Allow multiple networks for Masquerade Rules
We have dozens of RED devices. Adding individual NAT Masquerade Rules is very tedious when you can only select a SINGLE source object per rule. Would be nice to have a single Masquerade rule with multiple sources so I could just add either a new Network definition to the existing rule.
This is already possible by either using a group definition in the NAT rule, or using "Any" as the source network. In this case, Any is quite safe to use, so long as you are restricting any traffic you don't want to allow outbound with firewall rules. Using Any as the source network just means that any packet that is allowed to pass through the interface will be masqueraded.
There are some cases where adding just specific hosts or networks to the masq rule wold be useful, though, so this is still a useful idea. while not necessary, it would simplify rule management a little in these cases.