Fortigate Vm Sizing Azure -
Memory-optimized instances designed for data-heavy workloads.
:
Throughput drops drastically as you enable deeper security features. Fortinet typically categorizes performance across three tiers:
If you are planning a deployment, follow this rough estimation guide: fortigate vm sizing azure
This guide covers the technical architecture, sizing metrics, Azure VM series selection, and best practices for sizing your FortiGate NGFW (Next-Generation Firewall) deployment in Azure. 1. Understanding FortiGate VM Architecture in Azure
Based on the guidelines above, you would need a:
: Deep packet inspection (DPI) and SSL/TLS inspection significantly increase CPU load. For example, one user's browsing and file downloading can consume up to 12% of a single CPU core when deep inspection is active. Memory-optimized instances designed for data-heavy workloads
Before picking a size, identify your "real-world" traffic needs. Marketing spec sheets often highlight "UDP Throughput," but enterprise environments rely on more demanding metrics.
Start with D4s_v3 (4 vCPU) for FG-VM02, then load-test. Do not upsize blindly – each step doubles cost.
To ensure stable performance, especially with high-demand features like or Proxy , a minimum of 4 GB RAM is strongly recommended . FortiGate Model vCPU Limit Recommended Azure Instance Key Performance (Firewall/NGFW) FG-VM01 Standard_F1 / D1 ~12 Gbps / 250 Mbps FG-VM02 Standard_F2 / D2s_v5 ~15 Gbps / 550 Mbps FG-VM04 Standard_F4 / D4s_v5 ~28 Gbps / 1.3 Gbps FG-VM08 Standard_F8 / D8s_v5 ~33 Gbps / 2.2 Gbps Recommended Azure Instance Families Before picking a size, identify your "real-world" traffic
. This feature offloads traffic processing to the hardware, but it only works on certain Azure sizes (typically those with 2 or more vCPUs). Alex’s Quick Sizing Guide
Minimal CPU overhead. Traffic is processed via basic packet filtering.
FortiOS assigns processing worker threads to available virtual CPUs. More vCPUs translate directly to higher parallel processing capabilities for heavy security tasks like Deep Packet Inspection (DPI) and Antivirus scanning.
Man-in-the-middle decryption and re-encryption. This is the most resource-intensive task. It can reduce raw firewall throughput by up to 80-90% on virtualized hardware. Accelerated Networking (SR-IOV)