The proxy appliance have multiple interface been used in the network.

The setup is a chaining proxy where there is a downstream proxy and upstream proxy. There is one interface connecting directly from the downstream and upstream proxy.

There is a requirement to force the traffic on the downstream proxy to use the interface that is connecting direct to the upstream proxy.

In this example, the downstream proxy have interface 1:0 been used for all the production traffic to forwards the traffic to the upstream proxy (using another network path) and interface 2:0 is the interface been used to connect direct to the upstream proxy.

Below is an example of the policy to achieve this:

<Forward>
client.address=Based_on_IP reflect_ip(10.10.10.10) forward("UpstreamProxyFwdHost") 

<Forward>
condition=Based_on_UserGroup reflect_ip(10.10.10.10) forward("UpstreamProxyFwdHost")

define subnet Based_on_IP
10.2.3.5 10.6.7.8 ; can list individual IP addresses
2.3.4.0/24 2.3.5.0/24 ; or subnets
2.3.4.0-2.3.4.255 ; or an IP address range
2.3.*.* ; or IP address wildcards
end

define condition Based_on_UserGroup
realm=IWA_Realm group="THEDOMAIN\USERGROUPNAME"
end

Note:

"UpstreamProxyFwdHost" is the upstream proxy forwarding host.

The above policy contains two rules where the first one is based on condition on the client IP and the second rule is based on the user group.

The IP - 10.10.10.10 is the IP configured on the interface 2:0 in the downstream proxy.