Unfortunately the statement above makes only the one individual connection stick to a uplink. (I.e. if you initiate two connections to the same destination IP, they might end up using different uplinks, but all the packets pertaining to a particular connection will “stick” to the same uplink.)
Unfortunately there is no “easy” solution, especially since you can’t use the set firewall group network-group ... feature (which doesn’t directly help but might make things easier).
Thus you are left with only two alternatives (that I know of):
-
you identify (perhaps by asking the back’s techincal support or looking for their AS-information) their network address range; then you exclude this from the WAN load-balancing feature;
-
you use the same “custom script” I described in one of my previous posts: [solved] WAN load-balancing with `policy route` rules [previously: WAN load-balancing with 2 PPPoE connections with TCP-MSS clamping], which allows you to use normal firewall network-groups; then you write a script that, say each 6 minutes makes a DNS query for the bank’s DNS names (because they might be multiple used for the same application), and adds these in one of the IPsets behind the firewall network-groups feature used in exclusion;