SSL Load balancing

You can certainly pass the SSL directly through the F5 to the application, but in the absence of any exposed layer 7 data, your persistence options are mostly limited to source address and SSL sessionID persistence. The former may be difficult to achieve in larger, potentially NATted environments, and the latter may be even more challenging with browser agents that continually renegotiate their SSL sessions.

The absolute best practice is going to be SSL offloading at the F5. You don't technically need to re-encrypt to the servers, but you definitely can. The certificate that you provide in the client SSL profile will be the certificate presented to the user in an SSL negotiation, so the default F5 certificate should work, but expect to get a certificate warning in the browser.