Hi Paul,
There is no hard set rule of running a GTM with an LTM. It's usually best practice to separate so you have redundancy and the flexibility to move your services away from a address that is being attacked. Security is more an after thought with the separation (at least from my point of view).
From a security standpoint it's better to host an ASM and LTM to keep the attacker from exploiting an open port to a service that hasn't been patched or bringing a legacy architecture into secure architecture.
I hope this helps
Bhattman