Minimum System Requirements for the VM-Series on Azure

You must deploy the VM-Series firewall in the Azure Resource Manager (ARM) mode only; the classic mode (Service Management based deployments) is not supported. The VM-Series firewall on Azure must meet the following requirements:
  • Azure Linux VMs of the following types:
    • Standard_D3_v2 (default)
    • Standard_D4_v2
    • Standard_D5_v2
    • Standard_D4_v3
    • Standard_D16_v3
    • Standard_DS3_v2
    • Standard_DS4_v2
    • Standard_DS5_v2
    These types include support for Accelerated Networking (SR-IOV).
  • For memory, disk and CPU cores required to deploy the VM-Series firewall, see VM-Series System Requirements.
    You can add additional disk space of 40GB to 8TB for logging purposes. The VM-Series firewall uses Azure managed disks where available; it does not utilize the temporary disk that Azure provides with some instance types.
  • Up to eight network interfaces (NICs). A primary interface is required for management access and up to seven interfaces for data traffic.
    On Azure, because a virtual machine does not require a network interface in each subnet, you can set up the VM-Series firewall with three network interfaces (one for management traffic and two for dataplane traffic). To create zone-based policy rules on the firewall, in addition to the management interface, you need at least two dataplane interfaces so that you can assign one dataplane interface to the
    trust
    zone, and the other dataplane interface to the
    untrust
    zone. For an HA deployment, you will need another interface for the HA2 link between the HA peers.
    Because the Azure VNet is a Layer 3 network, the VM-Series firewall on Azure supports Layer 3 interfaces only.

Related Documentation