Outbound policies and VPN, Expert Mode

Currently, outbound policies only allow specification of Source based on IP or IP subnet addresses. If source could be specified as a traffic type, specifically domain, then apps running on general purpose computers or in browsers (such as streaming apps; Netflix, ATTNow, etc.), could have a policy allowing bypass of VPNs (Speedfusion) in Expert Mode. This is possible with a dedicated streaming device with an IP address but otherwise not, causing all of the known streaming/VPN issues to be unavoidable unless the VPN WAN is disabled.

Outbound policies can be built using the domain type as the destination. However a policy that is send *.netflix.com via WAN1 doesn’t work because netflix uses CDN’s that don’t have their domain name.

What you want is more advanced outbound policy traffic definition. Like the SaaS filters in IC2 outbound policy for Office 365 and G Suite: