The switch is connected to two firewalls the default gateway is pointing to FW1(172.16.1.2) and on the PBR policy web traffic should got to FW2(172.16.2.2), but when I apply the policy it is not working, can't even ping SVI of Vlan20. As of now the policy is only applied to VLAN20.

I think your issue is the fact that your missing an empty route-map line. Currently, what your route-map is saying is all traffic that matches access-list 100 gets policy routed, the rest.... DROP!

Try adding the following:

route-map ADSL permit 20

(i.e. empty route-map statement for your PBR route-map).

That *should* fix your issue.

Edit: adding the empty route-map statement essentially ensures your PBR to fallback to normal routing if the 1st route-map condition is not met.

I think the rest of the traffic will not be dropped but it will be forwarded normally. Correct me if Im wrong. And one more thing "Why I can't ping the SVI IP if the policy is applied?"

Well, if you don't add empty route-map statement, other traffic will be dropped. Remember, route-map follows the same logic as access-list: implicit deny any.

If your policy still doesn't have the empty route-map statement, then the reason why you can't ping the SVI is because the traffic is dropped by your route-map. Edit: If you've added the statement, does the switch know how to get to the ping source? Do traceroute to see the path it's attempting to take.

The ping source 172.16.20.100 and is from the same segment and the ping destination is the 172.16.20.1 which is the gateway, if the policy is applied the on the SVI the ping will fail.

Try adding the endpoints for your ping command into the access-list for your PBR and test again. Be mindful of the path that echo-reply packets may traverse. Depending on how your topology looks and how you configure the routing, you might encounter asymmetrical path.