Hey @sindhu sneha -
OK - so you cant use NSG as that would apply to the whole gateway and the gateway covers more than one site each with different requirements ... So ... A combination of "per site" WAF policy + custom waf rule to block by client ip as detailed in the Q&A here https://learn.microsoft.com/en-us/answers/questions/1141185/how-to-block-ip-address(client-ip)-in-azure-applic