Hi, Normally, when traffic enters the firewall, the ingress interface virtual router dictates the route that determines the outgoing interface and destination security zone based on destination IP address. With policy-based forwarding (PBF), you can specify other information to determine the outgoing interface, including source and destination IP addresses, source and destination ports, and user ID. But, in your case, once you will deploy virtual wire into PA firewall, there are no more routing involves into it. In virtual mode PA firewall acts as a "transparent device" and can not implement PBF into it. Thanks Subhankar
... View more