Anyway to front a fat / thick client with client side SSL certificate check using a ltm/irule

I think the biggest problem you'll have is session state. The browser and non-browser clients represent two separate sessions (layer 4, SSL, and maybe even layer 7) so if you presented a certificate with one, that data wouldn't be accessible to the other. Your absolute best option, in my opinion, is to figure out how to get the fat client to send a client certificate. This isn't usually an unreasonable solution, depending on the platform.

 

 

That said, if the fat client can access and send (file-based) HTTP cookies, you could potentially set that cookie with the browser connection (after client certificate authentication) so that when the fat client makes its request and sends the cookie (also requiring a method for sharing the cookie store), then the F5 could grant access and maybe even have access to the certificate information. In any case you need a way for the browser and non-browser to share some piece of information, if only for a moment (cookie, URI, etc.).