Ok, it still might be possible.
You have told the A10 that it is not allowed to route between VLAN’s.
You can adjust your ACL’s so that the traffic from the firewall towards 192.168.20.100 does not hit the VIP anymore… but… then you have traffic coming from VLAN 850 that needs to be routed towards VLAN 10… with the global setting this to disable VLAN routing this will not work.
If I am correct you can also enable/disable VLAN routing on a per interface basis.
So allow VLAN routing for the VLAN 850 interface… so that traffic from the firewall gets routed normally, and disable it for all the other VLAN’s.
The routing action is decided when the traffic is inbound from an interface.
Still you now need to make sure that your SSLi VIP does not need to match on the traffic between the VLAN 10 and 20 etc… make sure you adjust the ACL’s so that the action is deny for all those IP’s.
You might actually need a second wildcard VIP with an ACL that matches you internal clients going to other internal clients and use the service group to forward the traffic to the Firewall.
And then build the ACL for the SSLi part so that only from internal sources toward external destinations are matched and processed by SSLi.
I am quite sure this is possible… I would advise getting your local A10 Representatives involved and possibly A10 Professional services if you have issues implementing the above suggestions.