The requirement is the customer is having 2 SAAS services for SMTP for which Microsoft has provided public IP. The customer wants to make those services available for users within the organization only.
I tried exploring the L4 load balancer but that doesn't have the capability to upload SSL certificates for end-to-end encryption. I checked the application gateway but that doesn't seem to allow SMTP ports 25, 465, 587, or 2525. Checked for traffic manager but says public facing (need to explore more). Also exploring any hybrid solutions.
Requirements:
We currently have SMTP servers which are load balanced through F5 (on-premises) , so the customers use the Virtual-ip of the F5 load-balancer for the necessary smtp operation.
SMTP server team have decided to move to a SAAS solution proofpoint SER, in which they are provided with 2 public ip for the service.
Our F5 team have stated that SAAS solution is not feasible as a backend to load balancer.
As its a SAAS service ,our cloud team is asked to design a solution to load balancer on both the public ip.
But as per SMTP server team they dont wont to distribute this 2 public ip to all the users , instead they want an internal single private ip which points its to public ips.
In short a solution which has the ability to allow smtp protocol, load-balance public ips on the backend and a private ip on the frontend.
Not sure I fully understand the requirement but Azure Firewall is the service you would want to look at to restrict access for non-HTTP/S ports/protocols.
With that said, if the SaaS service you are using for SMTP is M365, this is NOT the recommended approach. If you are looking to restrict access to Exchange online then you should look at Azure AD Conditional Access policies. These will allow you to restrict access to SaaS services via compliant devices, IP ranges, or corporate managed devices. It can also restrict access to specific apps (for example only allow access via Outlook, not the browser).
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android