All communication between a consumer and a service with a PaaS (e.g. CosmosDB) private endpoint is done using the virtual net that the consumer and the private endpoint is connected to, that's general knowledge. But how are the communication between the private endpoint and the PaaS service done? Is that done over a public network or other ways?
In addition, if we have an Azure Firewall where the subnets has a UDR configured that are configured to route 0.0.0.0/0 to the firewall, does that firewall interfere with the traffic between the private endpoint and the PaaS service or does the private endpoint <-> PaaS service go outside of that firewall?
EDIT:
I am talking about the communication shown in this screenshot between PE1 and SA1.
(Image grabbed from https://www.youtube.com/watch?v=bPNkXwRFsek)
