The proxy appliance have multiple interface been used in the network.

The setup is a chaining proxy where there is a downstream proxy and upstream proxy. There is one interface connecting directly from the downstream and upstream proxy.

There is a requirement to force the traffic on the downstream proxy to use the interface that is connecting direct to the upstream proxy.

In this example, the downstream proxy have interface 1:0 been used for all the production traffic to forwards the traffic to the upstream proxy (using another network path) and interface 2:0 is the interface been used to connect direct to the upstream proxy.

Below is an example of the policy to achieve this:

<Forward>
client.address=Based_on_IP reflect_ip(<ip address on the interface>) forward("UpstreamProxyFwdHost") 

<Forward>
condition=Based_on_UserGroup reflect_ip(<ip address on the interface>) forward("UpstreamProxyFwdHost")

define subnet Based_on_IP
<ip addresses>
end

define condition Based_on_UserGroup
realm=IWA_Realm group="THEDOMAIN\USERGROUPNAME"
end

Notes:

"UpstreamProxyFwdHost" is the upstream proxy forwarding host.

The above policy contains two rules where the first one is based on the condition of the client IP and the second rule is based on the user group.

<ip address on the interface> is the IP on interface 2:0 that connects to the upstream proxy.