So what will trip you up in this configuration is that the only IP the Balance sees is the WAN IP of the firewall. The default HTTPS persistence rule is set to ‘by source’ to keep all https traffic from the same LAN IP destined for the same internet service on the same WAN.
Instead - if you have to be in Layer 3 load balancing mode like this you want to use ‘by destination’
However it is still a considerable limitation - depending on the number of devices behind the firewall. And if you need to open ports for inbound services you have to open them on both the balance and the firewall.
Drop in mode doesn’t really help with load balancing in this scenario since you are still WAN side of the Firewall. It does make it easier to manage firewall rules and port forwarding though since you would continue to do that on the original firewall.
The best load balancing experience would likely be - as @Ricardas suggested, if you could change the topology to have the firewall as a transparent bridge or just get rid of it completely (depending on the customer requirement).