Network Packet Broker policy rules define the traffic to forward to an external chain of third-party security appliances (a security chain) based on applications, users, zones, devices, and IP addresses. Network Packet Broker can forward decrypted TLS, non-decrypted TLS, and non-TLS traffic to a security chain. You attach a Packet Broker profile to each Network Packet Broker policy rule. The policy rule defines the traffic to forward to the security chain and the profile defines how to forward that traffic, including the firewall forwarding interfaces, health monitoring, session distribution among multiple chains, and choosing whether the chain is routed (Layer 3) or Transparent Bridge (Layer 1).

The following tables describe policy rule settings and Policy Optimizer options for Network Packet Broker: