Instead of scaling vertically to massive, expensive VM sizes, consider a scale-out architecture. Use Azure Route Server (ARS) or Azure Load Balancers to distribute traffic across a pool of smaller, highly efficient FortiGate VMs.
This vWAN model requires a specific BYOL or FortiFlex license for each instance and also requires a fully licensed FortiManager.
High CPU overhead. Includes Antivirus, Sandboxing, and Web Filtering.
RSS distributes network receive processing across multiple vCPUs, preventing a single core from becoming a bottleneck during high-volume ingress events. Verify that RSS is active within FortiOS to guarantee that traffic flows are evenly balanced across all available vCPU worker threads. Disk Subsystem Sizing (IOPS) fortigate vm sizing azure
These are lower than Fortinet’s “lab maximums” because Azure’s accelerated networking and vCPU stealing reduce real-world performance.
Balanced workloads or when more RAM is needed for heavy logging/reporting. Standard_D2s_v5 , Standard_D4s_v5 3. Licensing vs. Azure Size
Ensure the chosen Azure VM series explicitly supports it. Instead of scaling vertically to massive, expensive VM
: This Azure feature is essential for high throughput. It offloads network processing to dedicated hardware (FPGA), significantly reducing latency and jitter. Ensure your chosen Azure size supports it.
Basic packet forwarding and Layer 4 Access Control Lists (ACLs). This requires minimal CPU.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. High CPU overhead
Instead of scaling vertically to a single massive 16-vCPU instance, deploy a baseline of two Standard_D4s_v5 instances and allow the pool to scale horizontally to 4 or 6 instances during peak hours. This optimizes Azure compute consumption and licensing costs. Summary Checklist for Sizing Success
Run get system performance status to verify if traffic is distributing evenly across all assigned vCPUs.