DATA SHEET
FortiGate®-VM
on Microsoft Azure
The FortiGate-VM on Microsoft Azure delivers next generation firewall (NGFW) capabilities for
organizations of all sizes, with the flexibility to be deployed as NGFW and/or VPN gateway. It
protects against cyber threats with high performance, security efficacy, and deep visibility.
Security
n Identifies thousands of applications inside network traffic
for deep inspection and granular policy enforcement
n Protects against malware, exploits, and malicious
websites in both encrypted and non-encrypted traffic
n Prevent and detect against known and unknown attacks
using continuous threat intelligence from AI-powered
FortiGuard Labs security services
Performance
n Delivers industry’s best threat protection performance
and ultra-low latency using purpose-built security
processor (SPU) technology
n Provides industry-leading performance and protection for
SSL encrypted traffic
Certification
n Independently tested and validated for best-in-class
security effectiveness and performance
n Received unparalleled third-party certifications from NSS
Labs
FortiManager FortiAnalyzer
Fortinet’s comprehensive security virtual appliance lineup supports Microsoft Azure
Next Generation Firewall
VPN Gateway
Networking
n Delivers advanced networking capabilities that
seamlessly integrate with advanced layer 7 security and
virtual domains (VDOMs) to offer extensive deployment
flexibility, multitenancy, and effective utilization of
resources (only BYOL supports VDOM)
n Delivers high-density, flexible combination of various
high-speed interfaces to enable best TCO for customers
for data center and WAN deployments
Management
n Includes a management console that is effective and
simple to use, and provides comprehensive network
automation and visibility
n Provides Zero Touch integration with Fortinet’s Security
Fabric’s single pane of glass management
n Predefined compliance checklist analyzes the deployment
and highlights best practices to improve overall security
posture
n APIs for automation and orchestration with cloud and
SDN extensions
Security Fabric
n Enables Fortinet and Fabric-ready partners’ products
to provide broader visibility, integrated end-to-end
detection, threat intelligence sharing, and automated
remediation
FortiWeb FortiMail
1
DATA SHEET | FortiGate®-VM on Microsoft Azure

DEPLOYMENT

N
 ext Generation
Firewall (NGFW)
§ Reduce complexity by combining
threat protection security capabilities
into single high-performance
network security appliances
§ Identify and stop threats with
powerful intrusion prevention beyond
port and protocol that examines the
actual applications in your network
traffic
VPN Gateway
§ Delivers the industry’s highest § VPN gateways for FortiGate inter-
SSL inspection performance using vNET VPN
industry-mandated ciphers while § Hybrid cloud site-to-site IPsec VPN
maximizing ROI
§ Remote access VPN
§ Proactively blocks newly discovered
sophisticated attacks in real time
with advanced threat protection

Gain comprehensive visibility and apply consistent control

Azure Integration
§ FortiOS embeds the latest autoscaling functionality, providing automation based on resource demand from your cloud
workloads.
§ Designed to ensure easy, consistent deployment for the most efficient systems and applications uptime with minimal
disruption using Azure load balancing and two FortiGate-VMs.
§ FortiOS works with Azure Traffic Manager to provide local access for customers for low latency while providing
redundancy.

2
 DATA SHEET | FortiGate®-VM on Microsoft Azure

FORTINET SECURITY FABRIC

Security Fabric
The industry’s highest-performing cybersecurity platform,
powered by FortiOS, with a rich ecosystem designed to Fabric Mgmt.
Center
Fabric Security
Operations
span the extended digital attack surface, delivering fully
automated, self-healing network security. NOC SOC

§ Broad: Coordinated detection and enforcement across the

entire digital attack surface and lifecycle with converged
networking and security across edges, clouds, endpoints, Adaptive Cloud
Security

and users
§ Integrated: Integrated and unified security, operation, Zero Trust
Access

and performance across different technologies, location,

FORTI OS
deployment options, and the richest ecosystem
§ Automated: Context-aware, self-healing network and
security posture leveraging cloud-scale and advanced AI
to automatically deliver near-real-time, user-to-application
coordinated protection across the Fabric
Security-Driven Open
Networking Ecosystem

The Fabric empowers organizations of any size to secure and FortiGuard

Threat Intelligence

simplify their hybrid infrastructure on the journey to digital

innovation.

FortiOS™
Operating System
FortiOS, Fortinet’s leading operating system, enables the The release of FortiOS 7 dramatically expands the Fortinet
convergence of high performing networking and security Security Fabric’s ability to deliver consistent security across
across the Fortinet Security Fabric, delivering consistent and hybrid deployment models consisting on appliances, software
context-aware security posture across network endpoints and and as-a-service with SASE, ZTNA, and other emerging
clouds. The organically built best of breed capabilities and cybersecurity solutions.
unified approach allows organizations to run their businesses
without compromising performance or protection, supports
seamless scalability, and simplifies innovation consumption.

SERVICES

FortiGuard™
Security Services
FortiGuard Labs offers real-time intelligence on the threat
landscape, delivering comprehensive security updates across
the full range of Fortinet’s solutions. Comprised of security
threat researchers, engineers, and forensic specialists, the
team collaborates with the world’s leading threat monitoring
organizations and other network and security vendors, as well
as law enforcement agencies.
FortiCare™
Services
Fortinet is dedicated to helping our customers succeed, and
every year FortiCare services help thousands of organizations
get the most from their Fortinet Security Fabric solution. We
have more than 1,000 experts to help accelerate technology
implementation, provide reliable assistance through advanced
support, and offer proactive care to maximize security and
performance of Fortinet deployments.

3
DATA SHEET | FortiGate®-VM on Microsoft Azure

LICENSING
With a multitude of deployment methods supported across various private and public cloud deployments, FortiGate-VM for
Microsoft Azure supports both on-demand (PAYG) and bring your own license (BYOL) licensing models.

On-demand licensing is a highly flexible option for both initial deployments and growing them as needed. With a wide selection
of supported instance types, there is a solution for every use case. This license offers FortiOS with a UTP bundle.

BYOL is ideal for migration use cases, where an existing private cloud deployment is migrated to a public cloud deployment.
When using an existing license, the only additional cost is the price for the Microsoft Azure instances.

You can deploy FortiGate-VM in regional Azure such as Azure Government, Germany, and China.

FortiGate-VM also supports Azure Stack (BYOL only).

SPECIFICATIONS
VM-01/01V/01S VM-02/02V/02S VM-04/04V/04S
System Requirement

vCPU (Minimum/Maximum) 1/1 1/2 1/4

Technical Specifications

Network Interface Support (Minimum/ 1/24 1/24 1/24

Maximum)1
VDOMs (Default/Maximum)2 10/10 10/25 10/50

Firewall Policies 10,000 10,000 200,000

System Performance Accelerated Networking Accelerated Networking Accelerated Networking Accelerated Networking
OFF ON OFF ON
Instance Shape to be Measured DS2_v2 (2vCPU) D4s_v3 (4vCPU)
Azure Expected Bandwidth3 1,500 Mbps 2,000 Mbps
Firewall Throughput (UDP Packets) in 1,100 1,600 1,380 2,000
Mbps
New Sessions/Second (TCP) 5,800 4,200 5,900 4,500
IPS Throughput in Mbps4 640 1,480 930 1,950
IPS HTTP 1M in Mbps4 680 1,490 1,010 1,980
SSL Inspection Throughput in Mbps5 520 1040 700 1,670
Application Control Throughput in Mbps6 690 1,480 1,000 1,975
NGFW Throughput7 600 670 630 810
Threat Protection Throughput8 590 660 630 800
IPsec VPN Throughout (SHA2-256) with 950 1,600 1,250 1,800
UDP 1518 bytes

Note: All performance values are “up to” and vary depending on system configuration.
PAYG supports only up to 32 vCPU instances.
Actual performance may vary depending on the network and system configuration. Note
that these metrics are updated periodically as the product performance keeps improving
through internal testing. Different versions of the document may note the discrepancy in the
performance numbers so ensure that you refer to the latest datasheets.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.0.1.
1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies
depending on Microsoft Azure instance types/sizes and may be less.
2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default.
You can add it by applying separate VDOM addition perpetual licenses. See ORDER
INFORMATION for VDOM SKUs.
3. The latest information about Microsoft Azure bandwidth is found on https://docs.microsoft.
com/en-us/azure/virtual-machines/windows/sizes-general.
4. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
5. Using TLS ECDHE RSA WITH AES 256 GCM SHA384 (2K).
6. Application Control performance is measured with 64 Kbyte HTTP traffic.
7. NGFW performance is measured with IPS and Application Control enabled, based on
Enterprise Traffic Mix.
8. Threat Protection performance is measured with IPS and Application Control and Malware
protection enabled, based on Enterprise Traffic Mix.

4
 DATA SHEET | FortiGate®-VM on Microsoft Azure

SPECIFICATIONS
VM-08/08V/08S VM-16/16V/16S VM-32/32V/32S VM-UL/ULV/ULS
System Requirement

vCPU (Minimum/Maximum) 1/8 1/16 1/32 1/Unlimited

Technical Specifications

Network Interface Support 1/24 1/24 1/24 1/24

(Minimum/Maximum) 1
VDOMs (Default/Maximum) 2 10/500 10/500 10/500 10/500

Firewall Policies 200,000 200,000 200,000 200,000

System Performance Accelerated Accelerated Accelerated Accelerated Accelerated Accelerated
Networking OFF Networking ON Networking OFF Networking ON Networking OFF Networking ON
Instance Shape to be Measured D8s_v3 (8vCPU) D16s_v3 (16vCPU) D32s_v3 (32vCPU)
Azure Expected Bandwidth 3 4,000 Mbps 8,000 Mbps 16,000 Mbps
Firewall Throughput (UDP Packets) 1,550 4,000 1,870 7,800 1,900 20,000
in Mbps
New Sessions/Second (TCP) 8,000 6,500 13,500 11,100 16,000 16,000
IPS Throughput in Mbps 4 1,100 3,900 1,150 7,560 1,160 16,280
IPS HTTP 1M in Mbps 4 1,160 3,910 1,200 7,620 1,260 16,290
SSL Inspection Throughput in 780 2,160 830 3,500 850 9,200
Mbps 5
Application Control Throughput 1,150 3,900 1,200 7,550 1,240 16,290
in Mbps 6
NGFW Throughput 7 800 1,770 1,100 2,550 1,150 4,600
Threat Protection Throughput 8 790 1,770 1,100 2,550 1,150 4,500
IPsec VPN Throughout (SHA2- 1,400 4,000 1,600 6,500 1,700 8,000
256) with UDP 1518 bytes

Note: All performance values are “up to” and vary depending on system configuration.
PAYG supports only up to 32 vCPU instances.
Actual performance may vary depending on the network and system configuration. Please note
that these metrics are updated periodically as the product performance keeps improving
through internal testing. The discrepancy in the performance numbers may be noted in
different versions of the document so please make sure to refer to the latest datasheets.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.0.1.
1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies
depending on Microsoft Azure instance types/sizes and may be less.
2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default.
You can add it by applying separate VDOM addition perpetual licenses. See ORDER
INFORMATION for VDOM SKUs.
3. The latest information about Microsoft Azure bandwidth is found on https://docs.microsoft.
com/en-us/azure/virtual-machines/windows/sizes-general.
4. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
5. Using TLS ECDHE RSA WITH AES 256 GCM SHA384 (2K).
6. Application Control performance is measured with 64 Kbyte HTTP traffic.
7. NGFW performance is measured with IPS and Application Control enabled, based on
Enterprise Traffic Mix.
8. Threat Protection performance is measured with IPS and Application Control and Malware
protection enabled, based on Enterprise Traffic Mix.

For the sizing guide, please refer to the sizing document available on www.fortinet.com

5
DATA SHEET | FortiGate®-VM on Microsoft Azure

ORDERING INFORMATION
The following are SKUs that can be acquired for the BYOL scheme. For the PAYG/On-Demand subscription, various instance/
VM types are available on the Marketplace. BYOL is perpetual licensing, as opposed to PAYG/On-Demand, which is an hourly
subscription available with marketplace-listed products.

Product SKU Description

FortiGate-VM01 FG-VM01, FG-VM01V FortiGate-VM ‘virtual appliance’. 1x vCPU core. No VDOM by default for FG-VM01V model.

FortiGate-VM02 FG-VM02, FG-VM02V FortiGate-VM ‘virtual appliance’. 2x vCPU cores. No VDOM by default for FG-VM02V model.

FortiGate-VM04 FG-VM04, FG-VM04V FortiGate-VM ‘virtual appliance’. 4x vCPU cores. No VDOM by default for FG-VM04V model.

FortiGate-VM08 FG-VM08, FG-VM08V FortiGate-VM ‘virtual appliance’. 8x vCPU cores. No VDOM by default for FG-VM08V model.

FortiGate-VM16 FG-VM16, FG-VM16V FortiGate-VM ‘virtual appliance’. 16x vCPU cores. No VDOM by default for FG-VM016V model.

FortiGate-VM32 FG-VM32, FG-VM32V FortiGate-VM ‘virtual appliance’. 32x vCPU cores. No VDOM by default for FG-VM032V model.

FortiGate-VMUL FG-VMUL, FG-VMULV FortiGate-VM ‘virtual appliance’. Unlimited vCPU cores. No VDOM by default for FG-VMULV model.

Optional Accessories/Spares SKU Description

Virtual Domain License Add 5 FG-VDOM-5-UG Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 15 FG-VDOM-15-UG Upgrade license for adding 15 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 25 FG-VDOM-25-UG Upgrade license for adding 25 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 50 FG-VDOM-50-UG Upgrade license for adding 50 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 240 FG-VDOM-240-UG Upgrade license for adding 240 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

The number of configurable VDOMs can be stacked up to the maximum number of supported VDOMs per vCPU model. Refer to Virtual Domains (Maximum) under SPECIFICATIONS.

The following SKUs adopt the annual subscription licensing scheme:

Product SKU Description

FortiGate-VM01-S FC1-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (1 vCPU core)

FortiGate-VM02-S FC2-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (2 vCPU cores)

FortiGate-VM04-S FC3-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (4 vCPU cores)

FortiGate-VM08-S FC4-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (8 vCPU cores)

FortiGate-VM16-S FC5-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (16 vCPU cores)

FortiGate-VM32-S FC6-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (32 vCPU cores)

FortiGate-VMUL-S FC7-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (Unlimited vCPU cores)

FortiOS 6.2.3+ and 6.4.0+ support the FortiGate-VM S-series. The FortiGate-VM S-series does not have RAM restrictions on all vCPU levels.
FortiManager 6.2.3+ and 6.4.0+ support managing FortiGate-VM S-series devices.

6
DATA SHEET | FortiGate®-VM on Microsoft Azure

BUNDLES
Advanced Threat
Bundles Enterprise Protection Unified Threat Protection
Protection

FortiGuard FortiCare 24x7 24x7 24x7

FortiGuard App Control Service • • •
Bundle
FortiGuard IPS Service • • •
FortiGuard Labs delivers FortiGuard Advanced Malware Protection (AMP) — Antivirus, • • •
a number of security Mobile Malware, Botnet, CDR, Virus Outbreak Protection and
intelligence services to FortiSandbox Cloud Service
augment the FortiGate FortiGuard Web and Video1 Filtering Service • •
firewall platform. You
FortiGuard Antispam Service • •
can easily optimize the
protection capabilities of FortiGuard Security Rating Service •
your FortiGate with one of FortiGuard IoT Detection Service •
these FortiGuard Bundles.
FortiGuard Industrial Service •
FortiConverter Service •

1. Available when running FortiOS 7.0

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

FG-VM-AZU-DAT-R23-20211028