Thank you for your input gfleming and abelio.
Would it be expensive? Will have to look into the multi-domain SSL.
I was thinking if we have a workaround where we will set different firewall policy based on the FQDN. It would be like:
-Create a VIP via FQDN (instead of IP-based VIP)
-Create firewall policy for every FQDN VIP (this way, we could separate SSL cert per profile)
Currently testing this idea but so far not yet successful. Appreciate your thoughts about it.