Block sessions if resources not available
—If you don’t
block sessions when firewall processing resources aren’t available,
then encrypted traffic that you want to decrypt enters the network
still encrypted, risking allowing potentially dangerous connections.
However, blocking sessions when firewall processing resources aren’t
available may affect the user experience by making sites that users
normally can reach temporarily unreachable. Whether to implement
failure checks depends on your company’s security compliance stance
and the importance to your business of the user experience, weighed
against tighter security. Alternatively, consider using firewall
models with more processing power so that you can decrypt more traffic.