A firewall configured to perform SSL Forward Proxy decryption
can be enabled as a decryption broker. Decryption broker uses dedicated
decryption forwarding interfaces to connect with a security chain,
a set of third-party security appliances. The firewall and the security
chain together function as private analysis network.
After decrypting and inspecting SSL traffic, the firewall sends
only allowed, clear text traffic on to the security chain for additional
analysis and enforcement. As the firewall capacity to decrypt SSL
traffic exceeds security device processing speeds, you can enable
it to distribute decrypted SSL sessions among multiple security
chains, in order to avoid oversubscribing any one chain. The first
device in the security chain receives the clear text traffic, enforces
it, and forwards allowed traffic to the next inline security chain
device. The last security chain device sends the remaining allowed
traffic back to the firewall. The firewall re-encrypts the traffic
and forwards it to its original destination.