Picky Assist Official Blog

When running an Active-Passive FortiGate cluster using the FortiOS native FGCP (FortiGate Clustering Protocol) or Azure Load Balancers (ALBs), the secondary firewall sits idle or handles sync traffic.

Firewall performance degrades as inspection levels deepen. Sizing models must account for this performance curve:

BYOL licenses are hard-coded to a maximum number of vCPUs (e.g., FG-VM02 supports up to 2 vCPUs, FG-VM08 supports up to 8 vCPUs).

💡 If you anticipate high growth, size your Azure VM for your "future" needs but use a BYOL license that allows for easy CPU upgrades without redeploying the instance.

Azure imposes strict limits on the maximum number of Virtual Network Interfaces (vNICs) mapped to a VM size. A standard enterprise FortiGate architecture usually requires at least 3 to 4 vNICs (Management, Untrust/Untrusted, Trust/Trusted, and DMZ). Azure Accelerated Networking (SR-IOV)

To bridge the gap between your throughput needs and specific Azure VM instances, Fortinet provides an . This interactive tool can help you project performance and associated costs.

By leveraging these tools and resources, you can ensure that your FortiGate VM is properly sized and configured to meet the security needs of your Azure environment.

Standard_F4sv2 (4 vCPUs, 8 GB RAM) up to Standard_F16sv2 (16 vCPUs, 32 GB RAM). General Purpose: D-Series (Dv3, Dsv3, Dv4, Dsv4, Ddv5)

Deploying a Fortinet FortiGate Next-Generation Firewall (NGFW) virtual appliance in Microsoft Azure requires a careful balance of security efficacy, throughput requirements, and cloud infrastructure costs. Selecting an suboptimal virtual machine (VM) size can lead to severe network bottlenecks, high latency, or unnecessary cloud spend.

Fortinet publishes specific Virtual Machine appliance IDs that map to Azure instance types. The "Appliance ID" is a variable used in Azure User-Data/Custom Data scripts to optimize driver settings.

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.

Sizing a in Azure requires balancing Azure's virtual machine performance with Fortinet's licensing tiers. Because Azure throttles network throughput based on the instance size, choosing a VM with enough vCPUs and RAM is critical for security performance. 1. Minimum Requirements

If you assign an 8‑vCPU Azure VM but purchase only a VM04 license, the FortiGate will only use 4 vCPUs. Right-size both the Azure VM and the license.

The most flexible option. You are charged based on the Azure instance size, and the license scales automatically as you resize the VM. Bring Your Own License (BYOL):

FortiGate VM Sizing on Microsoft Azure: Strategic Overview Selecting the correct Azure virtual machine (VM) instance for a FortiGate-VM deployment requires balancing compute power (vCPUs), memory, and—crucially for networking—the maximum number of network interface cards (NICs) supported by the Azure instance. 1. Fundamental Sizing Metrics

The license scales dynamically with the size of the Azure VM instance you select. There are no software-enforced vCPU limits, allowing you to scale the VM size up or down via the Azure portal during maintenance windows. 6. Best Practices for Deployment and Scaling




Add comment

You may also like