Block sessions if resources not available
—If you don’t
block sessions when firewall processing resources aren’t available, then
encrypted traffic that you want to decrypt enters the network still
encrypted, risking allowing potentially dangerous connections. However, blocking
sessions when firewall processing resources aren’t available may
affect the user experience by making sites that users normally can
reach temporarily unreachable. Whether to implement failure checks
depends on your company’s security compliance stance and the importance
to your business of the user experience, weighed against tighter
security. Alternatively, consider using firewall models with more
processing power so that you can decrypt more traffic.