Taken from NSX documentation on Setting up Application profile here VMware NSX for vSphere 6.2 Documentation Center
Below are the supported HTTPS traffic pattern:
1. SSL Offloading - Client -> HTTPS -> LB (terminate SSL) -> HTTP -> server
2. SSL Proxy - Client -> HTTPS -> LB (terminate SSL) -> HTTPS -> server
3. SSL Passthrough - Client -> HTTPS-> LB (SSL passthrough) -> HTTPS -> server
4. Client -> HTTP-> LB -> HTTP -> servers
My understanding is that when we are using X-Forwarded-For, NSX Edge LB will insert client's IP address on the HTTP header
With SSL Passthrough, the NSX Edge LB does not terminate client's HTTPS session and will load balance based on TCP sessions.
Therefore NSX Edge LB cannot insert as it is only passing through a TCP session and not aware of the HTTP header - I believe this is the reason for the greyed out.
Below diagram may be useful, check out where the red arrows stop
