F5 behind a router instead of a firewall, are there any risks??

I've done both. By default, F5's are default deny devices and if setup properly, do a very good job of being secure. Add to that some well-written router ACLs, and you can certainly be "secure." Of course, there's some piece of mind by having firewalls in front of you and as Hamish said, LTMs are made for performance and acceleration, not necessarily for denying tons of traffic.

 

 

I know of an extremely large site that decided they didn't want the latency firewalls induce and they've been fine with it.

 

 

You also have to consider what you're trying to protect against. If you've got an e-commerce app behind your LTM then the firewall is likely needed since people aren't simply going to be port scanning you. On the other hand, if you're simply hosting a static site, I wouldn't worry much.