We evaluated the E7500 using the same criteria we used in our November, 2007 UTM test. Because the main changes in the firewall were in its performance capabilities, we focused on performance testing.
We evaluated the E7500 using the same criteria we used in our November 2007 UTM test. Because the main changes in the firewall were in its performance capabilities, we focused on performance testing.
To test performance, we used Spirent's WebAvalanche 2700 and WebReflector 2700 test appliances to generate HTTP traffic across the E7500. We set up a profile using a typical Internet mix of traffic, ranging in size from 1KB objects to 1.5MB objects, and ran HTTP transactions through the firewalls. Because we were using only four ports on the firewall (two for clients and two for servers), the maximum speed we could measure would be 2Gbps. It is possible that some of our performance measurements above 1920Mbps range do not adequately measure the maximum performance of the E7500, because the performance could have been constrained by line speed rather than system capability.
Initially, we had difficulty getting consistent performance results from the E7500 in our lab. Over the course of two months, we replaced not only the E7500, but also the firmware, the infrastructure switches, and our Spirent WebAvalanche and WebReflector systems. We were finally able to get consistent results, but were not able to isolate the cause of the inconsistent results. All of our final tests were done using Version 220.127.116.11-e of the firewall firmware.
We also discovered that the performance of the E7500 can vary depending on what types of traffic were used in testing. Like a soft-ripened cheese, you see very different textures depending on what angle you slice at. For example, when we skewed the types of traffic that the E7500 was scanning to have a very different mix of HTML, ZIP, Microsoft Word, Windows executables, and several image types from our "normal" Internet distribution, we saw dramatic performance differences in both antivirus and intrusion prevention. In some cases, performance went up and in others it went down. While we found the E7500 to have best-in-class performance for a UTM firewall, these results suggest that testing using your own traffic mix is an important part of any performance-critical deployment.