2-series (small) | Standard_F4s_v2, Standard_F8s_v2 | 2-4 | | Fsv2-series (large) | Standard_F16s_v2, Standard_F32s_v2 | 4-8 | | F-series (older) | Standard_F8, Standard_F16 | 8 | | Fs-series | Standard_F8s, Standard_F16s | 8 | | DSv2/Dsv3 (general purpose) | Standard_DS4_v2, Standard_D8s_v3 | 4-8 |

: The azd process consumes extremely high memory (>50% of total RAM).

For production environments, a single VM is a single point of failure. FortiGate on Azure provides robust options for high availability. Higher vCPU counts allow FortiOS to distribute the

In Azure, the performance of the FortiGate is bound by three factors:

FG-VMUL (Unlimited vCPU) licenses are significantly more expensive than lower tiers. Reserve FG-VMUL for environments where you need more than 32 licensed vCPUs. For most workloads, FG-VM16 or FG-VM32 provides ample capacity with lower costs.

Accelerated Networking is a non-negotiable requirement for production FortiGate deployments. It utilizes Single Root I/O Virtualization (SR-IOV) to bypass the Azure virtual switch, connecting the VM directly to the physical network interface card (NIC).

Generally recommended for FortiGate because they offer a higher NIC-to-CPU ratio , which is essential for network-heavy workloads.