I asked in another post about the best work flow to get vpn connected so I can watch my local team on our Apple TVs in the house.
Side question, but is it possible to have a specific app only route always through a vpn client that’s setup on the Firewalla.
Basically anything we do on the Apple TV goes out through the wan normally, but if we load the mlb.tv app goes out through vpn always?
You can look at https://help.firewalla.com/hc/en-us/articles/360061592433-Firewalla-Policy-Content-Based-Routing
You will have to build rules yourself
So I thought you could do it by going to your flows for that device and you have the option to route but as I just checked on mine it doesn’t give me the option to route a particular flow thru a VPN so I’m assuming you can’t.
Here’s what I previously used for sports streaming on the Apple TV. (AFAIK, this doesn’t work for all streaming services. I couldn’t get Netflix to show me international content.)
Using the network flows, I identified the servers used by MLB/Sportsnet/etc. and added them to a target list.
You then can use this target list to route this specific traffic through your VPN interface.
(Go Jays go! 
)
Why not the entire connection through the vpn? Unless you have strict reasons, that’s the way to go.
No, the Apple TV doesn’t allow split tunneling which is the feature you need here.
I’ve only seen where you can apply a VPN Client to specific source devices / groups / subnets, nothing as far as destinations.
For what it’s worth, YES network just launched their direct to consumer in-network streaming service today for Yankees games. Probably more expensive then the MLB.TV/VPN route, but just wanted to mention it in case you were not aware.
I did that recently, just select the particular flow, choose Route at the bottom and select the device and VPN interface. You can also create a target list with on the web page with multiple domains and setup a Route to use that target list and select the VPN interface.
This sounds like the way!
Much more expensive. I get mlb.tv for free from T-Mobile.
did you ever get this setup?
I wound up selling my Firewalla, so no need for it anymore.
Oh bummer! May I ask why? I just got one so I’m trying to see what it can and can’t do
I actually can’t say due to NDA, suffice it to say, I don’t need a separate firewall anymore.