Outbound policy based on service?

So I have a VPN WAN, and a “regular” WAN. I would like to be able to route all Amazon Video traffic through the non-vpn WAN.

So I have tried to create outbound policy rules based on destination domains (amazon.com, primevideo.com) which works for my browser. However it does not work for the app.Probably because it uses different domains, or no domains but only IP’s.

The “active sessions” screen correctly identifies the requests from my phone to be amazon video requests. So I was wondering if it is possible te create outbound rules based on the destination service.

For posterity.

In order to succesfully bypass the blocking of VPN services by Amazon you can either do the folowing things:

  1. Switch to another VPN server (prefered)
  2. Switch to a different VPN service (untill it gets blocked as well, would not recommend per se).
  3. Create outbound policy rules for the folowing domains: amazon.*, amazonaws.*, primevideo.* and cloudfront.*

This last method works for both the app and the website/browser.

If you would like to block Prime Video, I suppose you could use these domains too.

Of course, needless to say, this may have some privacy implications.