Sizing Azure - Fortigate Vm

: A minimum of 4 GB is recommended for proper operation, particularly when enabling intensive security features like Unified Threat Management (UTM) or proxy services.

While less common for standard firewalls, the provides massive memory allocations per vCPU.

Fortinet provides capabilities for Azure, allowing you to deploy FortiGate-VMs as part of a scale set. New instances are created or existing instances are removed based on predefined policies such as CPU utilization or network throughput exceeding a threshold (e.g., 70%). This approach is ideal for fluctuating traffic patterns.

Constraint: Azure typically requires VM sizes with at least 2 or 4 vCPUs to enable Accelerated Networking. NIC Limitations by VM Size fortigate vm sizing azure

FortiGate-VM licensing works differently on Azure compared to private hypervisors. In public clouds like Azure, . Any RAM size is allowed. For example, you could activate a FG-VM02 (2 vCPU) license on an Azure VM with 8 vCPUs and 64 GB of RAM. The FortiGate would actively use only 2 of those vCPUs to process traffic, leaving the remaining 6 vCPUs unused. However, you pay for the full 8 vCPU Azure VM, even though you're only licensed for 2.

Proper sizing of the FortiGate VM is essential to ensure that it can handle the required network traffic and security workloads. Undersizing the VM can lead to performance issues, packet loss, and decreased security effectiveness, while oversizing can result in unnecessary costs. Therefore, it's crucial to carefully evaluate your Azure environment and security requirements to determine the optimal FortiGate VM size.

These (e.g., Standard_D2s_v5 , Standard_D4s_v5 ) are balanced options. However, be aware that throughput can vary significantly; for example, some users prefer older v2 instances over newer ones because of specific Azure bandwidth allocations. : A minimum of 4 GB is recommended

Always choose an Azure VM size that supports .

Alex discovered a curious rule in the land of FortiGate: the Azure instance must work in harmony, but they aren't identical. : If Alex bought a license, it would only use , even if he placed it on a massive 32-vCPU Azure instance. RAM Freedom

Monitor the Azure Monitor metrics for your VM instance to verify if egress network traffic is hitting the hard bandwidth ceilings imposed by the Azure VM tier. New instances are created or existing instances are

Drastically reduces latency, jitter, and CPU utilization.

For environments with fluctuating traffic (e.g., business hours vs. night), you can use FortiGate Autoscale for Azure. This feature dynamically adds or removes FortiGate-VM instances in a VM Scale Set (VMSS) based on predefined thresholds like CPU or network utilization. When a spike occurs, a new VM is automatically added to handle the load.

This vWAN model requires a specific BYOL or FortiFlex license for each instance and also requires a fully licensed FortiManager.