Restricting traffic between Vlans.

F5 is a default deny deivce, so inter-VLAN routing is denied out-of-the-box unless you explicitly allow it (using something like an IP forwarding Virtual Server). 

To prevent clients in a VLAN from accessing Virtual Servers on the "Internet" side potentially leading to servers in the other VLAN, you can configure the VS to listen only on Internet VLAN. This is usually common practice. 

If the requirement is to have completely dedicated VRF's as well, you might want to take a look at F5 Routing domain feature https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/8.html