To ensure stable performance, especially with high-demand features like or Proxy , a minimum of 4 GB RAM is strongly recommended . FortiGate Model vCPU Limit Recommended Azure Instance Key Performance (Firewall/NGFW) FG-VM01 Standard_F1 / D1 ~12 Gbps / 250 Mbps FG-VM02 Standard_F2 / D2s_v5 ~15 Gbps / 550 Mbps FG-VM04 Standard_F4 / D4s_v5 ~28 Gbps / 1.3 Gbps FG-VM08 Standard_F8 / D8s_v5 ~33 Gbps / 2.2 Gbps Recommended Azure Instance Families
in Azure is a smart move for hybrid and cloud-native security, but "guessing" your VM size can lead to either expensive over-provisioning or sluggish performance bottlenecks. To build a secure, efficient environment, you need to align your Azure VM SKU with your specific traffic needs and FortiOS licensing. 1. Match the VM Series to Your Workload fortigate vm sizing azure
| vCPUs | RAM (GB) | Est. Firewall (Gbps) | Est. IPSec (Gbps) | Est. SSL Inspection (Mbps) | |-------|----------|----------------------|--------------------|-----------------------------| | 2 | 4 | 0.5 – 0.8 | 0.2 – 0.3 | 50 – 100 | | 4 | 8 | 1.0 – 1.5 | 0.5 – 0.8 | 150 – 250 | | 8 | 16 | 2.0 – 3.0 | 1.0 – 1.5 | 400 – 600 | | 16 | 32 | 4.0 – 6.0 | 2.0 – 3.0 | 800 – 1200 | IPSec (Gbps) | Est
This is the most CPU-hungry feature. Multiply vCPUs x2. To ensure stable performance
1. Define required throughput (clean traffic) → ______ Gbps 2. Multiply by 1.5x (future growth) → ______ Gbps 3. Add inspection factor: - No inspection: x1.0 - Basic firewall + NAT: x1.2 - +IPS: x1.5 - +SSL inspection: x2.0 → Effective required Gbps = ______ 4. Match to Azure VM size from table in section 3 5. Check license SKU supports that throughput 6. Add 20% vCPU/RAM overhead if using: - SSL deep inspection - 50+ IPsec tunnels - Explicit web proxy 7. Final VM size = ______
| VM Size | Max Network Bandwidth (Gbps) | FortiGate Realistic Inspection Throughput | |---------|------------------------------|--------------------------------------------| | D2s v3 | ~1.5 Gbps | ~0.8 Gbps (with basic firewall) | | D4s v3 | ~3.0 Gbps | ~1.5-2 Gbps (with IPS) | | D8s v3 | ~6.0 Gbps | ~3 Gbps (with SSL inspection) | | D16s v3 | ~12.0 Gbps | ~5-6 Gbps (mixed traffic) |