| vCPUs | RAM (GB) | Est. Firewall (Gbps) | Est. IPSec (Gbps) | Est. SSL Inspection (Mbps) | |-------|----------|----------------------|--------------------|-----------------------------| | 2 | 4 | 0.5 – 0.8 | 0.2 – 0.3 | 50 – 100 | | 4 | 8 | 1.0 – 1.5 | 0.5 – 0.8 | 150 – 250 | | 8 | 16 | 2.0 – 3.0 | 1.0 – 1.5 | 400 – 600 | | 16 | 32 | 4.0 – 6.0 | 2.0 – 3.0 | 800 – 1200 |
This deployment has specific prerequisites, such as requiring an Azure Function App to manage failover and license distribution. A typical autoscaling rule might trigger a scale-out event when CPU or network utilization exceeds 70%.
| Family | Characteristics | FortiGate Recommendation | |--------|----------------|--------------------------| | | General purpose, Intel Xeon, good balance | Best for 80% of use cases (VPN + inspection) | | Ev3 / Ev4 | Memory-optimized, same CPU as Dv3 | Required for large session tables (>2M) or many IPsec tunnels | | Fsv2 | High frequency Intel (3.4 GHz) | Ideal for SSL inspection and low-latency requirements | | Dasv4 | AMD EPYC (3.0+ GHz) | Excellent price/performance for stateful firewall only (not VPN-heavy) | | B-series (Burstable) | Use only for lab/DevTest | Production traffic will exhaust CPU credits and drop packets | fortigate vm sizing azure
When deploying FortiGate-VM as an NVA within an Azure vWAN hub, you must select a scale unit at deployment time. Scale units cannot be changed dynamically; upgrading requires a full redeployment. The following scale unit options are available in vWAN deployments:
user wants a long article about FortiGate VM sizing on Azure. I need to provide comprehensive information. I'll follow the search plan provided in the hints. The plan has three rounds. I'll start with Round One. search results from Round One have provided some initial information. Now, I need to proceed to Round Two for deeper dives into specific topics. The plan includes opening specific relevant pages. I'll start opening those pages. search results provide a good amount of official documentation. Now I need to proceed to Round Two. The plan includes specific searches for troubleshooting, sizing calculators, community discussions, and Azure-specific networking considerations. I'll execute these searches now. have gathered a substantial amount of information from the search results. Now I need to synthesize this into a comprehensive article. The article will cover key sections such as introduction, licensing models, VM types and sizing, network interface considerations, high availability and autoscaling, cost optimization, common pitfalls, and a checklist. I'll structure the article to be informative and practical.izing a FortiGate virtual machine on Microsoft Azure isn't just a technical decision—it's a strategic one that sits at the heart of your cloud's security and performance. A properly sized deployment ensures you're not overpaying for idle capacity or, worse, discovering a throughput bottleneck during a critical traffic spike. | vCPUs | RAM (GB) | Est
Without Accelerated Networking, the host CPU spends cycles copying packets from the physical NIC to the virtual NIC, creating a massive performance bottleneck and skyrocketing latency. 3. Azure VM Size Matching Matrix
Proper sizing of the FortiGate VM is essential to ensure that it can handle the required network traffic and security workloads. Undersizing the VM can lead to performance issues, packet loss, and decreased security effectiveness, while oversizing can result in unnecessary costs. Therefore, it's crucial to carefully evaluate your Azure environment and security requirements to determine the optimal FortiGate VM size. and decreased security effectiveness
: Useful if you are running memory-intensive features like heavy logging or large-scale SSL-VPN termination . Critical Configuration Tips Instance type support | FortiGate Public Cloud 7.6.0
If your chosen Azure VM size supports only two NICs, you cannot deploy a standard multi-NIC security architecture. Compute Architecture: Standard vs. Compute-Optimized
Different Azure series are optimized for specific firewall workloads: