Before selecting a FortiGate VM license (01, 02, 04, etc.), you must analyze your Azure environment's traffic requirements.
Requires sizing the active node to handle 100% of the peak workload. The passive node sits idle but must match the active node's size exactly.
Monitor memory metrics. If RAM utilization consistently breaches 70%, plan an upgrade to an instance with a higher memory-to-core ratio (e.g., switching from an F-series to a D-series).
You purchase the firewall directly from the Azure Marketplace, and costs are bundled into your hourly Azure bill. fortigate vm sizing azure
Which will be heavily used (e.g., standard routing, IPS, or full SSL Deep Packet Inspection)? Will you be deploying via BYOL or PAYG ? Share public link
If the FortiGate is primarily handling ExpressRoute/VPN termination, basic access control lists (ACLs), and Network Address Translation (NAT), packet processing happens efficiently.
Requires signature matching, increasing CPU load. Before selecting a FortiGate VM license (01, 02, 04, etc
When sizing a FortiGate VM, you must look beyond Fortinet’s data sheets and account for Microsoft Azure's infrastructure limitations. Azure Network Interface (NIC) Limits
Are you just routing packets, or doing Deep SSL inspection? If doing SSL inspection, double your estimated compute requirements.
uses Azure Virtual Machine Scale Sets (VMSS) and Azure Functions to automatically add or remove FortiGate-VM instances based on real-time traffic metrics (e.g., CPU utilization, packet rate). It leverages FortiGate-native features like config-sync to synchronize configurations across all instances in the scale set. Monitor memory metrics
). These offer a solid balance of CPU and memory for everyday traffic. The Swift F-Series
Sizing a FortiGate VM is not just about matching the total throughput of your internet circuit. Cloud firewalls process diverse traffic types—east-west (vnet-to-vnet), north-south (internet ingress/egress), and hybrid (ExpressRoute/VPN). You must evaluate three primary vectors: Compute vs. Security Inspection Levels
If you are currently planning a deployment, I can help you narrow down the exact instance size. Could you share a few details about your environment? What is your (in Gbps)?
By matching your throughput needs, inspection levels, and interface requirements to the correct compute-optimized Azure VM series, you can build a highly resilient cloud security architecture that performs reliably without inflating your monthly cloud bill.