Example Configuration File
active-partition shared
system ve-mac-scheme system-mac
!
active-partition ssli_in
!
access-list 190 remark ssli_in
!
access-list 190 permit ip any any vlan 850
!
class-list bypass-clientauth ac
user-tag ssli_in
!
class-list bypass_domains ac
user-tag ssli_in
contains bank
!
class-list inspect-domains ac
user-tag ssli_in
!
vlan 850
untagged ethernet 1
untagged ethernet 2
router-interface ve 850
name ssli_in_ingress_egress
user-tag ssli_in_ingress_egress
!
interface ethernet 1
name ssli_in_ingress
enable
!
interface ethernet 2
name ssli_in_egress
enable
!
interface ve 850
name ssli_in_ingress_egress
ip address 30.99.0.37 /16
ip allow-promiscuous-vip
!
ip route 0.0.0.0 /0 30.99.0.27
!
slb template cipher cl_cipher_template
user-tag ssli_in
SSL3_RSA_DES_192_CBC3_SHA
SSL3_RSA_DES_40_CBC_SHA
SSL3_RSA_DES_64_CBC_SHA
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
SSL3_RSA_RC4_40_MD5
TLS1_RSA_AES_128_SHA
TLS1_RSA_AES_256_SHA
TLS1_RSA_EXPORT1024_RC4_56_MD5
TLS1_RSA_EXPORT1024_RC4_56_SHA
TLS1_RSA_AES_128_SHA256
TLS1_RSA_AES_256_SHA256
TLS1_DHE_RSA_AES_128_GCM_SHA256
TLS1_DHE_RSA_AES_128_SHA
TLS1_DHE_RSA_AES_128_SHA256
TLS1_DHE_RSA_AES_256_GCM_SHA384
TLS1_DHE_RSA_AES_256_SHA
TLS1_DHE_RSA_AES_256_SHA256
!
slb server fw1 30.99.0.27
user-tag ssli_in
port 0 tcp
user-tag ssli_in_1_tcp_port
health-check-disable
port 0 udp
user-tag ssli_in_1_udp_port
health-check-disable
port 8443 tcp
user-tag ssli_signaling
health-check-disable
!
slb service-group SG_SSLi_TCP tcp
user-tag ssli_in
member fw1 0
exit
!
slb service-group SG_SSLi_UDP udp
user-tag ssli_in
member fw1 0
exit
!
slb service-group SG_SSLi_Xlated tcp
user-tag ssli_in
member fw1 8443
exit
!
slb template client-ssl cl_ssl
user-tag ssli_in
template cipher cl_cipher_template
forward-proxy-ssl-version 33
forward-proxy-ocsp-disable
forward-proxy-enable
forward-proxy-cert-cache timeout 3600
forward-proxy-cert-expiry hours 1
forward-proxy-cert-cache limit 524288
forward-proxy-ca-key a10networkstest
forward-proxy-ca-cert a10networkstest
forward-proxy-bypass class-list bypass_domains
forward-proxy-inspect class-list inspect-domains
forward-proxy-bypass client-auth class-list bypass-clientauth
forward-proxy-bypass web-category financial-services
forward-proxy-bypass web-category health-and-medicine
!
slb template http ClientIPInsert
user-tag ssli_in
!
slb virtual-server SSLi_in_ingress 0.0.0.0 acl 190
user-tag ssli_in
port 0 tcp
no-dest-nat
service-group SG_SSLi_TCP
port 0 udp
no-dest-nat
service-group SG_SSLi_UDP
port 0 others
no-dest-nat
service-group SG_SSLi_UDP
port 443 https
no-dest-nat port-translation
service-group SG_SSLi_Xlated
template http ClientIPInsert
template client-ssl cl_ssl
!
active-partition ssli_out
!
access-list 191 remark ssli_out
!
access-list 191 permit ip any any vlan 860
!
vlan 860
untagged ethernet 3
untagged ethernet 4
router-interface ve 860
name ssli_out_ingress_egress
user-tag ssli_out_ingress_egress
!
interface ethernet 3
name ssli_out_ingress
enable
!
interface ethernet 4
name ssli_out_egress
enable
!
interface ve 860
name ssli_out_ingress_egress
ip address 30.99.0.27 /16
ip allow-promiscuous-vip
!
ip route 0.0.0.0 /0 30.99.1.10
!
slb template cipher sr_cipher_template
user-tag ssli_out
SSL3_RSA_DES_192_CBC3_SHA
SSL3_RSA_DES_40_CBC_SHA
SSL3_RSA_DES_64_CBC_SHA
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
SSL3_RSA_RC4_40_MD5
TLS1_RSA_AES_128_SHA
TLS1_RSA_AES_256_SHA
TLS1_RSA_EXPORT1024_RC4_56_MD5
TLS1_RSA_EXPORT1024_RC4_56_SHA
TLS1_RSA_AES_128_SHA256
TLS1_RSA_AES_256_SHA256
TLS1_DHE_RSA_AES_128_GCM_SHA256
TLS1_DHE_RSA_AES_128_SHA
TLS1_DHE_RSA_AES_128_SHA256
TLS1_DHE_RSA_AES_256_GCM_SHA384
TLS1_DHE_RSA_AES_256_SHA
TLS1_DHE_RSA_AES_256_SHA256
!
slb template server-ssl sr_ssl
user-tag ssli_out
forward-proxy-enable
template cipher sr_cipher_template
!
slb server GW 30.99.1.10
user-tag ssli_out
port 0 tcp
user-tag ssli_out_1_tcp_port
health-check-disable
port 0 udp
user-tag ssli_out_1_udp_port
health-check-disable
port 443 tcp
health-check-disable
!
slb service-group GW_SSL_443 tcp
user-tag ssli_out
member GW 443
exit
!
slb service-group GW_TCP_0 tcp
user-tag ssli_out
member GW 0
exit
!
slb service-group GW_UDP_0 udp
user-tag ssli_out
member GW 0
exit
!
slb virtual-server SSLi_out_ingress 0.0.0.0 acl 191
user-tag ssli_out
port 0 tcp
no-dest-nat
service-group GW_TCP_0
use-rcv-hop-for-resp
port 0 udp
no-dest-nat
service-group GW_UDP_0
use-rcv-hop-for-resp
port 0 others
no-dest-nat
service-group GW_UDP_0
use-rcv-hop-for-resp
port 8443 http
no-dest-nat port-translation
template server-ssl sr_ssl
service-group GW_SSL_443
use-rcv-hop-for-resp
!
The NetSec Noob 