The WAF works fundamentally different from a network firewall. While a network firewall forwards traffic between interfaces , the WAF proxies for the traffic. In two arm mode, after you configure a virtual service, when a client tries to connect to the application via the configured service, there is a TCP connection between the client and the WAF's interface. Upon inspection of the traffic, if the traffic is valid, the payload is sent to the backend application on a totally different TCP connection. Due to this mode of operation, there is really no way the client can directly communicate with the backend server.
Normally, the WAF's WAN interface or the interface that you want to receive the client traffic on, is connected to the DMZ interface of the network firewall. As you are deploying the waf in 2-arm deployment, the LAN interface of the waf would be setup with a new network, to which the servers would connect.
So, I don't see a reason for a DMZ network on the WAF beyond these.
Based on this information, can you evaluate your requirement again and see if there is a need nevertheless ?