I am far from being an expert on such things... that being said. You might try just turning on some logging and then throw some traffic at it. That way you can see if it is even being executed.
when CLIENT_ACCEPTED {
log local0. "[IP::local_addr]:[TCP::local_port]: Client Accepted"
if { [IP::addr [IP::local_addr] equals "A.A.A.A"] } {
log local0. "[IP::local_addr]:[TCP::local_port]: Using the A.A.A.A SNAT"
use snat Z.Z.Z.Z
} elsif { [IP::addr [IP::local_addr] equals "B.B.B.B"] } {
log local0. "[IP::local_addr]:[TCP::local_port]: Using the B.B.B.B SNAT"
use snat Y.Y.Y.Y
} else {
log local0. "[IP::local_addr]:[TCP::local_port]: Using the Default X.X.X.X SNAT"
use snat X.X.X.X
}
Also, I do not believe it is possible to use the f5 to modify/change or even read traffic going over SSL when the f5 is not holding the SSL keys. So if your offloading all the SSL stuff to a different device I believe you are limited in what you can do with that traffic.