@Joel: In regards to having a public IP range outside your LTM and a private range behind it, I assume this means that on the internet facing firewall you are not doing address translation (NAT) but that you are effectively using the LTM for translations instead? If so is there a particular advantage to this vs. having your internet facing firewall do NAT and have private addresses in your DMZ both in front and behind the LTM? The latter is how we are currently configured, but I'd be interested to hear the pros/cons of doing it as you described.
-Simon.