@Tony Li Yes, Application Gateway works on Layer-7. If you are looking for Layer-3 based Geo filtering, Azure Firewall currently does not support it. Therefore, you will have to opt for a 3rd Party firewall option from Azure Marketplace that can do this for you.
As an alternative, you can also implement Azure AD Conditional Access option to restrict access. Here are more details regarding the same. Hope this helps.
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.