Configuring the SteelHead for START-TLS Support
There are two steps to configure the SteelHead to use START-TLS:
Configure SSL.
Configure an in-path rule.
To configure the SteelHead for use with START-TLS
Enable SSL on the SteelHead.
In the Management Console, choose Optimization > SSL: SSL Main Settings, and select Enable SSL Optimization, or use the CLI command protocol ssl enable.Figure 6‑3. SSL Main Settings Page
In the Management Console, choose Optimization > SSL: Advanced Settings and select Enable Client Certificate Support and Enable Midsession SSL, or use the CLI commands protocol ssl mid-session-ssl and protocol ssl client-cer-auth enable.Figure 6‑4. SSL Advanced Settings Page
Configure an in-path rule.
The in-path rule applies the SSL preoptimization policy to the Secure SMTP traffic.
In the Management Console, choose Optimization > Network Services: In-Path Rules.Select Add New In-Path Rule, enter the following parameters, and click Add.
Rule Setting | Value |
Type | Auto Discover |
Source Subnet | All-IPv4 |
Destination Subnet | IP address of the email server using SMTPS |
Port or Port Labels | SMTP port, typically 25 |
VLAN tag ID | all |
Preoptimization Policy | SSL |
Latency Reduction Policy | Normal |
Data Reduction Policy | Normal |
Auto Kickoff | Clear the check box |
Neural Framing | Always |
WAN Visibility | Correct Addressing, Port Transparency, or Full Transparency are all valid configuration options. |
Position | Prior to any negating rules |
Description | A description of the rules |
Enable Rules | Select the check box |
Figure 6‑5. In-Path Rules Page
Or, you can use the CLI command in-path rule auto-discover rulenum 4 srcaddr all-ipv4 dstaddr 1.1.1.1/32 dstport 25 preoptimization ssl.