To redirect traffic you need to be able to identify it or its source or destination. Then you can create a policy that says send this identified traffic this way or that.
So you could setup a policy that says any https traffic from this IP address send via the SF tunnel. Or any traffic destined for bbc.co.uk send via the tunnel, or any traffic at all from devices connected to this WIFI network load balance.
The boring bit is that things like netflix or zoom or skype don’t always use servers that are easily identifiable. So it really does depend on what you are looking to identify to redirect.
Hope that helps.