What's wrong with this Domain-based Outbound Policy?

I’m trying to set up my first simple Outbound Policy, but it’s not working as I thought it would. My initial problem was when using SpeedFusion Cloud, Target.com doesn’t work correctly because of the VPN. So I thought this would solve the problem, but what am I misunderstanding or doing wrong?

domain based policies can be a little hit at miss - not because the rules doesn’t work but because of all the other domains that can be involved in delivering traffic from that domain.

Modern websites and pages can include content served from many additional 3rd party domains.
For example here are the domains my browser hits when loading the target.com home page image.png

You don’t say why you need to send target.com via a specific WAN, but the options for more complex activities like this are to analyse what’s going on and add more domain rules, or do it by source IP.

Oh wow yes that’s a lot!

My use case is that there are only a few sites like Target that give me trouble while using SpeedFusion Cloud.

Right now, I have to disconnect from my SFC SSID and switch to a separate SSID I have set up that is not through SFC then switch back when I’m done.

I was hoping that a simple rule like this would allow me to still use a site like Target without having to swap SSIDs.

What would the “source IP” method look like and do you think that would work for the situation I described?

Lets see the Outbound rules above that rule…

This is the first one I’ve ever set up, here’s the screenshot that shows another one below it that I’m assuming was some sort of default one?

I would think that maybe I just didn’t notice it before, but it’s not even showing in my screenshot I just posted a few hours ago…

This Rule seems to have popped up out of nowhere, and now if I move my Target unVPN rule above this, then everything works as I hoped it would at first:

I’ve been poking around all morning trying to figure this out, so I’m not sure what I did to make that rule pop up? It seems before that appeared, then all traffic was going through that hidden rule first before it got to any of the other ones?

1 Like

In addition to @MartinLangmaid 's astute observation I might point that many sites are simply not “VPN friendly.” For example, in testing we’ve found that fedex.com, faa.gov, a certain electronic parts supplier we frequently visit, and my favorite credit union will not “work” (and sometimes, not even permit a log-on) when the exit IP address is that of SFC or our FusionHub Solo hosted at Vultr. Period. In these situations it’s not an “outbound policy issue” at all.

1 Like

Ah good! Yes that’s called expert mode, its hidden under the little blue help icon.

By moving the outbound policy above the line like you have it now overrules the SpeedFusion cloud default rules/routes which is what you want it to do.
Well done!

My Balance 20x doesn’t have quite the same setup, Expert Mode is a separate item you can enable or disable.

How does this interact with the SFC settings? I put my computer in the SFC group via SpeedFusion Cloud → Connect Clients to Cloud. There are no rules in the outbound policy for it. Adding domain rules for specific unfriendly sites seems to have no affect on the traffic.

Do I need to remove my desktop from the SFC settings and set up using SFC in the Outbound rules instead?


It is the same on the B20X. Navigate to Network > Outbound Policy and you can enable it:

Without expert mode, SFC settings take precedence over outbound policy.
With expert mode - anything above the line takes precedence over SFC Settings.

1 Like

Martin, you’re the bomb! Thanks for the video. I just didn’t understand how that gray box affected the processing, and that you could put rules above it. Moving the rule above that gray box (that is not a rule, just showing where in the process those rules exist) works perfectly!


1 Like