@alancurtis
If I understand you correctly, you want all traffic to be forwarded to Azure FW and then from there, all internet bound traffic needs to go to internet directly and traffic to on-premise(192.168.1.0/24) should only go to Azure VPN GW. Please correct me otherwise.
To do this, as you mentioned, you can forward all traffic to Azure Firewall subnet by adding a 0.0.0.0/0 route with next hop of Azure FW(please make sure route propagation from the VPN is disabled on this VMs route table). The Azure firewall subnet should have a separate route table with a route for internet directly and a route for on-premises network to the Azure VPN GW(this route table can have route propagation enabled form the S2S VPN which can dynamically update the BGP routes to the Az FW subnets route table).
Here is a document that explains how routing is done in virtual network for more details. Hope this helps.
If you have any questions/concerns, please let me know and I can assist you further. Thank you!