Outbound Policy - VLAN Routing

Hi Team,

Is there a way to route users from a specific VLAN over a specific WAN ie using the weighted balance or enforced rule?

We currently have a BR1 with a satellite connection (via WAN) we need most users to use but have users on another VLAN that can only use the built in 4G.

Any help or advice is much appreciated.

Best regards,


Hi. Sure. Easy to do. In Network | Outbound Policy just specify the subnet associated with the subject VLAN (e.g., Destination: any; protocol: any. Select your rule type, e.g. “enforced” or “priority.”
Will that get you where you want to go?


I had this exact question as well, and this does not seem to answer my specific use case. Your answer seems to assume that a VLAN will be associated with a specific subnet, but that is often not the case.

In my case, I will be using a Peplink Balance 20X upstream from a UniFi Dream Machine Pro. In the UniFi UI, I can use DHCP reservations to make any client stick to a particular internal IP address. I can also assign a VLAN which drives certain access rules. (A common use case for this is to allow IoT devices to reach out to the Internet, but NOT allow them to attack anything else on the network. See “Attack of the Light Bulbs”.)

Anyway, for my use case, I CAN put individual source IP addresses or MAC addresses into the rule set on the Peplink if I need to. It would be far easier to manage with VLAN membership in the UniFi UI. I assume the original questioner had a similar use case.

All of this assumes that the VLAN tags will pass through the UniFi Dream Machine Pro and go to the Peplink in the first place. I am hopeful that the instructions on how to disable NAT on the UDMP will work, and that VLAN tagging will pass through as a result.

So, you have the WAN port of the UniFi connected to a LAN port on the Peplink Balance 20x?