Possible to use Application based routing with DCSP marking

I have a dual ISP configuration. One of the ISPs has is more suitable for bi-directional video-conferencing traffic (namely Zoom). As such I’ve configured a large (112 entries) grouped network just for Zoom, which I then use an “Enforced” algorithm with to route it over the correct WAN.
Zoom are continuously updating their list of IP ranges however, and cross-referencing them, coupled with the lack of a good Peplink API, and the fact the IPs in grouped networks are unsorted makes it a total PITA.

What I’d love to have is the ability to use DSCP marking to allow the following configuration as an outbound policy:

SOURCE: ANY
DESTINATION: ANY
PROTOCOL: APPLICATION -> ZOOM
ALGORITHM:ENFORCED

I’m running a Balance Two with firmware 8.1.0. I’ve seen references to the ability to set a SaaS destination via InControl, but is this functionality not available in the device firmware itself?

I think SaaS from InControl2 is a solution for you. SaaS is available in InControl2 only as it is more convenient for updating the IP addresses.

If I was able to select DSCP marking as an option in the Balance firmware, then the destination IP addresses wouldn’t be an issue, and thus I wouldn’t need to pay for an InControl subscription for the single device that I have. In my case I don’t care if the DSCP markings are headed to the Zoom IP endpoints, I want to route all relevant DSCP marked packets over an enforced WAN.
Furthermore I fail to see how updating the IP’s is more convenient via InControl2? Presumably InControl2 has to send the relevant IP configuration to the Peplink device for Zoom? i.e, the IP ranges may be centrally controlled, but ultimately they’re pushed to each device so that device can route directly (rather than forwarding traffic to InControl2, I’d hope)