This article breaks down how to correctly size a FortiGate-VM in Azure based on throughput, features, and workload type.
PAYG instances may throttle throughput based on vCPU count regardless of Azure SKU. Always check the FortiGate VM Sizing Guide for your FortiOS version.
Azure vCPUs are not equal to physical cores. A D8s_v3 offers 8 vCPUs (Hyper-threaded on Intel Xeon Platinum 8171M). FortiGate performance is bursty; ensure you understand the baseline performance of your chosen Azure series.
| Feature | BYOL | PAYG | | :--- | :--- | :--- | | | You purchase a perpetual or annual license from a Fortinet partner. | The license is included in the hourly cost of running the VM. | | VDOM Support | Supported (critical for virtual domains/multi-tenancy). | Not supported (billed as a single entity). | | Activation | Requires manual license file upload after deployment. | Activated immediately upon VM creation. | | Cost | Typically lower for stable, 24/7 workloads. | Better for burstable, unpredictable, or short-term workloads. | | Flexibility | Licenses are tied to a specific vCPU count. Resizing requires a new license. | VM size can be adjusted; the PAYG license is tied to the compute instance. | fortigate vm sizing azure
The offer a balanced mix of vCPU and memory.
Note: Always refer to the latest Fortinet Azure Sizing Guide (FortiOS 7.4+) and Microsoft’s VM documentation, as both companies update performance data quarterly.
Sizing the virtual machine is only half the battle; you must align the Azure infrastructure to support the firewall's network requirements. Accelerated Networking (SR-IOV) This article breaks down how to correctly size
Beyond compute metrics, the network architecture within Azure influences how you size your FortiGate deployment. Network Interface Card (NIC) Design
Dedicated interface for heartbeats and session synchronization.
While FortiGate-VM can run on as little as 2 GB of RAM, features like Intrusion Prevention (IPS) and Antivirus are memory-intensive. For production, aim for at least 4 GB to 8 GB to ensure the system doesn't enter conserve mode . Azure vCPUs are not equal to physical cores
When vertical scaling (moving to a larger VM size) becomes cost-prohibitive or hits Azure's physical limits, you must scale horizontally. High Availability (HA) Sizing Considerations
When sizing a physical firewall, engineers look at raw firewall throughput. In Azure, you must evaluate three distinct performance vectors simultaneously: , Azure VM limits , and traffic profiles . Traffic Profiles and Inspection Modes
FortiGate VM performance depends heavily on the underlying Azure hardware infrastructure. When sizing your virtual appliance, look beyond CPU count and memory to consider these critical cloud constraints. Accelerated Networking (SR-IOV)
FortiGate VM Sizing in Azure: A Comprehensive Engineering Guide