We are tying to achieve this. From my understanding, we should place the outside interface of the SF loadbalancer on a private network and then connect to the App Gateway's LB internal interface using Azure Virtual Network Peering.
Is this doable, are there any issues with this?
Yes, it's doable. There are multiple approaches you could go with -
Deploy App Gateway pointing at sf nodes directly, like shown here - Fine Granular Microservices Load Balancing with Azure Service Fabric and Application Gateway
Deploy App Gateway pointing at SF LB
Catches:
There are limitations around how many Backend Address Pools you could have(up to 20), and how many machines and http settings each pool could run with. So, for instance, if you have SF cluster with the thousands of services hosted at different ports, think through using SF LB and SF Reverse Proxy.
Azure Application Gateway requires its subnet. When creating a virtual network, ensure that you leave enough address space to have multiple subnets. Once you deploy an application gateway to a subnet, only additional application gateways can be added to the subnet.
While digging into your question, I've found out that App Gateway might not play nice with websockets under certain circumstances. Check out Communication through Azure Application Gateway blocked for WebSocket traffic for the details.
P.S.
If SF LB of yours is public you don't need VNET peering. The same works for private SF LB and Application Gateway installed into the same VNET.