Is it possible to add MAC address filtering to SSL VPN authentication?

Question

I've been asked to lock down the SSL VPN so only approved devices can connect in. 
 On the face of it, it appeared pretty straight forward and I tried to do so here under Authentication > Users: 
 
 But it doesn't work, get error ID 17705: "Failed to login to SSLVPN through AD authentication mechanism because of..." 
 Does this not do what I hope it does? How can I get MAC address filtering to work with the SSL VPN?

HuberChristian · Answer

Because the fact, that XG Firewall's WAN Port and the SSL-VPN Client usually are not in the Same Broadcastdomain, your XG Firewall doesn't know the MAC Adress of your SSL-VPN Client so this requirement doesn't make any sense. 
 In UTM there is a workarround how you can allow SSL-VPN Connections from certain Public IPs (For example only from certain countries) but on XG I'm not aware of something like that. 
 You somehow could reach this with Security Heartbeat. If "Approved Devices" are all devices which have Cloud Endpoint installed, and they are linked to security heartbeat, you can create a Firewall Rule which says that traffic from SSL VPN to XG is only allowed, if Security Heartbeat is green. All other devices trying to connect will be able to create the SSL-VPN tunnel, but won't be able to communicate trough this tunnel.