Allow IT group on main subnet to access management subnet

Question

The main network for the entire organization is 192.168. 168 .x 
 That is VLAN 168 
 
 There is a management network on network 192.168. 150 .x 
 That is VLAN 150 
 
 Members of the IT Group have workstations on the 168 network (as do all other computers). 
 How can I write a rule on Sophos UTM 9 that allows ONLY the members of the IT group to access everything on the 150 network?

Ol Deda · Accepted Answer

Create another VLAN only for IT Group that has access to other VLAN's

DouglasFoster · Answer

A similar result can be achieved without vlans if all of the I.T. PCs have static addresses. 
 The other option is STAS, which uses the active directory login as a firewall object. It may represent more complexity than you want, but it would allow the permission to float with the user rather than the device.

ecar13 · Answer

I ended up creating a firewall rule: 
 - Sources: IT Admin Group 
 - Services: Any 
 - Destinations: Management (Network) 
 
 This seems to give me what I want. From my PC, I just want to be able to log into the network switches, cameras, UPS, etc. 
 
 Thanks everyone for your advice.