Is it possible to put CA API Gateway go through WAF?
What are the limitations/drawbacks of doing this, if any?
You can place WAF in front of the gateway if required for your setup. The main piece that will stop working is client mutual authentication. What feature of a WAF do you need that the gateway does not provide?