The service fabric nodes are just a round robin pool listening on port 8400. The Big-IP VS has a ssl profile with *.abc.com attached. Our clients are calling the end point https://test-api.abc.com in their code which the Big-IP VS ssl profile handles the ssl offload for https://test-api.abc.com. In the clients request they'll pass their own unique cert which then must be passed down to the SF cluster which our API is listening for. Our API has a library of unique clients certs that it will be listening for to validate the request. When we test with the Big-IP with Postman and inspect the traffic we can see the client cert is not being being passed. When we take the Big-IP out of the loop we can see it being passed.
https://test-api.abc.com > Bip-IP VS(443) > Big-IP Pool > SF Cluster:8400