Hi wixxyl,
If the Juniper Firewall is serving as the Gateway for the subnets then you will need to SNAT. By default, any subnet NOT owned by the BIG-IP will require you to SNAT. This is so that the traffic will return to the BIG-IP and be re-routed back to the originator.
Without SNAT you would be looking at a broken route.
You should be able to enable SNAT on the Virtual Server and not need it in an iRule.
You can Enable SNAT in an iRule but this is mostly used when a portion of your traffic is going to a different network (there are other scenario's, but I will stick to the topic. I am sure you will discover the other situations in the future).
Hope this helps.