Agreed, I must have mis-read something about "making it more secure...". If you just enable SNAT you don't have to worry about gateways and more than one NIC, just click the SNAT checkbox and that should do it. You still have to change something to get source IP on the server (assuming QoS and QoE can't be changed to look for X-FWD-FOR as well) and looking at a different header is the easiest solution for that
As for the traffic not being load balanced. Another falacy here. If you have a single NIC and your default gateway is the LTM, traffic destined for other networks can simply be routed through the LTM, around the LTM using a static route on the server, or in the case of severs on the same subnet, the traffic wouldn't go through the LTM at all. The additional NIC would however, as you noted, give you more flexibility to have none of the traffic go through the LTM and not require static routes on the server, provided the other NIC was on the same subnet as the backup servers for instance in your scenario. Otherwise, you would have to use static routes on either the server(s) or the LTM to route throught the second interface combined with metrics to make sure it uses the NIC on the LTM internal subnet to return load balanced traffic.
So doing L3 routing through LTM (given the capacity of most LTM models) is not more costly than throwing an extra switch or L3 router in between the server and the backup devices. Again, this is traffic not destined for a virtual server on the LTM, just forwarded traffic. Since the LTM is not NATing that traffic and just forwarding it, it is not taxing the LTM that much. I'm assuming in all this the primary purpose of the server is running the load balanced application.
So, very long answer to your original question short ;-), a.) make LTM the gateway, static route to other network on LTM, and turn off SNAT, b.) use duel NIC with on the LTM subnet and default gateway LTM and second NIC on seperate subnet you need to get to, or one NIC and static route on server to other network, c.) don't change network configuration on server at all, use SNAT and follow the article: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html?sr=29839025 to get the information you need, assuming Lync QoS/QoE can operate using the X-FWD-FOR header as well.
/mh