Attack signatures, security policies and NAT vs Virtual Servers

Bringing this out to the main level of the thread since I can't format carriage returns when responding to an answer.

Just as an update, I've been trying some things in the F5 to see how this might look. Even though it's just one node (let's say it's private IP is 10.10.10.2). I created a node with that IP address. Then I created a pool and added that node as a member. Since all the traffic to it will be HTTPS, I added https and https_443 as active health monitors. All other default settings were left intact.

Then I created a VS. This is where it gets tricky for me. I have it set up right now as a Standard VS with a network address that covers our entire subnet of web content servers (for example, 10.10.10.0/26). Service port is 443 (https). For SSL Profile I used serverssl. All other settings stayed at default.

So at this point I'm just trying to figure out how best to do this. Does that setup look like I'm on the right track? And if I'm going to have other single web servers in that same /26 subnet that are totally different sites, should make my VS just point directly to the node (destination address 10.10.10.2 in the above example) and create a new VS for each other web server, or perhaps have this one network address VS cover them all and just create different pools for the different web servers?

Forgive me for all the questions. I do need to get more formal training, but the time frame for this won't allow that right away.