Hi,
I did not fully understand your question but hope to be able to provide some input.
First of all it´s highly recommended, to use at least two F5 BIG-IP GTM controllers.
As they act as authoritative name servers for a zone, they need to be redundant and it´s best practice to place them into different IP networks.
So if you have two geographically separated sites it makes sense to have a GTM per site.
If your GTMs and LTMs are placed behind a firewall which is doing NAT, it will be necessary, to configure both the GTMs and the LTMs as "BIG-IP"-type servers including both the external NAT address (public & routeable IP) and the local self IP of each BIG-IP.
This will be the "external" self IP address of each BIG-IP, which will be used for the inter-device communication (based on the encrypted proprietary F5 iQuery protocol).
Be aware, that your firewall policies need to allow a full-mesh communication between all these self IPs for bi-directional TCP/4353 (iQuery) connections.
The NAT definition and proper data center assignment for all servers will be important, as a GTM will try to connect to the LTM in the "local" data center via the self IP address and not through the external NAT address. It´s important to follow this concept for all defined servers i.e. the "Generic Host"-type servers etc..
The external address (NAT) is important, as it will be returned as an A-record to the client/resolver, if the GTM receives a DNS query.
This leads to another interesting topic regarding LTM:
A virtual IP does not need to belong to a locally attached network. This means to can use a transfer network (unregistered IP addresses from RFC1918 range) to establish the connection between the external firewall/router and your BIG-IP LTM. You will just need host routes on the external L3 components pointing to the F5´s floating self IP as next hop to reach the virtual IPs.
In this case it would be important, that the GTM is using the LTM to validate virtual server states.
Thanks, Stephan
PS: I would recommend to discuss the several implementation options with your F5 systems engineer, F5 professional services or an experienced system integrator.