PFS is a secure communication protocol that prevents
the compromise of one encrypted session from leading to the compromise of
multiple encrypted sessions. With PFS, a server generates unique
private keys for each secure session it establishes with a client.
If a server private key is compromised, only the single session
established with that key is vulnerable—an attacker cannot retrieve
data from past and future sessions because the server establishes
each connected with a uniquely generated key. The firewall decrypts
SSL sessions established with PFS key exchange algorithms, and preserves
PFS protection for past and future sessions.