WAN-based Firewall Rules

Some network video recorders require that the device be able to reach the WAN public IP address for STUN/ICE/TURN protocol traffic in order to access the device using mobile apps.

I have created a service group and added my current WAN public IP address to it, but if/when that address changes due to DHCP handing out a different lease or the ISP moving the vlan/subnet for CPE devices, I have to go and update the address. I don’t want to add the full public subnet because that is a lot of IP addresses (it is a /16) and even then the subnet itself could change.

It would be nice to have a firewall capability that says “allow ______ IP address to access {all|some} of the WAN interface(s)”, which I would imagine could be another option in the drop down box in source and destination.

Additionally it would be cool to have the ability to tie certain rules to certain WAN connections (i.e. “if operating on WAN, then allow NVR access to backup video files to S3; if operating on 4G, then do not permit the traffic”).