Fortigate Vm Sizing Azure Best
Sizing Your FortiGate VM in Azure: A Comprehensive Guide Deploying a FortiGate Next-Generation Firewall (NGFW)
These are lower than Fortinet’s “lab maximums” because Azure’s accelerated networking and vCPU stealing reduce real-world performance. fortigate vm sizing azure
Part 2: Sizing Metrics – Beyond the Marketing Sheets
Fortinet publishes "datasheet throughput" – but that assumes ideal conditions: 1518-byte packets, no logging, no SSL inspection, and dedicated hardware. In Azure, you must derate aggressively. Sizing Your FortiGate VM in Azure: A Comprehensive
| License SKU (Example) | Max Licensed Throughput | Recommended Azure VM Size | |----------------------|------------------------|----------------------------| | FG-VM01 (PayG/BYOL) | 1 Gbps | D2s v3, D2ds v4, B2s | | FG-VM02 | 2 Gbps | D4s v3, D4ds v4 | | FG-VM04 | 4 Gbps | D8s v3, D8ds v4 | | FG-VM08 | 8 Gbps | D16s v3, D16ds v4 | | FG-VM16 | 16 Gbps | D32s v3, D32ds v4 | | FG-VM32 (rare) | 32 Gbps | D64s v3 | SSL/TLS Offload: Azure VMs do not have dedicated
When sizing your instance, performance is determined by more than just raw CPU count. You must consider:
There are two primary ways to license your FortiGate-VM, and each impacts how you size the underlying VM: FortiGate VM on Microsoft Azure Data Sheet - Fortinet
Licenses are typically sold by vCPU count (e.g., VM-02, VM-04, VM-08). If you license a (2 vCPUs) but deploy it on a Standard_D4s_v5 (4 vCPUs), the FortiGate will only utilize 2 of those CPUs , wasting half of your Azure compute costs. 4. Performance Expectations
- Standard_D8s_v3 / v4 / v5 (8 vCPU) – Sweet spot for VM08.
- Standard_D16s_v3 / v4 / v5 (16 vCPU) – Sweet spot for VM16.
- Standard_F16s_v2 (16 vCPU) – High compute frequency, excellent for encrypted traffic decryption.
