When configuring multiple security chains, it is a
best practice
to
deploy enough security chains to provide excess capacity in the event
of a security chain failure. If you enable the firewall to perform
Security Chain Health Checks, and a security chain fails, the firewall
continues to distribute decrypted sessions among the healthy security
chains. If there are not enough healthy chains to cover the additional
load, that single security chain failure could result in cascading
failures as the remaining healthy security chains are oversubscribed.