GTM & LTM Firewall rules setup question

Hello All, I have a question regarding GTM and LTM firewall rules setup. Here is the deal. Lets say there are 3 data center with 3 GTM's and 3 pairs of ltm's in each data center.

 

DC1 - GTMDC1, LTMDC1a(Active)+LTMDC1b(Stby) DC2 - GTMDC2, LTMDC2a(Active)+LTMDC2b(Stby) DC3 - GTMDC3, LTMDC3a(Active)+LTMDC3b(Stby)

 

All the 3 GTM's will be in same sync group, and fw rules between the GTM's and LTM's in each dc will have port 22, 443 and 4353 open to allow bigip_add and iquery. The fw rule between all the 3 GTM's in diff data centers ie

 

GTMDC1 <==> GTMDC2 <==> GTMDC3 22, 443, 4353

 

My question is should I also be opening up the fw rules from GTM's from one data-center to LTM's at other data centers?

 

==========================================

 

GTMDC1 <=fwrule 4353,22=> LTMDC2a(Active)+LTMDC2b(Stby)

 

GTMDC1 <=fwrule 4353,22=> LTMDC3a(Active)+LTMDC3b(Stby)

 

==========================================

 

==========================================

 

GTMDC2 <=fwrule 4353,22=> LTMDC1a(Active)+LTMDC1b(Stby)

 

GTMDC2 <=fwrule 4353,22=> LTMDC3a(Active)+LTMDC3b(Stby)

 

==========================================

 

==========================================

 

GTMDC3 <=fwrule 4353,22=> LTMDC1a(Active)+LTMDC1b(Stby)

 

GTMDC3 <=fwrule 4353,22=> LTMDC2a(Active)+LTMDC2b(Stby)

 

==========================================

 

I am not delegating the LTM's on GTM with in the data center to monitor the VIP's ie I will be disabling

 

iq-allow-path no, iq-allow-service-check no, iq-allow-snmp no

 

and let the GTM's handle the LTM VIP availability.

 

Thank you.