When network traffic is protected by a cloud-based security service, all network traffic routes through a cloud service provider for processing. However, not all network traffic requires processing by security services—this is particularly true with “all ports and all traffic” security. Thus, the cloud-based security service is a bottleneck for network traffic, and cloud operational costs are high due to the cloud-based security service having to contend with a large volume of network traffic. This is particularly a problem when end nodes access the cloud-based security service via a virtual private network (VPN) that requires a VPN concentrator and decryption at the cloud side. The instant disclosure, therefore, identifies and addresses a need for systems and methods for network traffic routing to reduce service congestion at a server.