Hello @Omkar Pasalkar ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if the combined setup of Application Gateway with WAF and Azure Firewall deployed in parallel, possesses the functionality to handle and manage outbound traffic destined for the internet.
As described in the below doc:
The Azure Firewall will cover outbound flows from both workload types.
All outbound flows from Azure VMs will be forwarded to the Azure Firewall by UDRs.
So, when Application Gateway with WAF and Azure Firewall are deployed in parallel, Azure WAF in Azure Application Gateway protects inbound traffic to the web workloads, and the Azure Firewall inspects inbound traffic for the other applications. And the outbound flows from both workload types are handled by the Azure Firewall.
Since, you've tagged AKS, I'm adding information regarding AKS egress traffic functionality using this setup below:
To limit egress traffic from an Azure Kubernetes Services cluster using this combined setup, please refer:
https://video2.skills-academy.com/en-us/azure/aks/limit-egress-traffic
Outbound requests start from agent nodes to the Azure Firewall internal IP using a user-defined route (UDR)
- Requests from AKS agent nodes follow a UDR that has been placed on the subnet the AKS cluster was deployed into.
- Azure Firewall egresses out of the virtual network from a public IP frontend.
- Access to the public internet or other Azure services flows to and from the firewall frontend IP address.
- Access to the AKS control plane can be protected by API server authorized IP ranges, including the firewall public frontend IP address.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.