I have a requirement to redirect traffic on L4. For some reason I need to matched destination IP addresses maintained in an address group in NAT section and what surprises me is it doesn’t support. Since NAT and firewall are all based on the netfilter/iptable of the Linux system, I guess it should be reasonable to support it for the NAT rules just as what has been done for firewall rules.
set nat destination rule 50 destination group address-group layer4_redirect_to_port_1234
PS: It would be even better to also support MAC address.