I have several financial tablet applications that do not work (well) when using my VPN (router Wireguard to third party service).
Is there a way to define a rule to bypass the VPN when a particular application (or maybe target server) is accessed. Right now I temporarily bypass the VPN for my device (all traffic) when using the app but I’d rather not have to do that.
Thanks.
Maybe Policy Based Routing is the answer:
https://help.firewalla.com/hc/en-us/articles/360061592433-Firewalla-Policy-Content-Based-Routing
The following Targets are supported for Routes:
So perhaps based on target server IP or domain, you can specify an alternative (non-VPN) WAN connection?
Looks like that might have worked . . . 
Thanks!
This. If you can clearly define the hosts/domains that need to specifically routed, the policy based routing would work. Otherwise you may have to go back to the VPN app offered by VPN provider and look for split-tunneling functionality.
I do wish that I could specify a specific device. It seems like if you have devices put into groups, the policy based routing requires you to specify the group and won’t let you pick a “grouped” device unless I missed something.
Yes, there have been similar requests over the years but this is their design, for reason that nested conditionals were difficult to troubleshoot.