A client has setup access to a web server in Azure and have confirmed working. In the access policy you do not use the actual web server object but a Dynamic Object called LocalGatewayExternal. In the NAT policy is where you actually define the object in the translated destination. The client has defined the object as a “Web Server” and applied Web Server protections. Because this is not used in the access policy (only used in NAT) would those protections still apply? Secondly they want HTTPS inbound inspection enabled for the same webserver. Is this possible to do as I do not think you can use the actual web server object in the HTTPS policy (would need to use LocalGatewayExternal). This is VMSS implementation with a LoadBalancer in front of the Gateways. Thanks