1) WAF is not supported when deployed inline.
2) WAF not supported if NAT/traffic is not terminated on the firewall
Ticket reported : [#7882861] WAF requirment
Declining as it’s not clear what you actually are suggesting and what the value of it would be.
1. you can use the WAF from the internal Network.
you must only change the Hosted Address Port to your Lan port and change the DNS for the Reverseproxy URL to the XG Firewall.