After you establish a VPN connection between a branch and a Non SD-WAN Destination via Edge, create a Business Policy to route the traffic from the Non SD-WAN Destination tunnel.


Ensure that you have established the VPN connection between branch and Non SD-WAN Destination via Edge. See Configure Profile with Non SD-WAN Destination via Edge.


  1. In the Enterprise portal, click Configure > Profiles.
  2. Select a profile from the list and click the Business Policy tab.
  3. Click New Rule or Actions > New Rule.
  4. Enter a name for the business rule.
  5. In the Match area, click Define and choose Internet as the Destination.
  6. Select the Application as Any to steer all the Internet traffic or select Web to steer only the HTTP/HTTPS traffic.
  7. In the Action area, select High as Priority and click Internet Backhaul as the Network Service.
  8. Choose Non SD-WAN Destination via Edge and select the Non SD-WAN Destination service created with the Forcepoint tunnel parameters.
  9. Choose the other actions as required and click OK.


The Business Policy redirects the Internet destined HTTP/HTTPS traffic to Forcepoint Cloud Security Gateway using the IPSEC tunnel.

What to do next

Configure the Tunnel parameters for a selected Edge. See Configure Edge with Tunnel Parameters.