Upgrading to 6.4.2 removed the virtual IPs from the web site policies.
Virtual IP configuration
The first part of the setup of the web sites are the virtual IPs for port 443 and 80. You put in the WAN IP that your external DNS records point to that goes to the NAT IP of the actual web site. You assign it the port that is assigned extermally to the internal port of your web site configuration. I created both IPv4 and IPv6 VIPs. One thing you notice is IPv4 shows WAN port assigned. IPv6 does not show WAN port.
The second part is configuring the policy for the firewall. You set the source ports for your WAN. My web servers are in the DMZ. Since the VIPs only use port 80 and 443, you can set source to all and services to all. I created separate VIPs for HTTP and SSL (HTTPS). You can disable NAT because you are using VIPs. To secure the web sites. I configured security for AV (Anti-Virus), WEB (Web Filter), IPS (IPS Sensor) and SSL (Uses the Godaddy SSL Certificate for deep inspection).