Hello @Deepaklal-FT ,
Thank you sharing the requested details.
I understand that you have a site-to-site connection between 2 Azure Vnets and a VM from one of the Vnets is accessing an external URL https://abcd.xyz.com/asd/ which you would like to send through Azure Firewall and not directly.
You can use the same configuration as mentioned in the below doc with a few modifications:
https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy
You deploy the Azure Firewall in your Vnet where the VM access the URL https://abcd.xyz.com/asd/. Since Azure Firewall requires its own dedicated subnet called "AzureFirewallSubnet", it will be deployed in a separate subnet from the VM subnet as below:
Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
Now, you will have the Vnet where Azure Firewall and VM accessing the external URL are present and it is already connected to the other Vnet with a Site-to-Site VPN connection.
Then, you need to create a UDR (User Defined Route) within a Route table and attach the same to the VM subnet pointing to the next hop Azure firewall with a destination address prefix 0.0.0.0/0. Then add an application rule within the Azure Firewall to allow/deny the specified URL and any other specific network/application rules as per your requirement.
Since, your Azure Firewall will be in the same Vnet as your VM, the default Virtual network routing will take effect.
Meaning, the subnet will send all your VPN traffic via VPN gateway as it has a specific route and any external Internet traffic via Azure Firewall because when outbound traffic is sent from a subnet, Azure selects a route based on the destination IP address, using the longest prefix match algorithm.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.