Topology:

This is an example where it is necessary for traffic destined to 8.8.4.4 to always go through 'port3'.

As shown in the image below, 'ports1' and 'port3' belong to an SD-WAN zone.

The SD-WAN rule ID 1 sends traffic through 'port3'. However, if 'port3' goes down, the traffic will match the implicit rule and be sent through 'port1'.

To prevent the traffic from being sent through 'port1', two specific routes to the destination must be created: one route using the interface through which the traffic should always pass ('Port3' in this case), and another route using the Blackhole interface with a higher administrative distance than the first route.

Result:
To verify these settings, a ping is sent to the destination (in this case, 8.8.4.4), and the sniffer shows bidirectional traffic going out through 'port3'. Once 'port3' goes down, the sniffer only displays 'echo request' packets, indicating that the traffic is being routed to the Blackhole interface.