Hi,
I doubt there is an easy solution for this.
When you start a browser console session it launches the console application in a new tab and fowards the following information through a URL like this:
https://vcenter.com:7343/console/?vmId=vm-18194&vmName =VMtest01&host=vcenter.com:443&sessionTicket =cst-VCT-512340c4-bbf1-e1a8-f1d6-912348000d712--22-02-11-2A-90-14-04-F9-82-CF-11-03-BC-6D-27-07-59-11-6E-A3-E2&thumbprint=02:2A:2A:90:14:11:F9:82:CF:12:03:BC:6D:27:07:33:B5:6E:33:E2
The console application tries to connect to host=vcenter.com:443.
The same URL rewritten by APM looks like this:
https://apm.portal.com/f5-w-68747470733a2f2f7663656e7465722e6361732e636f6d3a37333433$$/console/?vmId=vm-18194&vmName =VMtest01&host=vcenter.com:443&sessionTicket =cst-VCT-512340c4-bbf1-e1a8-f1d6-912348000d712--22-02-11-2A-90-14-04-F9-82-CF-11-03-BC-6D-27-07-59-11-6E-A3-E2&thumbprint=02:2A:2A:90:14:11:F9:82:CF:12:03:BC:6D:27:07:33:B5:6E:33:E2
As you can see the host part is still the same, which means the client will try to connect directly to vcenter.com and completely bypasses APM.
Even if there was a way to rewrite this host part to point to a portal access, I assume the thumbprint wouldn't match anymore.