The SSL offload feature transparently improves the performance of websites that conduct SSL transactions. By offloading CPU-intensive SSL encryption and decryption tasks from the local web server to the appliance, SSL offloading ensures secure delivery of web applications without the performance penalty incurred when the server processes the SSL data. Once the SSL traffic is decrypted, it can be processed by all standard services. The SSL protocol works seamlessly with various types of HTTP and TCP data and provides a secure channel for transactions using such data. To configure SSL, you must first enable it. Then, you configure HTTP or TCP services and an SSL Virtual Service on the LoadMaster, and bind the services to the Virtual Service. You must also add a certificate-key pair and bind it to the SSL Virtual Service. If you use Outlook Web Access servers, you must create an action to enable SSL support and a policy to apply the action. An SSL Virtual Service intercepts incoming encrypted traffic and decrypts it by using a negotiated algorithm. The SSL Virtual Service then forwards the decrypted data to the other entities on the appliance for appropriate processing. For further details on SSL offloading, refer to the SSL Accelerated Services Feature Description.

Intermediate certificates may be required. For further details, refer to the following page: Intermediate Certificates.

The following are the steps involved and the recommended settings to configure the ShareFile HTTPS Offloaded Virtual Service:

  1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

  2. Type a valid Virtual Address.
  3. Type 443 as the Port.
  4. Enter a recognizable Service Name, such as ShareFile HTTPS Offloaded.
  5. Click Add this Virtual Service.
  6. Configure the settings as recommended in the following table:
    WUI Section WUI Field Name WUI Field Value
    Port 443
    Protocol tcp
    Basic Properties Service Type HTTP-HTTP/2-HTTPS
    Standard Options Transparency Disabled
    Subnet Originating Requests Enabled
    Persistence Options None
    Scheduling Method least connection
    Idle Connection Timeout 660 (Default)
    SSL Properties SSL Acceleration Enabled
    Supported Protocols TLS1.1, TLS1.2, and TLS1.3 (Enabled)
    Cipher Set BestPractices
    TLS1.3 Ciphersets TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256
    Note: As of version 6 of ShareFile, TLS 1.3 is not in use.
  7. Add the Real Servers:
  8. Expand the Real Servers section.
  9. Click Add New.
    1. Enter the address of the relevant Real Server.
    2. Complete the other fields as required.
    3. Click Add this Real Server then click OK to the pop-up message.
    4. Repeat the steps above to add more Real Servers as needed, based on your environment.

Create a ShareFile HTTPS Offloaded Redirect Virtual Service

Clicking Add HTTP Redirector (in Advanced Properties) automatically creates a port 80 redirect Virtual Service. This is optional, but the purpose of this Virtual Service is to redirect any clients who have connected using HTTP to the HTTPS Virtual Service. We also recommend changing the Persistence Mode to None.