User(Device) groups by MAC address for firewall routing

I’m looking within the settings a method to create “groups” that I can then apply in the Firewall rules.

Example, I want to be able to create a group of all iPads that are used for a specific purpose. This group I want to apply then in a rule that they are allowed to access a specific server on the network (on a diferent vlan). I also want to be able to ensure I route that group of devices to a specific WAN connection only (enforced).

I know I can create groups by IP, but in reality this needs to be done by MAC, as I have those devices allocated by DHCP reservations (and thus can control their access), as otherwise just entering the IP address into any device suddenly allows you to access (make use of) that firewall rule!

Another example, I may have a service person access the network (multi SSID and thus multi vlan), but still want to control their routing and access to certain elements, so again control via MAC address, so that I dont have to be hunting their IP address. (It’s easier to tell them to lock their MAC / disable dynamic) than get their IP address everytime they move between networks!

So in effect looking for a way to create users/devices that are then grouped and I can apply that group within a firewall rule.

Anyone with insights… or should this be a feature request? :slight_smile: