A firewall acting as a decryption broker uses dedicated decryption forwarding interfaces to send decrypted traffic to a security chain—a set of inline, third-party security appliances—for additional analysis. Two types of security chain networks are supported with a decryption broker (Layer 3 security chains and Transparent Bridge security chains), and you can also choose for the firewall to direct traffic through the security chain unidirectionally or bidirectionally. A single firewall can distribute decrypted sessions among up to 64 security chains, and can monitor security chains to ensure that they are effectively processing traffic.

Review the following topics to learn more about decryption broker support and features.

• Decryption Broker: Forwarding Interfaces
• Decryption Broker: Layer 3 Security Chain
• Decryption Broker: Transparent Bridge Security Chain
• Decryption Broker: Security Chain Session Flow
• Decryption Broker: Multiple Security Chains
• Decryption Broker: Security Chain Health Checks