Perfect Forward Secrecy (PFS) is an IPsec property that ensures that derived session keys are not compromised if one of the private keys is compromised in the future.
Using PFS means that even if a third party managed to intercept a symmetrical key, that party can only use the intercepted key for a short time. Additionally, because the newly created key is not based on the previously intercepted key, the third party must begin a new brute force calculation to guess the new key value. With PFS enabled in IPsec, the creation of a new key takes longer than if not using PFS. However, using PFS helps prevent data from being intercepted and decoded by a third party.