Yes, you can put your Proxmox host behind your firewall, but you should segment your network for improve security.
For example, behind your firewalls you can have several networks:
- CONTROL: You can connect to this LAN your Proxmox server, the IPMI interface (if your host has one), switches management, etc.
- DMZ: For your servers with public services.
- SERVERS: Private servers.
- OFFICE: LAN for worker's computers.
And then control the communications between these LANs by means of the firewall policy.
You should use your firewall too for your VPNs server and control with the firewall policy what can do each VPN connection. For example, full access for the sysadmin VPNs and access to the ERP for the commercials VPNs.
Regarding the firewall, do you know
FWCloud ?
It is a centralized IPTables/NFTables Linux based firewalls web management tool that that easily allows you manage your firewalls policy, routing, VPNs, etc.