Hi,
Azure Application Gateway is correct for your needs based on your description. The incoming requests would be received on the Application Gateway's public listener and then a new TCP connection would be created to the VM and the original request would be sent. The source IP would be the gateway's private IP address.
How an application gateway works
https://learn.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works
If the above was useful please click Accept Answer.
Thanks.
-TP