Hi,
If you want to send the traffic to PE via Firewall you need to add more specific routes, like /32. In your example, if you add below rule
addressPrefix=PrivateEndpointIP/32, nextHopType=VirtualAppliance and nextHopIpAddress=firewallPrivateIP
then the traffic to the service via Private Endpoint will be sent to Firewall.