AFW is natively HA and zone redundant.
Can be used inside a vHub, or with VNET peering to a vHub, without any route table fuckery.

AZ Standard : $1,350.75 – Threat intelligence feeds directly from Microsoft Cyber Security. Threat intelligence-based filtering can alert and deny traffic from/to known malicious IP addresses and domains
Azure Firewall Premium : A$1,891.05 – Azure Firewall Premium provides advanced capabilities include signature-based IDPS to allow rapid detection of attacks by looking for specific patterns. These patterns can include byte sequences in network traffic, or known malicious instruction sequences used by malware.

Forti : $60.50 Standard_F2s_v2 Reversed Instance – If it’s a single VM, it doesn’t really matter that much. You could go for Fs_v2 or the Ds_v3/v4 series. Yes, enable accelerated networking
I have a VM-02 and decided to go with Standard DS2 v2 over the v4 recommended by support. I guess Azure bandwidth for the v4 & v3 is only 800 were the v2 is 1500.
VM01 and Accelerated networking: No, it doesn’t support it but that’s because it’s an Azure limitation. Accelerated networking is an Azure feature. https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli#supported-vm-instances Here you can see that you a VM size with at least two CPU cores. Use this link to check which sizes support it and which don’t. https://docs.microsoft.com/en-us/azure/virtual-machines/sizes This might be a reason to go for a VM02, because the price difference between VM01 – VM02 is very small but the performance difference is 2x-3x times due the accelerated networking.