It's definitely done this way by many F5 customers. It's a default deny appliance - that should make the network guy happy, and it's ICSA-certified - which should make the IA guy happy. You've got packet filtering built into LTM (which is a large part of the certification), and then you have the new Advanced Firewall Manager (AFM) which is a full proxy, extremely high throughput, stateful firewall that runs on top of the ADC. I would probably agree with Bhattman in that there are absolutely situations where you'd want to separate firewall and load balancer, but then in many cases that's not true anymore.