Small branch office, basic routing, or management-only VNet. Standard_F4sv2 / Standard_D4ds_v4
Resizing a FortiGate VM within Azure's portal can sometimes be restricted by architecture requirements. It is often simpler to back up your configuration and redeploy the FortiGate VM with the desired new size.
Ideal if you need higher throughput for a lower price point and have high CPU demand but lower memory requirements.
: Azure limits the number of Network Interfaces (NICs) based on the VM size. D2/D2v2 : Supports only 2 NICs . D4/D4v2 : Supports up to 8 NICs . fortigate vm sizing azure
Azure enforces a strict maximum number of NICs per VM size. A standard high-availability (HA) firewall architecture typically requires at least four interfaces: Management Untrusted (Public/External) Trusted (Private/Internal) HA Sync (Heartbeat)
Higher vCPU counts allow FortiOS to distribute the processing packet load across multiple workers.
FortiGate VM Sizing on Microsoft Azure: Strategic Overview Selecting the correct Azure virtual machine (VM) instance for a FortiGate-VM deployment requires balancing compute power (vCPUs), memory, and—crucially for networking—the maximum number of network interface cards (NICs) supported by the Azure instance. 1. Fundamental Sizing Metrics Small branch office, basic routing, or management-only VNet
This 3,000+ word guide will walk you through the anatomy of FortiGate VM sizing in Azure, covering SKU selection, throughput calculations, licensing models, high availability (HA) implications, and real-world deployment patterns.
💡 If you anticipate high growth, size your Azure VM for your "future" needs but use a BYOL license that allows for easy CPU upgrades without redeploying the instance.
Accelerated Networking is a non-negotiable requirement for production FortiGate deployments. It utilizes Single Root I/O Virtualization (SR-IOV) to bypass the Azure virtual switch, connecting the VM directly to the physical network interface card (NIC). Ideal if you need higher throughput for a
Dsv5 for balanced, Fsv2 for compute-intensive, Esv5 for memory-intensive.
Memory-optimized instances designed for data-heavy workloads.
Without Accelerated Networking, the host CPU spends cycles copying packets from the physical NIC to the virtual NIC, creating a massive performance bottleneck and skyrocketing latency. 3. Azure VM Size Matching Matrix