Thank you for asking this question on the Microsoft Q&A Platform.
What I would do is substitute the load balancer and the firewall for an Application gateway with WAF V2. Depending on the SLA of your application, you may need to use a Front Door
You don´t give details of your app, but you should consider using App Service instead of VMs. In this case, you won't require a Virtual Network
Hope this helps!
Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.