This is an addition to Locally managed SMBs .def files for VPN fine-tuning.
You can find the use of vpn_table.def in sk44852 How to configure a Site-to-Site VPN with a universal tunnel, and especially for SMB devices - others use user.def. But also sk113112 How to create dynamic groups in crypt.def file for NON_VPN_TRAFFIC_RULES can be performed using vpn_table.def instead of crypt.def:
In SMB locally-managed mode, /opt/fw1/lib/vpn_table.def should be used (in this exact path). Then run:
[Expert]# fw reconf_sfwd