There could be some confusion at face-value when asking the question, "Will F5 single arm setup work without SNAT?"
The terms one-arm and single-arm are often synonymous with using SNAT since a one-armed design is the most-used architecture when addressing the desire to not change all server gateways to point to the F5, thus requiring SNAT. One-armed refers to a load-balancer hanging off one VLAN, which may or may not be the VLAN on which pool members reside. If pool members are not on that VLAN, then they cannot use the F5 as the default gateway (obviously) and require SNAT, but if pool members do reside on that VLAN they may be able to use the F5 as the default gateway.
When looking to implement a new architecture or change a current architecture, you should examine EVERY possible traffic flow that you can think of. Get a whiteboard, a network guy, an architect, and your PS consultant (or F5-specialist) and draw out the proposed architecture. As I don't know your environment, I'd suggest that you start by mapping out the following scenarios:
("F5's VLAN" simply refers to the "one" VLAN on which the F5, pool members, and other layer 3 device reside. "pool member" refers to a server using the F5 as its default gateway)
- Load balanced traffic from a client on a remote VLAN to a virtual server that then sends traffic un-SNATed to a pool member in the F5's VLAN and the return traffic
- Load balanced traffic from a client on the F5's VLAN to a virtual server that then sends traffic un-SNATed to a pool member in the F5's VLAN and the return traffic (this won't work without SNAT which @Ed Summers pointed out in a previous post)
- Traffic initiated by a pool member to an external VLAN, and the response to the pool member from the external device. this may not work depending on the layer 3 device at the edge of the local VLAN. Outbound traffic will traverse the F5 since it is the pool member's gateway, but response traffic will go directly from the layer 3 device to the pool member since the layer 3 device is on the F5's VLAN.
- Non-load-balanced traffic from a client on a remote VLAN that is destined for a pool member (for example, SNMP queries) and the response. This will not work since the F5 will RST the response traffic since it did not see the original inbound request and considers it an out-of-state flow, which is common behavior for secure devices. There are some ways around this if absolutely necessary.
Other traffic-flow considerations should include protocols, too (UDP, ICMP, ARP, DHCP, multicast, etc.)