I can understand a filter would be useful to secure your network on a DMZ, however with F5's providing load balancing on your internal network I don't seem this as a major requirement especially when servers behind the F5 connect to databases, monitoring servers etc on other internal networks....administration overhead.
Currently have a problem - we need to build new Unix servers on a pool network behind the F5 the boot build server which sits on a seperate network not behind the F5 sends out a ping to see if anyone has the new address allocated, if the ICMP reply is received (in my case the F5 sends back ICMP reply) you cannot build the server, because the the specific boot server thinks the IP is already taken.