: This issue is fixed in FortiOS versions v7.4.8 and v7.6.3 and later. If you are on an affected version, upgrading FortiOS is the permanent fix. A temporary workaround is to restart the azd process or, as a last resort, reboot the FortiGate.
Often bundled with specific instance sizes in the Azure Marketplace. 2. Selecting the Right Azure VM Family
These are lower than Fortinet’s “lab maximums” because Azure’s accelerated networking and vCPU stealing reduce real-world performance.
If you license a FG-VM04 but deploy it on a Standard_F8sv2 (8 vCPUs) Azure instance, FortiOS will artificially cap its resource usage to 4 vCPUs, wasting paid Azure infrastructure. Pay-As-You-Go (PAYG / On-Demand)
Before diving into sizing, it's critical to choose a licensing model, as each impacts sizing strategy and feature availability. FortiGate-VM on Azure supports two main options: and Pay-As-You-Go (PAYG) . fortigate vm sizing azure
When sizing a FortiGate VM in Azure, consider the following factors:
Minimal CPU overhead. Traffic is processed via basic packet filtering.
For optimal stability and performance in Azure, maintain a minimum ratio of . Allocating insufficient RAM to a high-vCPU instance prevents the firewall from scaling its session tables proportionally to its processing power. 2. Key Sizing Metrics and Requirements
Note: Sizing metrics are estimates based on standard enterprise traffic mixes. Actual performance varies based on average packet size (IMIX), session duration, and specific security profiles enabled. 4. Architectural Sizing Considerations : This issue is fixed in FortiOS versions v7
FortiOS scales predictably with vCPU allocations. Each vCPU core handles dedicated worker threads for packet processing, encryption, and deep packet inspection (DPI).
The BYOL license model uses SKUs based strictly on the number of vCPUs: FG-VM01 , FG-VM02 , FG-VM04 , FG-VM08 , FG-VM16 , FG-VM32 , and FG-VMUL (for unlimited cores). Crucially, the licensed number of vCPUs does not restrict the size of the Azure VM you can choose. You can deploy a license on a larger VM, but only the licensed vCPUs will handle traffic; the rest remain unused. For instances with , you must use the FG-VMUL license.
Compute optimized virtual machine sizes. supports F-series and Fs-series instance types. Fortinet Document Library FortiGate VM on Microsoft Azure Data Sheet - Fortinet
Scenario C: High-Traffic Data Center Hub (Very High Intensity) Often bundled with specific instance sizes in the
Sizing FortiGate-VM on Microsoft Azure Sizing a in Microsoft Azure requires balancing technical resource requirements with licensing models to ensure peak performance for your network security workload. Core System Requirements
For more detailed performance metrics and to download the latest datasheet, you can explore the FortiGate VM on Microsoft Azure page.
| Instance Type | vCPU | Max NIC | Recommended BYOL License | | :--- | :--- | :--- | :--- | | Standard_DS1_v2 | 1 | 2 | FG-VM01 or FG-VM01v | | Standard_DS2_v2 | 2 | 2 | FG-VM02 or FG-VM02v | | Standard_D2s_v3 | 2 | 2 | FG-VM02 or FG-VM02v | | Standard_DS3_v2 | 4 | 4 | FG-VM04 or FG-VM04v | | Standard_D8s_v3 | 8 | 4 | FG-VM08 or FG-VM08v | | Standard_DS5_v2 | 16 | 8 | FG-VM16 or FG-VM16v |
FortiGate-VM on Azure has an important nuance: you . While you can change between sizes within the same architecture (e.g., from a Standard_F4 to a Standard_F8 ), switching to a different family (like ARM-based Standard_D2pls_v6 ) requires you to back up the configuration, redeploy the VM with the new architecture, and restore the configuration.