We are using one of the latest development builds as we couldn't get it working with the latest stable release.
443 is the only port forwarded to the reverse proxy 4172 is forwarded straight to the security gateway
or config is:
global
maxconn 4096
pidfile /var/run/haproxy.pid
daemon
defaults
log 127.0.0.1:514 local0 debug
log 127.0.0.1:514 local1
mode tcp
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
stats enable
stats auth admin:admin
frontend test :443
mode tcp
log global
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend VIEW_BE if { req_ssl_sni -i view.PublicDomainName }
use_backend HORIZON_BE if { req_ssl_sni -i horizon.PublicDomainName }
default_backend VIEW_BE
backend VIEW_BE
log global
server view (view Security GatewayIP):443
backend HORIZON_BE
log global
server horizon (horizon gateway IP):443
Hope this helps