Hope you are doing well ,we are also having similar setup.
In Hub We have DMZ Zone(servers which are exposed to the Internet)
My question is what is the best practice whether to place Azure firewall and APP gateway inside DMZ subnet ?
and second question is to load balance request to DMZ servers we are planning to place Internal load balancer
do you have any best practice diagram to achieve this kind of scenario ?
pasting the hub part again for your reference.
Regards
Ganesh Thorave