: Azure enforces strict limits on the number of NICs per VM size. For example, a high-availability (Active-Passive) setup typically requires at least 4 NICs (Management, Internal, External, Heartbeat), which mandates a minimum of 4 vCPUs in most Azure families (e.g., D4 series).
in Azure is a smart move for hybrid and cloud-native security, but "guessing" your VM size can lead to either expensive over-provisioning or sluggish performance bottlenecks. To build a secure, efficient environment, you need to align your Azure VM SKU with your specific traffic needs and FortiOS licensing. 1. Match the VM Series to Your Workload
In Azure, you are rarely limited by the FortiGate software capacity; you are almost always limited by the Azure Virtual Machine tier bandwidth caps. fortigate vm sizing azure
: Determines the parallel processing capacity for traffic and security inspection (IPS, Antivirus, Application Control).
Master Guide: FortiGate VM Sizing in Microsoft Azure Deploying a in Microsoft Azure requires balancing network performance, security inspection load, and cloud compute costs. Unlike hardware appliances with fixed ASICs, a virtual machine (VM) relies entirely on vCPUs and RAM allocations. Proper sizing ensures your architecture survives peak traffic spikes without overpaying for unused infrastructure. : Azure enforces strict limits on the number
| License Tier | vCPUs (Azure) | Typical Raw Throughput* | Use Case | | :--- | :--- | :--- | :--- | | | 2 | ~1 Gbps | Dev/Test, branch office | | FG-VM04 | 4 | ~2-4 Gbps | Small production, DMZ | | FG-VM08 | 8 | ~4-8 Gbps | Mid-size enterprise | | FG-VM16 | 16 | ~8-16 Gbps | Large hub, heavy inspection |
Always choose an Azure VM size that supports Accelerated Networking. To build a secure, efficient environment, you need
Higher CPU-to-memory ratio, ideal for compute-heavy SSL inspection. VMSS (Scale Sets)
The or Ds_v5 series are versatile options for smaller branch-office deployments. Why: Balanced memory-to-core ratio. Best for: Management segments or light SD-WAN duties. Key Technical Constraints
This article breaks down how to correctly size a FortiGate-VM in Azure based on throughput, features, and workload type.
PAYG licenses automatically scale their costs based on the size of the Azure VM instance you select. This model is ideal for temporary environments, proof-of-concept testing, or deployments utilizing Azure Virtual Machine Scale Sets (VMSS) where instances dynamically scale out. Advanced Architecture and Scaling Strategies