Thank you for reaching out and Happy 2024 to you too!
I understand you have a Windows machine with an IIS web application that connects to SFTP servers based on requests from the customers. You have also implemented Azure WAF (I am assuming you are using Azure Application Gateway WAF SKU) and put this application behind it.
Based on my understanding above, this is currently not a supported scenario for Azure Application Gateway WAF SKU as it only supports HTTP/HTTPS traffic and you are accessing the SFTP server as a outbound connection from your IIS web application. To achieve the communication, you can use Azure Firewall in parallel with Application Gateway WAF SKU.
In this architecture:
- Inbound HTTP(S) connections from the Internet should be sent to the public IP address of the Application Gateway
- The SFTP outbound communication should be sent using Azure Firewall's Public IP.
- If choose to use Azure Firewall Premium SKU, you can use TLS inspection functionality to secure your outbound connectivity.
This architecture is explained in detail here
Although this does not depict your exact scenario, I think you can refer this article for passing SFTP traffic through Azure Firewall.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.