How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Through testing, I found that if I simply use all-zero virtual services and use standard mode, I must use the client SLL profile to obtain the SIN domain name in the TLS handshake message sent by the client. However, I don’t know what the domain name certificate that the client needs to access is for the client Internet exit. It is not fixed, and these certificates may not exist on my device. If I use a self-signed domain name certificate, the intranet client will prompt "Do not trust the domain name site". Does anyone have a better solution for this? The F5 forward proxy needs to know what the domain name requested by the client is or provide irules events or commands! Thank you for every reader’s reply!

when CLIENTSSL_HANDSHAKE {
    binary scan [SSL::extensions -type 0] {@9A*} sni_name
    log local0. "$sni_name"
    pool ChinaRadioTelevisionPool

}
}

#This method currently lacks remote certificate issues, prompting unsafe trust. Is there any other way to obtain the domain name information sent by the client for diversion?
ltm virtual OverseasApplications {
    destination 0.0.0.0:https
    ip-protocol tcp
    mask any
    profiles {
        ForwardClientSSL {
            context clientside
        }
        ForwardServerSSL {
            context serverside
        }
        Forward_HTTP { }
        apm-forwarding-client-tcp { }
    }
    rules {
        OutboundIRules
    }
    source 0.0.0.0/0
    source-address-translation {
        pool ChinaRadioTelevisionSNATPOOL
        type snat
    }
    translate-address disabled
    translate-port disabled
    vlans {
        internal_vlan_13
    }
    vlans-enabled
    vs-index 3
}