Decryption Broker: Security Chain Session Flow

You can choose for the firewall to direct decrypted inbound and outbound sessions through a security chain in the same direction (unidirectionally) or in opposite directions (bidirectionally). For example, if you have a stateless device like a packet recorder in a security chain, you could enable traffic to flow unidirectionally through the security chain so the inbound and outbound traffic traverse the device in the same direction. The packet recorder receives both inbound and outbound traffic on the same port and can then examine packet captures from both sides of the session in order to detect changes to packet header values. Alternatively, if the security chain includes devices like Data Loss Prevention (DLP) solutions that statefully inspect traffic, enable traffic to flow bidirectionally through the security chain instead.

Related Documentation