We have two F5 LTM/GTMs in the Azure cloud in an active/active configuration. They both are behind the Azure load balancer. The listener is the selfIP address associated with the inbound vlan. The VSs on the LTM are all private address space. The internet FW has a public IP address that we use for DNS for the public accessible LTM VSs. Basically a public NAT IP. What would be the appropriate GTM configuration to respond to DNS queries for internal services from the public? (We also have GTMs in the on-prem data centers in which they and the Azure GTM are in the same sync group.) Would I create a virtual server using the public IP address?
public --> FW --> Azure LB --> F501 GTM/F502 GTM
public --> FW --> Azure LB --> F501 LTM/F502 LTM --> application server