You should update to the latest hotfix to patch POODLE (TLS) ASAP. As for BEAST/RC4, they both can;t be mitigated server side unless you remove TLSv1.0 support, which generally isn't possible yet for most people as its still widely used. I would recommend something like 'DEFAULT:!SSLv3:!RC4' and run the latest hotfix. The need for !SSLv3 will be dependent on the version you are running. Since BEAST is considered to be mostly mitigated client side it is the lesser evil vs RC4. RC4 is considered to be "weak" and should be disabled when possible. What version of BigIP are you running?