Can you secure custom domain in Azure Front Door with 3rd party WAF?

Question

After onboarding a custom domain login.foo.com on Azure Front Door (AFD), either via TXT method in preview SKU or through afdverify CNAME method in the current SKU, what is the best way to place a 3rd party waf (e.g. f5, akamai, etc) in front of AFD?

Typically, in other products, the custom domain login.foo.com DNS info should look like the following once you put it behind a 3rd party WAF.

DNS
login.foo.com CNAME some3rdparty-waf.edge.network.com

and within WAF you would map (this info will not be public)

some3rdparty-waf.edge.network.com to login.z01.azurefd.net

The issue faced with AFD is that it complains if CNAME is not mapped directly to AFD endpoint like following:

DNS
login.foo.com CNAME login.z01.azurefd.net

Resulting in the following error. I may have missed a step or is this not supported?