Your diagram is perfect. Traffic from subnet B does get to subnet C but it doesn’t go through subnet A so their is no firewall/content filtering capability. My hope was that the “route 0.0.0.0/0” rule would route all traffic through subnet A and then if we didn’t want that we could use Outbound Policy in Expert mode to add a rule above the PepVPN rule to essentially by-pass the firewall. But we have clients that want all traffic to go through the firewall so it can be logged and AD group based policies are applied.
Thanks,
john