You are correct in thought but incorrect on configuration. You are concerning yourself with NHLD. That is outbound traffic. This is inbound.
It would be something like:
Real server: slb server WEB01 192.168.10.101 port 80 tcp ! slb server WEB02 192.168.10.102 port 80 tcp ! slb server DNS01 192.168.10.103 port 53 tcp port 53 udp ! slb server DNS02 192.168.10.104 port 53 tcp port 53 udp ! slb server ISP01 1.1.1.1 port 0 tcp ! slb server ISP02 2.2.2.2 port 0 tcp
Service group: slb service-group WEB_SVR member WEB01 80 member WEB01 80 ! slb service-group DNS_TCP member DNS01 53 member DNS02 53 ! slb service-group DNS_UDP member DNS01 53 member DNS02 53 ! slb service-group ISP_1_&_2 member ISP01 0 member ISP02 0 !
Virtual Server: slb virtual-server SERVICES_VIP 10.10.10.100 port 80 service-group WEB_SRVR port 53 dns-tcp service-group DNS_TCP port 53 dns-udp service-group DNS_UDP ! slb virtual-server ISP 0.0.0.0 port 0 tcp service-group ISP_1_&2 port 0 udp service-group ISP_1&2 port 0 others service-group ISP_1&_2 !
I’m typing this off top of my head. Please consult documentation for explanations and examples. Also, check out the deployment guides on teh A10 website for: DDoS Protection for Web and DNS Servers