I'm using BIGIP LTM as a load balancer for two ADFS servers as part of a hybrid Exchange deployment. I need to enable HSTS on the load balancer virtual server. Enabling HSTS requires an SSL profile, however the load balancer is currently configured as "Type: Performance (Layer 4)" which uses SSL pass-through and does not support SSL profiles. Is it possible to change the server type, enable an SSL profle, and enable HSTS without breaking my ADFS deployment?
even though the iApp for ADFS is deprecated, you can still follow the archived deployment guide. The config parameters and values described in Appendix A: Manual Configuration tables are still applicable. Your use case is described in the chapter named Configuring the BIG-IP LTM for load balancing AD FS or AD FS proxy servers: SSL Bridging.
From my memory - pay attention to the server name in the serverssl profile. ADFS requires SNI.