FortiGate VM Azure
FortiGate VM Azure
FortiGate VM Azure
FortiGate® VM on
Microsoft Azure
Highlights
• Securely connect
to your application
Adaptive Multi-Cloud Security with AI-Powered
workloads without Advanced Threat Protection
performance
bottlenecks
The FortiGate-VM on Microsoft Azure delivers next-
• Move at cloud speed
without compromising generation firewall capabilities for organizations
security
• Seamlessly scale
of all sizes, with the flexibility to be deployed as
your cloud protection next-generation firewall or VPN gateway. It protects
without increasing
operational burden against cyber threats with high performance, security
• Secure your cloud
efficacy, and deep visibility.
transformation without
impacting business
FortiGate-VM delivers protection from a broad array of network security threats. It
outcomes, with
offers the same security and networking services included in the FortiOS operating
flexible consumption
system and is available for public cloud, private cloud, and Telco Cloud (VNFs).
models
With a consistent operational model across hybrid cloud, multi-cloud, and service
provider environments, it reduces the training burden on security teams.
1
FortiGate® VM on Microsoft Azure Data Sheet
FortiOS Everywhere
FortiOS, Fortinet’s Advanced Operating System
FortiOS enables the convergence of high performing networking and security across the
Fortinet Security Fabric. Because it can be deployed anywhere, it delivers consistent and
Available in context-aware security posture across network, endpoint, and multi-cloud environments.
FortiOS powers all FortiGate deployments whether a physical or virtual device, as a container,
or as a cloud service. This universal deployment model enables the consolidation of many
technologies and use cases into a simplified, single policy and management framework. Its
organically built best-of-breed capabilities, unified operating system, and ultra-scalability
Appliance
allows organizations to protect all edges, simplify operations, and run their business without
compromising performance or protection.
FortiOS dramatically expands the Fortinet Security Fabric’s ability to deliver advanced AI/
ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement,
and more, provides protection across hybrid deployment models for hardware, software, and
Virtual Software-as-a-Service with SASE.
FortiOS expands visibility and control, ensures the consistent deployment and enforcement of
security policies, and enables centralized management across large-scale networks with the
following key attributes:
Cloud
Container
Intuitive easy to use view into the network and Visibility with FOS Application Signatures
endpoint vulnerabilities
2
FortiGate® VM on Microsoft Azure Data Sheet
FortiGuard Services
Network and File Security
Services provide protection against network-based and file-based threats. This consists of
Intrusion Prevention (IPS) which uses AI/M models to perform deep packet/SSL inspection
to detect and stop malicious content, and apply virtual patching when a new vulnerability is
discovered. It also includes Anti-Malware for defense against known and unknown file-based
threats. Anti-malware services span both antivirus and file sandboxing to provide multi-
layered protection and are enhanced in real-time with threat intelligence from FortiGuard Labs.
Application Control enhances security compliance and offers real-time application visibility.
OT Security
The service provides OT detection, OT vulnerability correlation, virtual patching, OT signatures,
and industry-specific protocol decoders for overall robust defense of OT environments and
devices.
3
FortiGate® VM on Microsoft Azure Data Sheet
FortiGate virtual firewalls (FortiGate-VM), featuring advanced virtual security processing units
(vSPUs), overcome the throughput barrier to provide top performance in private and public
clouds. With FortiGate-VM, organizations can securely migrate any application and support a
variety of use cases, including highly available large-scale virtual private networks (VPNs) in
the cloud.”
FortiGate-VM removes the cost-performance barriers to adopting virtual NGFWs, with several
industry-leading features:
4
FortiGate® VM on Microsoft Azure Data Sheet
Deployment
Next Generation Firewall (NGFW)
• Reduce complexity by combining threat protection security capabilities into single high-
performance network security appliances
• Identify and stop threats with powerful intrusion prevention beyond port and protocol that
examines the actual applications in your network traffic
• Deliver the industry’s highest SSL inspection performance using industry-mandated ciphers
while maximizing ROI
• Proactively block newly discovered sophisticated attacks in real-time with advanced threat
protection
VPN Gateway
• VGW to FortiGate VPN between VPCs
Azure Integration
FortiOS embeds the latest autoscaling functionality, providing automation based on resource
demand from your cloud workloads.
Designed to ensure easy, consistent deployment for the most efficient systems and
applications uptime with minimal disruption using Azure load balancing and two FortiGate-VMs.
FortiOS works with Azure Traffic Manager to provide local access for customers for low latency
while providing redundancy.
5
FortiGate® VM on Microsoft Azure Data Sheet
Licensing
With a multitude of deployment methods supported across various private and public cloud
deployments, FortiGate-VM for Microsoft Azure supports both on-demand (PAYG) and bring
your own license (BYOL) licensing models.
On-demand licensing is a highly flexible option for both initial deployments and growing them
as needed. With a wide selection of supported instance types, there is a solution for every use
case. This license offers FortiOS with a UTP bundle.
BYOL is ideal for migration use cases, where an existing private cloud deployment is migrated
to a public cloud deployment. When using an existing license, the only additional cost is the
price for the Microsoft Azure instances.
You can deploy FortiGate-VM in regional Azure such as Azure Government, Germany, and
China.
Specifications
The FortiGate-VM supports multiple instance families that leverage Intel and AMD based x64
processors as well as the ARM64 instance families that leverages the Ampere® Altra® Arm-
based processor.
For a full list of supported instance families See Azure Administration Guide: Instance type
Support.
The following shows performance of x64 (Standard DSv2 and Dsv3) Instance families with
BYOL License.
6
FortiGate® VM on Microsoft Azure Data Sheet
Specifications
Firewall Throughput (UDP Packets) in 3600 720 6200 840 6800 1150 7500 1100
Mbps - 512 bytes
Firewall Throughput (UDP Packets) in 580 170 1000 170 1100 200 1150 240
Mbps - 64 bytes
For the sizing guide, please refer to the sizing document available on www.fortinet.com
Note: All performance values are “up to” and vary depending on system configuration. 2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. You can
PAYG supports only up to 32 vCPU instances. add it by applying separate VDOM addition perpetual licenses. See ORDER INFORMATION for
Actual performance may vary depending on the network and system configuration. Note VDOM SKUs.
that these metrics are updated periodically as the product performance keeps improving 3. The latest information about Microsoft Azure bandwidth is found on https://docs.microsoft.
through internal testing. Different versions of the document may note the discrepancy in the com/en-us/azure/virtual-machines/windows/sizes-general.
performance numbers so ensure that you refer to the latest datasheets. 4. IPS performance is measured using HTTP Throughput with IPS Profile enabled at 44k and 1M
Accelerated networking is required and turned on by default on all Dv5 and Dsv5 virtual machines. packet sizes.
For more info see Dv5 and Dsv5-series Specifications here. 5. Using TLS ECDHE RSA WITH AES 256 GCM SHA384 (2K).
6. Application Control performance is measured with 64 Kbyte HTTP traffic.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.4.0. 7. NGFW performance is measured with IPS and Application Control enabled, based on
1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies Enterprise Traffic Mix.
depending on Microsoft Azure instance types/sizes and may be less. Current test version is 8. Threat Protection performance is measured with IPS and Application Control and Malware
FortiOS 7.4.0. protection enabled, based on Enterprise Traffic Mix.
7
FortiGate® VM on Microsoft Azure Data Sheet
Specifications
VM-08/08V/08S VM-16/16V/16S VM-32/32V/32S VM-UL/
ULV/ULS
System
Requirement
vCPU (Minimum/ 1/8 1/16 1/32 1/
Maximum) Unlimited
Technical
Specifications
Network 1/24 1/24 1/24 1/24
Interface Support
(Minimum/
Maximum) 1
VDOMs (Default/ 10/500 10/500 10/500 10/500
Maximum) 2
Firewall Policies 200 000 200 000 200 000 200 000
System Accelerated Networking ON
Performance
Instance Shape to Standard_D8s_v5 (8vCPU) Standard_D16s_v5 (16vCPU) Standard_D32s_v5 (32vCPU)
be Measured
Azure Expected 12 500 Mbps 12 500 Mbps 16 000 Mbps
Bandwidth 3
Standard DPDK Standard DPDK Standard DPDK
standalone IPSEC standalone IPSEC standalone IPSEC standalone IPSEC standalone IPSEC standalone IPSEC
Firewall Throughput 12 500 3400 12 000 4400 14 000 5100 13 800 6300 17 500 6750 17 500 6800
(UDP Packets) in
Mbps - 1280 bytes
Firewall Throughput 11 900 2000 11 900 2200 14 000 3000 13 800 3300 17 500 3300 16 000 3550
(UDP Packets) in
Mbps - 512 bytes
Firewall Throughput 1950 500 2200 500 3000 600 3000 650 3400 620 3400 720
(UDP Packets) in
Mbps - 64 bytes
New Sessions / 17 200 - 17 500 - 17 000 - 17 000 - 19 000 - 19 000 -
Second (TCP)
HTTP Throughput 12 700 - 12 700 - 12 700 - 12 700 - 16 290 - 16 290 -
w/ Application
profile (64K size)
in Mbps
HTTP Throughput 12 700 - 12 700 - 12 700 - 12 700 - 16 290 - 16 290 -
w/ IPS profile (44K
size) in Mbps
HTTP Throughput 12 700 - 12 700 - 12 700 - 12 700 - 16 300 - 16 300 -
w/ IPS profile (1M
size) in Mbps
NGFW Throughput 2960 - 3500 - 5500 - 6800 - 7700 - 11 200 -
(Mbps)
Threat Protection 2950 - 3400 - 5400 - 6700 - 7400 - 11 000 -
Throughput (Mbps)
SSL Inspection 5510 - 12 000 - 10 700 - 12 730 - 15 000 - 16 370 -
throughput (Mbps)
For the sizing guide, please refer to the sizing document available on www.fortinet.com
Note: All performance values are “up to” and vary depending on system configuration. 2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. You can
PAYG supports only up to 32 vCPU instances. add it by applying separate VDOM addition perpetual licenses. See ORDER INFORMATION for
Actual performance may vary depending on the network and system configuration. Note VDOM SKUs.
that these metrics are updated periodically as the product performance keeps improving 3. The latest information about Microsoft Azure bandwidth is found on https://docs.microsoft.
through internal testing. Different versions of the document may note the discrepancy in the com/en-us/azure/virtual-machines/windows/sizes-general.
performance numbers so ensure that you refer to the latest datasheets. 4. IPS performance is measured using HTTP Throughput with IPS Profile enabled at 44k and 1M
Accelerated networking is required and turned on by default on all Dv5 and Dsv5 virtual machines. packet sizes.
For more info see Dv5 and Dsv5-series Specifications here. 5. Using TLS ECDHE RSA WITH AES 256 GCM SHA384 (2K).
6. Application Control performance is measured with 64 Kbyte HTTP traffic.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.4.0. 7. NGFW performance is measured with IPS and Application Control enabled, based on
1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies Enterprise Traffic Mix.
depending on Microsoft Azure instance types/sizes and may be less. Current test version is 8. Threat Protection performance is measured with IPS and Application Control and Malware
FortiOS 7.4.0. protection enabled, based on Enterprise Traffic Mix.
8
FortiGate® VM on Microsoft Azure Data Sheet
Ordering Information
The following are SKUs that can be acquired for the BYOL scheme. For the PAYG/On-Demand subscription, various instance/
VM types are available on the Marketplace. BYOL is perpetual licensing, as opposed to PAYG/On-Demand, which is an hourly
subscription available with marketplace-listed products.
FortiGate-VM01 FG-VM01, FG-VM01V FortiGate-VM ‘virtual appliance’. 1x vCPU core. No VDOM by default for FG-VM01V model.
FortiGate-VM02 FG-VM02, FG-VM02V FortiGate-VM ‘virtual appliance’. 2x vCPU cores. No VDOM by default for FG-VM02V model.
FortiGate-VM04 FG-VM04, FG-VM04V FortiGate-VM ‘virtual appliance’. 4x vCPU cores. No VDOM by default for FG-VM04V model.
FortiGate-VM08 FG-VM08, FG-VM08V FortiGate-VM ‘virtual appliance’. 8x vCPU cores. No VDOM by default for FG-VM08V model.
FortiGate-VM16 FG-VM16, FG-VM16V FortiGate-VM ‘virtual appliance’. 16x vCPU cores. No VDOM by default for FG-VM016V model.
FortiGate-VM32 FG-VM32, FG-VM32V FortiGate-VM ‘virtual appliance’. 32x vCPU cores. No VDOM by default for FG-VM032V model.
FortiGate-VMUL FG-VMUL, FG-VMULV FortiGate-VM ‘virtual appliance’. Unlimited vCPU cores. No VDOM by default for FG-VMULV model.
Virtual Domain License Add 5 FG-VDOM-5-UG Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
Virtual Domain License Add 15 FG-VDOM-15-UG Upgrade license for adding 15 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
Virtual Domain License Add 25 FG-VDOM-25-UG Upgrade license for adding 25 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
Virtual Domain License Add 50 FG-VDOM-50-UG Upgrade license for adding 50 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
Virtual Domain License Add 240 FG-VDOM-240-UG Upgrade license for adding 240 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
The number of configurable VDOMs can be stacked up to the maximum number of supported VDOMs per vCPU model. Refer to Virtual Domains (Maximum) under SPECIFICATIONS.
FortiGate-VM16-S FC5-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (16 vCPU cores).
FortiGate-VM32-S FC6-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (32 vCPU cores).
FortiGate-VMUL-S FC7-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (Unlimited vCPU cores).
FortiOS 6.2.3+ and 6.4.0+ support the FortiGate-VM S-series. The FortiGate-VM S-series does not have RAM restrictions on all vCPU levels.
FortiManager 6.2.3+ and 6.4.0+ support managing FortiGate-VM S-series devices.
9
FortiGate® VM on Microsoft Azure Data Sheet
Subscriptions
Bundles
FortiGuard Bundles
FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform.
You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.
FortiCare Services
Fortinet prioritizes customer success through FortiCare Services, optimizing the Fortinet Security Fabric solution.
Our comprehensive lifecycle services include Design, Deploy, Operate, Optimize, and Evolve. The FortiCare
Elite, one of the service variants, offers heightened SLAs and swift issue resolution with a dedicated support
team. This advanced support option includes an Extended End-of-Engineering-Support of 18 months, providing
flexibility. Access the intuitive FortiCare Elite Portal for a unified view of device and security health, streamlining
operational efficiency and maximizing Fortinet deployment performance.
10
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and
ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you
will not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including
those involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required
to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet
Whistleblower Policy.
www.fortinet.com
Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s Chief Legal Officer, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
FG-VM-AZU-DAT-R36-20240529