Thank you for reaching out on the Microsoft Q&A forum.
If I understand correctly, on Azure Firewall due to SNAT the incoming traffic does not contain the original source IP address of the request and you want to know if there is a way to send source IP information to the backend web server.
I think this can be done by deploying an Azure Application Gateway before the Firewall. This design is appropriate for applications that need to know incoming client source IP addresses, for example to serve geolocation-specific content or for logging. Application Gateway in front of Azure Firewall captures the incoming packet's source IP address in the X-forwarded-for header, so the web server can see the original IP address in this header. This is currently documented here.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.