According to DE, the SSL blade will apply its local subnet mask to the incoming packet's source IP. In your case, you had a /24 subnet mask configured on the SSL's vlan, so addresses that end with .0 or .255 would be discarded since the blade treated them as network or broadcast addresses.
The workaround is to configure the lowest subnet mask on the SSL proxy vlan where traffic is received (like a /8).
Configure ssl-proxy vlan with lowest mask to receive traffic or configure ssl-proxy vlan where traffic received to lowest mask (ie,. /8 mask) or load next maintenance release image 2.1(2)