Configure Network Service for Business Policy Rule

While creating or updating a Business Policy rule and action, you can set the Network Service to Direct, Multi-Path, and Internet Backhaul.

Direct

Sends the traffic out of the WAN circuit directly to the destination, bypassing the SD-WAN Gateway. NAT is applied to the traffic if the NAT Direct Traffic checkbox is enabled on the Interface Settings under the Device tab. When you configure NAT Direct, consider the following limitations.

NAT must hit traffic in edge routing table with Next Hop as either Cloud VPN or Cloud Gateway.
NAT works for traffic to public IP addresses only, even if Business Policy allows to configure private IP addresses as destination.

Multi-Path

Sends the traffic from one SD-WAN Edge to another SD-WAN Edge, and from a SD-WAN Edge to a SD-WAN Gateway.

Internet Backhaul

While configuring the business policy rule match criteria, if you define the Destination as Internet, then the Internet Backhaul network service will be enabled.

Note: The Internet Backhaul Network Service will only apply to Internet traffic (WAN traffic destined to network prefixes that do not match a known local route or VPN route).

When the Internet Backhaul is selected, you can select one of the following options and configure endpoints to backhaul the following Internet-bound traffic types (Direct Internet traffic, Internet via SD-WAN Gateway, CSS traffic, and Cloud Web Security (CWS) Gateway traffic):

Backhaul Hubs
Non SD-WAN Destinations via Gateway
Non SD-WAN Destinations via Edge/Cloud Security Service
VMware Cloud Web Security Gateway
Note: The VMware Cloud Web Security Gateway option is available only if a user has subscribed to use the VMware Cloud Web Security service.
For more information, see VMware SD-WAN Cloud Web Security Configuration Guide published at https://docs.vmware.com/en/VMware-Cloud-Web-Security/index.html.

You should be able to configure multiple VMware SD-WAN Sites for backhaul to support the redundancy that is inherently built into the Non SD-WAN Destination connection, but keep a consistent behavior of service unavailability leading to traffic being dropped.

If Conditional Backhaul is enabled at the profile level, by default it will apply for all Business Policies configured for that profile. You can deactivate conditional backhaul for selected policies to exclude selected traffic (Direct, Multi-Path, and CSS) from this behavior by selecting the Turn off Conditional Backhaul checkbox in the Action area of the Configure Rule screen for the selected business policy.

For more information about how to enable and troubleshoot the Conditional Backhaul feature, see Conditional Backhaul.