Fortigate Vm - Sizing Azure

FortiGate VM Sizing in Azure: A Comprehensive Guide

Executive Summary: The "Useful" Review

Verdict: FortiGate-VM is the industry standard for Azure network security, but sizing is significantly more complex than on-premises hardware. Unlike a physical appliance where hardware is fixed, Azure requires you to balance Compute Power (vCPU/RAM) against Network Throughput limits imposed by Azure, not Fortinet.

The Golden Rule: In Azure, you are rarely limited by the FortiGate software capacity; you are almost always limited by the Azure Virtual Machine tier bandwidth caps. fortigate vm sizing azure

Azure Load Balancer Integration

For ingress traffic (from internet), place an Azure Standard Load Balancer in front of multiple FortiGate VMs. This allows: FortiGate VM Sizing in Azure: A Comprehensive Guide

8. Common Sizing Mistakes in Azure

| Mistake | Consequence | |---------|-------------| | Using B-series VM | CPU throttling → packet drops under load | | Too few vCPUs for SSL | Proxy WAD workers starved → high latency | | No local temp disk | WAD cache uses memory → OOM crashes | | Ignoring Azure bandwidth cap | FortiGate licensed for 4 Gbps but VM max = 2 Gbps | | Same VM for HA but different sizes | HA failover fails (license mismatch) | | Standard HDD for logs | Log I/O blocks firewall worker threads | Azure Load Balancer Integration For ingress traffic (from

Consider VM Series for High Availability (HA)

2. Sizing by Use Case

Option C: Autoscaling (PAYG only)