On our SG720, we have our internal network, plus two internet connections. One is a T-1, which is set as our preferred gateway. The other is a DSL line, which is not set as preferred. We want our default traffic to go via the T-1, which it does. I want web browsing to go out via DSL.
I set up a policy route of type 'forward' for internal network traffic to any destination, of type 'web' to use the DSL gateway port. But watching packet captures, this traffic continues to go out through the T-1.
BTW, I have another policy route in place for a third connection that routes based on the destination address, and it works fine.
After a little more digging, I discovered a few more items of interest.
1) I had an error in my route configuration, which prevented it from working even when access control was turned off. I corrected that, and was able to create a policy for HTTP traffic that works with access control off.
2) The only routing policies that don't work correctly with access control turned on are for HTTP traffic. It appears that Access Control operates before policy routes, and as I had enabled access control and the web protection service, the traffic was being sent out to the web protection service proxy directly.
That led to a sudden realization that the web protection service was being accessed on port 8080. I added that to my policy route, and it all appears to be working.