Hi @prasantc ,
I'm assuming your web app is public facing. This should be possible, route table rules should that send inbound management and application traffic back from where it came are defined. Any traffic leaving your ASE can be sent through a firewall with a route table rule. I put some reference links below.
https://learn.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway
https://learn.microsoft.com/en-us/azure/app-service/environment/firewall-integration
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz