IPSec Ignoring Outbound Rules Despite Turning Off Passthrough

Peplink Balance One running 8.2.0 build 5312

I have an Outbound Rule that should push IPSec traffic through the SpeedFusion Cloud:

I have Service Passthrough turned off:

In addition, I’ve rebooted the device. However, IPSec traffic seems to continue to ignore all outbound rules and default to WAN1. I’ve tried many variations of rules, domain based policy, protocol/port, application → IPSec. None of them work. Does anyone have any ideas on what may be causing this?

Update: June 9, 2022 7:54:12 AM MDT - Thu

I was able to get this working by routing all UDP traffic on port 4500 through the SpeedFusion tunnel. However, domain-based rules still don’t seem to work. For example, myvzw.com, doesn’t seem to capture Verizon WiFi calling traffic to any subdomains of myvzw.com.

NOTE: To get WiFi calling working you must also route ISAKMP traffic through the same tunnel (UDP port 500).

Any ideas why domain-based destination rules wouldn’t work for this scenario?