જ્યાં જ્યાં વસે એક ગુજરાતી, ત્યાં ત્યાં સદાકાળ ગુજરાત
Deploying a FortiGate Next-Generation Firewall (NGFW) in Microsoft Azure is a best practice for securing hybrid and cloud-native workloads. However, unlike on-premises appliances where you buy fixed hardware, Azure offers a dizzying array of VM sizes. Choosing the wrong size leads to either poor performance (packet drops, high latency) or unnecessary cloud spend.
This article breaks down how to correctly size a FortiGate-VM in Azure based on throughput, features, and workload type.
Follow this process before clicking “Deploy”: fortigate vm sizing azure
Profile your traffic for 14 days (use Azure Monitor + NSG flow logs).
Apply derating factors:
Map to FortiGate model
Baseline throughput × Derated ÷ 0.6 (safety margin) = Required datasheet throughput
Look up that number in Fortinet’s Azure datasheet for the chosen instance family.
Select Azure instance type
Start with D4s_v3 (4 vCPU) for FG-VM02, then load-test. Do not upsize blindly – each step doubles cost. The Definitive Guide to FortiGate VM Sizing in
Enable Accelerated Networking – non-negotiable.
Deploy, then test with real traffic using FortiGate’s built-in diagnose sys top and Azure’s az network vnet list metrics. Part 8: Step-by-Step Sizing Workflow for Azure Follow
| Mistake | Consequence | |---------|--------------| | Using B-series VMs | Severe throttling during bursts → packet loss | | Forgetting accelerated networking | Throughput drops to <200 Mbps even on large VMs | | Matching on-prem VM size directly | Azure has higher virtualization overhead → need 2x vCPUs often | | Ignoring IPS session table size | Large tables need more RAM (E-series) | | Single NIC for LAN+WAN | Bypasses Azure routing best practices; use at least 2 NICs |
This is the most CPU-hungry feature. Multiply vCPUs x2.
