but for all other requests related to the login page the host header WILL have to be changed as you stated.
i am not sure how the login page works but yes, i agree that this will make all request passing through bigip which is not what CS wants.
i was thinking to use wildcard virtual server (in case user is behind bigip) and respond company logo file (i.e. using ifile) instead of third party logo file when seeing the request to the third party logo file. anyway, i thought it might confuse user if they get different logo when accessing the login page from home (via Internet).
just my 2 cents.