After you establish a VPN connection between a branch and a Non SD-WAN Destination via Gateway, create a Business Policy to route the traffic from the Non SD-WAN Destination tunnel.


Ensure that you have established the VPN connection between branch and Non SD-WAN Destination via Gateway. See Configure Profile with Non SD-WAN Destination via Gateway.


  1. In the Enterprise portal, click Configure > Profiles.
  2. Select a profile from the list and click the Business Policy tab.
  3. Click New Rule or Actions > New Rule.
  4. Enter a name for the business rule.
  5. In the Match area, click Define and choose Internet as the Destination.
  6. Select the Application as Any to steer all the Internet traffic or select Web to steer only the HTTP/HTTPS traffic.
  7. In the Action area, click Internet Backhaul as the Network Service.
  8. Choose Non SD-WAN Destination via Gateway and select the Non SD-WAN Destination service created with the Forcepoint tunnel parameters.
  9. Choose the other actions as required and click OK.


The Business Policy redirects the Internet destined traffic to Forcepoint Cloud Security Gateway using the IPSEC tunnel.

What to do next

You can verify that the tunnel is online by monitoring the Network Services. See Monitor Non SD-WAN Destination via Gateway.