TLD’s in VPN Policies

Setup is fairly simple - WireGuard VPN server at home, WireGuard VPN client (750 Slate) at a remote location (in a different country) - all working as expected, I’ve enabled vpn policies on the client and basically added:

Don’t use vpn for:

… and that’s all working fine (one of the things I wanted to do was get to the local subnet at the client site while on the vpn - hence the network bypass). What I really want to add is to not use the VPN for:


…where tld is the local country tld the client is physically in.

Problem is all variations of *.tld or just tld or .tld are rejected as a vpn policy rule by the gli web ui. Pretty sure *.tld should do what I want? Am I just going to have to go in and edit the policy files raw and just bypass the ui or am I missing something?