Thank you for reaching out.
I understand you are setting up an GWLB with NVA's as backend pool and when the NVA's are offline the traffic is dropped.
Is this the expected behavior of the GWLB?
Yes, this is expected behavior as when NVA's are offline the GWLB health probes fail, and this leads to traffic getting dropped.
Are there alternative ways to configure the GWLB to work around this? For example, could we configure it so that if there are no backend NVAs available, the GWLB is bypassed?
Currently such configuration is not supported for GWLB. Although I think this will not be a best practice to bypass the GWLB as the internet traffic will directly reach the protected server in this case without being vetted by the NVA.
If you wish to have such configuration option for GWLB, it will help if you could file a feature request for this on our feedback portal.
I think it will also help if you could go through this article for deploying highly available NVA's . Azure GWLB supports active/active, active/standby and scale-out NVAs.
Additional references:
https://learn.microsoft.com/en-us/azure/architecture/networking/guide/nva-ha#gateway-load-balancer
Hope this helps! Please let me know if you have any additional questions. Thank you!