Decryption Broker: Forwarding Interfaces
Focus
Focus

Decryption Broker: Forwarding Interfaces

Table of Contents
End-of-Life (EoL)

Decryption Broker: Forwarding Interfaces

A firewall enabled as a decryption broker uses a pair of dedicated Layer 3 interfaces to forward decrypted traffic to a security chain for inspection. The decryption forwarding interfaces must be assigned to a brand new virtual router (one that has no configured routes or other interfaces used to pass dataplane traffic); this ensures that the clear text sessions that the firewall forwards to a security chain for additional analysis are totally segmented from dataplane traffic.
In a decryption broker deployment with a Layer 3 Security Chain, a pair of two decryption forwarding interfaces can support up to 64 security chains.
A pair of decryption forwarding interfaces supports a single Transparent Bridge security chains; however, you can configure multiple decryption forwarding interface pairs to support multiple transparent bridge security chains.