I understand you wish to access the firewall servers over SSH and port 443.
EX; I'm thinking of creating vdi, terminal, bastion host server in our azure environment and that should act as jump host to firewall, there any other better way someone can suggest
Using Azure Bastion will be a good choice in this case, you can also enable MFA using Microsoft Entra authentication. But just in case as documented here if you're advertising a default route (0.0.0.0/0) over VPN, and this route is being injected into your Virtual Networks, this will break the Azure Bastion service.
Another approach you can explore here will be to configure P2S VPN for access based on users and groups - Microsoft Entra authentication as documented here.
When you use Microsoft Entra ID as the authentication method for P2S, you can configure P2S to allow different access for different users and groups. If you want different sets of users to be able to connect to different VPN gateways, you can register multiple apps in AD and link them to different VPN gateways. Although you will have to deploy additional VPN Gateway in this case.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.