Aantat If you can route to the BIG-IP device from the BIG-IQ you can add the remote device. Going over a VPN or public internet will most likely have too much latency for the BIG-IQ to manage the BIG-IP properly. The BIG-IQ can communicate out of any IP it has as long as you have the appropriate route and NAT if you are traversing the public internet. I don't know of any documentation that would go over those scenarios specifically because it's just the basics of routing so if you can route to it you can add it.
Indeed, my previous response was a bit lacking. In K36398804 it is said:
F5 recommends that you set up and manage the BIG-IQ HA configuration in a low network latency environment. While F5 does not provide a firm latency guideline, it is the general acceptable practice to keep latency between elements in a BIG-IQ HA configuration within 75ms. This includes links between BIG-IQ Centralized Management (CM), BIG-IQ Data Collection Devices (DCD), and BIG-IP devices.
While this latency is perfectly possible to achieve, even via internet, I do hope that's not what you're thinking about. I'm not even sure NAT is supported, and I've never tried any NAT configuration between BIG-IP and BIG-IQ.