Policy based forwarding (PBF) overrides the route lookup to force specific traffic to go to a certain next hop address or routing instance. PBF policies are looked up separately for forward and reverse direction of a flow. The forward direction of a flow can use a different PBF policy rule from the reverse direction. 

Further, PBF policies are looked up only when forwarding a packet to the LAN (traffic that is NOT destined to the SDWAN). So, forward direction traffic on the originating branch uses the SDWAN policy to select the SDWAN path and does not use the PBF policy. Only the reverse direction traffic for the flow is subject to any configured PBF rules. Similarly, on the destination branch, forward direction traffic is subject to PBF rules, and reverse direction traffic to SDWAN rules. 

The following is an example use case: 

Application-based Direct Internet Access path selection: At an SDWAN branch, mission critical SaaS applications such as Office365 and Salesforce must use the high speed broadband circuit, and non mission critical applications such as Youtube and Facebook should use the DSL circuit. The default route in the LAN routing instance is an ECMP route through two paired TVIs, one to each transport routing instance (Broadband and DSL), where the traffic would be source-NATed according to the CGNAT service configuration for Internet breakout. Two PBF rules are created. The first one, matching the application Office365, whose next hop address is the paired TVI to the broadband routing instance, and a second PBF rule matching applications Youtube and Facebook, whose next hop address is the paired TVI to the DLS routing instance.