Outbound policies and VPN, Expert Mode

Currently, outbound policies only allow specification of Source based on IP or IP subnet addresses. If source could be specified as a traffic type, specifically domain, then apps running on general purpose computers or in browsers (such as streaming apps; Netflix, ATTNow, etc.), could have a policy allowing bypass of VPNs (Speedfusion) in Expert Mode. This is possible with a dedicated streaming device with an IP address but otherwise not, causing all of the known streaming/VPN issues to be unavoidable unless the VPN WAN is disabled.

Outbound policies can be built using the domain type as the destination. However a policy that is send *.netflix.com via WAN1 doesn’t work because netflix uses CDN’s that don’t have their domain name.

What you want is more advanced outbound policy traffic definition. Like the SaaS filters in IC2 outbound policy for Office 365 and G Suite:


I too would like streaming services added to the options available. Hulu, Netflix, DisneyPlus, etc.

I have a similar situation where we have PEPVPN working at one site but we do not want all of the connected devices to a BALANCE ONE to be routed through the VPN and get an IP address on home office network.
We have clients connected to our Balance ONE that should only see the internet directly without access to the main office network…
We only desire ONE of the client computers at the remote site should get an Office IP from the Main site and have access to the main site internal network.
Is this possible?