Not all Azure VM families work well for firewalls. The following are field-proven:
| Azure Series | Characteristics | Best For | |--------------|----------------|-----------| | Dv5 / Dsv5 (General purpose) | Balanced compute & memory, good for most inspection workloads | Mixed firewall + IPS + SSL inspection (500 Mbps – 2 Gbps) | | Ev5 / Esv5 (Memory optimized) | Higher memory-to-vCPU ratio | Large NAT tables, millions of sessions, VPN termination | | Fsv2 (Compute optimized) | High clock speed (3.4+ GHz) | Low-latency, high-packet-rate environments (e.g., gaming, trading) | | Dasv5 (AMD EPYC) | Cheaper per core, good sustained performance | Cost-sensitive production deployments | fortigate vm sizing azure
Avoid: Burstable B-series (unpredictable under load), older A-series (low network performance). Not all Azure VM families work well for firewalls
Let’s walk through three actual customer examples. Let’s walk through three actual customer examples
Unlike on-premises hardware with fixed ASIC chips, FortiGate VM (FGT-VM) relies entirely on vCPU and RAM allocated from Azure compute resources. Sizing directly impacts:
Under-sizing causes dropped packets and latency spikes. Over-sizing wastes cloud budget.
Not all Azure VM sizes are equal. FortiGate is CPU-intensive (especially for VPN and SSL inspection). Memory is less critical (minimum 4-8 GB required per Fortinet, but Azure often provides more).