The ability to add groups of IPs in the source and/or destination of firewall rules and outbound policies. I’ve seen this implemented in two ways and either would be an upgrade to the way rules currently work in the balance.
The first way is that there would be an entry for group in the rules where a group of ip addresses can be added.
The second would require more development but would be a nicer solution in my eyes. Have the ability to add groups somewhere in the interface (groups of ips, groups of domains, public or private ips, etc) and assign a friendly name to each group. The when a rule is created assign the name of the group to source and/or destination of a rule.
Let me know if you need a use case as I can provide many.