My organization has decided to utilize private endpoint on all of our PaaS services when possible, with the end goal of filtering traffic through our NGFWs. We currently have a ELB and ILB sandwich configured which is currently servicing our internal communication requirements, but are looking to expose our private linked Azure functions apps to the internet to service some public web clients. My understanding is that we would need a Azure Application Gateway in front of the NGFWs to service these requests and translate them to our internal function apps.
I need to service these HTTPS requests as well as support legacy protocols including FTP, SFTP, etc into the Azure vNets. I am looking to see if my assumptions are correct, and if it is possible to have a Azure Application Gateway and a External Load balancer both sit in front of the NGFWs and service requests for both of these use cases.
Thanks for any assistance!