Minimum System Requirements for the VM-Series on Azure

Azure Linux VMs of the following types:
Standard_D3_v2 (default)
Standard_D4_v2
Standard_D5_v2
Standard_D4_v3
Standard_D16_v3
Standard_DS3_v2
Standard_DS4_v2
Standard_DS5_v2
These types include support for Accelerated Networking (SR-IOV).
For memory, disk and CPU cores required to deploy the VM-Series firewall, see VM-Series System Requirements.
You can add additional disk space of 40GB to 8TB for logging purposes. The VM-Series firewall uses Azure managed disks where available; it does not utilize the temporary disk that Azure provides with some instance types.
Up to eight network interfaces (NICs). A primary interface is required for management access and up to seven interfaces for data traffic.
On Azure, because a virtual machine does not require a network interface in each subnet, you can set up the VM-Series firewall with three network interfaces (one for management traffic and two for dataplane traffic). To create zone-based policy rules on the firewall, in addition to the management interface, you need at least two dataplane interfaces so that you can assign one dataplane interface to the trust zone, and the other dataplane interface to the untrust zone. For an HA deployment, you will need another interface for the HA2 link between the HA peers.
Because the Azure VNet is a Layer 3 network, the VM-Series firewall on Azure supports Layer 3 interfaces only.