PFS is a secure communication protocol that prevents the compromise of one encrypted
session from leading to the compromise of multiple encrypted sessions. With PFS, a
server generates unique private keys for each secure session it establishes with a
client. If a server private key is compromised, only the single session established with
that key is vulnerable—an attacker cannot retrieve data from past and future sessions
because the server establishes each connection with a uniquely generated key. The
firewall decrypts SSL sessions established with PFS key exchange algorithms, and
preserves PFS protection for past and future sessions.