The second part is configuring the policy for the firewall. You set the source ports for your WAN. My web servers are in the DMZ. Since the VIPs only use port 80 and 443, you can set source to all and services to all. I created separate VIPs for HTTP and SSL (HTTPS). You can disable NAT because you are using VIPs. To secure the web sites. I configured security for AV (Anti-Virus), WEB (Web Filter), IPS (IPS Sensor) and SSL (Uses the Godaddy SSL Certificate for deep inspection).