SteelHead™ Deployment Guide - Protocols : Secure SMTP Optimization : Configuring the SteelHead for START-TLS Support
  
Configuring the SteelHead for START-TLS Support
There are two steps to configure the SteelHead to use START-TLS:
Configure SSL.
Configure an in-path rule.
To configure the SteelHead for use with START-TLS
Enable SSL on the SteelHead.
  • In the Management Console, choose Optimization > SSL: SSL Main Settings, and select Enable SSL Optimization, or use the CLI command protocol ssl enable.
    • Figure 6‑3. SSL Main Settings Page
  • In the Management Console, choose Optimization > SSL: Advanced Settings and select Enable Client Certificate Support and Enable Midsession SSL, or use the CLI commands protocol ssl mid-session-ssl and protocol ssl client-cer-auth enable.
    • Figure 6‑4. SSL Advanced Settings Page
    Configure an in-path rule.
    The in-path rule applies the SSL preoptimization policy to the Secure SMTP traffic.
  • In the Management Console, choose Optimization > Network Services: In-Path Rules.
  • Select Add New In-Path Rule, enter the following parameters, and click Add.
    •  
    Rule Setting
    Value
    Type
    Auto Discover
    Source Subnet
    All-IPv4
    Destination Subnet
    IP address of the email server using SMTPS
    Port or Port Labels
    SMTP port, typically 25
    VLAN tag ID
    all
    Preoptimization Policy
    SSL
    Latency Reduction Policy
    Normal
    Data Reduction Policy
    Normal
    Auto Kickoff
    Clear the check box
    Neural Framing
    Always
    WAN Visibility
    Correct Addressing, Port Transparency, or Full Transparency are all valid configuration options.
    Position
    Prior to any negating rules
    Description
    A description of the rules
    Enable Rules
    Select the check box
     
    Figure 6‑5. In-Path Rules Page
  • Or, you can use the CLI command in-path rule auto-discover rulenum 4 srcaddr all-ipv4 dstaddr 1.1.1.1/32 dstport 25 preoptimization ssl.