Abstract

New H3C Technologies commissioned Tolly to evaluate the performance, capacity, and feature set of the H3C SecPath F1000-AI series firewall family. The main focus of the project was to validate firewall throughput and latency, connection scale, DPI and VPN performance, and the platform’s security, threat-intelligence, virtualization, and management capabilities for small and medium enterprises, campus egress, and WAN branch deployments.  

The report covers multiple models in the F1000-AI family, including the F1000-AI-05/15, F1000-AI-25/35/55, F1000-AI-60/70, F1000-AI-65/75, and F1000-AI-80/90 series. Tolly’s main performance measurements were taken on the F1000-AI-90. In RFC2544 testing with Spirent TestCenter, the firewall delivered up to 25.00Gbps IPv4 UDP throughput and 25.00Gbps IPv6 UDP throughput at larger frame sizes, with iMIX throughput of 12.71Gbps for IPv4 and 10.75Gbps for IPv6. Average port-to-port latency between two 10GbE interfaces ranged from 23.1µs to 73.3µs depending on frame size, with 31.5µs reported for the iMIX profile.  

Tolly also measured connection scale and security-service performance using Keysight BreakingPoint and Spirent TestCenter. The F1000-AI-90 supported 300,000 new TCP connections per second and 10,000,000 concurrent TCP connections. With firewall, anti-virus, IPS, URL filtering, and application recognition enabled, it sustained 14.3Gbps Layer 7 HTTP throughput. VPN testing showed support for 10,000 concurrent SSL VPN users and up to 7.5Gbps IPsec throughput with 1400-byte frames, or 2.42Gbps under the tested iMIX profile.  

Beyond raw performance, the report emphasizes rich policy and security analytics. Tolly verified support for 50,000 IPv4 and 50,000 IPv6 security policies on the F1000-AI-90, plus country- and region-based policy definitions, policy redundancy analysis, hit analysis, and policy optimization. Additional validated features included flood-attack defense across multiple attack types, IP sweep defense, rate limiting for new connections, application audit, email/file/HTTP content filtering, updatable IP/domain/URL reputation databases, botnet analysis, MPLS and SRv6 traffic recognition, centralized management through H3C Security Management Platform, automatic evidence collection, packet trace, attack and source tracing analysis, and up to 512 virtual firewalls on one F1000-AI-90. Overall, the report presents the F1000-AI series as a high-capacity branch and campus firewall platform combining strong throughput with extensive inspection, threat analysis, and operational visibility.  

Firewalls tested:

• H3C F1000-AI-05 — Entry model in the SecPath F1000-AI firewall family for branch, campus edge, and SME deployments.  
• H3C F1000-AI-15 — Compact F1000-AI series firewall model for smaller edge and branch security deployments.  
• H3C F1000-AI-25 — Mid-range F1000-AI firewall model in the validated product family.  
• H3C F1000-AI-35 — F1000-AI series firewall model for SMB, campus egress, and branch use cases.  
• H3C F1000-AI-55 — Higher-capacity F1000-AI family firewall model included in the report.  
• H3C F1000-AI-60 — F1000-AI series firewall model positioned for larger branch or campus edge roles.  
• H3C F1000-AI-65 — Firewall model in the F1000-AI family for higher-scale branch and WAN edge security.  
• H3C F1000-AI-70 — F1000-AI series firewall model included in the evaluated family.  
• H3C F1000-AI-75 — Higher-tier F1000-AI firewall model for larger security deployments.  
• H3C F1000-AI-80 — Upper-range F1000-AI firewall model in the validated lineup.  
• H3C F1000-AI-90 — Highest-end model highlighted in the report and used for the main performance, DPI, VPN, and policy-scale testing.