You beat me to the punch...
So you're saying that there are repeated POSTs to https://esf.mtn.co.za:20176/bpm/workspace/faces/jsf/worklist/worklist.jspx?_adf.ctrl-state=xod1w2im6_9?
Is the browser making these requests by itself or are you refreshing or retrying? I guess the next step is to look at the logic of the app. Does it work if you turn off SSL on the client side of the BIG-IP? Is there anything in the 200 response that the application logic wouldn't like (compare the responses between the encrypted and non-encrypted access)?
What type of persistence are you using? If cookie-based do you see the cookie being transmitted back to the server?