Azure Pfsense + Application Gateway + vNet Peering

JuniorNetworking

I am stumped. Setup Hub and Spoke

192.168.1.0/0/24 - Pfsense (Hub)
192.168.2.0/ 26 - Application Gateway (Hub)
172.30.3.0/24 - Webserver (Spoke vNet Peered)

vNet Peer Config: Configuration
Configure virtual network access settings
Allow virtual network access from Hub to Spoke
Enabled

Pfsense NAT
192.168.1.5 (With PiP) forward to 192.168.2.5 (AG Private Front End IP)

Intended traffic flow: pfsense -> app gateway -> webserver

Current Route Tables:
Dest. 0.0.0.0/0 Route Internet Subnet Association: 192.168.1.0/24
Dest. 192.168.1.0/24 Route Virtual Network

Why can I not access webserver site on port 80?

NSG Allow all on port 80
Pfsense Allow all on port 80
App Gateway Listener on Port 80 to server backend pool private ip 172.30.3.4 (Works with no Pfsense and Route Tables when using AG Public Front End IP)

I tried following this reference guide but it doesn't seem to work:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway#hub-and-spoke-topology

Has anyone else tried creating something similar?

JuniorNetworking

Turns out global vNet peering on the LB function of Application Gateways is not supported. This is a Azure Application Gateway limitation and not related to Pfsense: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues. Posting this on 10/5/2020 if anyone else runs into this issue, I hope this helps