Nimbostratus
CirrostratusHey Jan,
It depends really. I can't see most enterprise security people agreeing to move the whole thing to the LAN but personally I'd have no problem with that assuming your confident your F5 is secure and whatever firewall you have at your Internet border is up to the job too.
Can I assume the DMZ and two tier firewall architecture isn't possible in your environment?
F5 device security wise, there's lots of things to think about, Port Lockdown, ICMP etc. rate limiting, disabling root access, ARP settings, audit logging, SSH/HTTPS mgmt idle timeouts, packet filters and a few others.