I dont think UAG has the capability ( currently) to define Access List based on Mac Address.

However, you can check the Connection Server Restriction Feature.

Refer to https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-cloud-pod-architecture/GUID-61B2727E-DFFC-4...

NOTE: You can implement the above without Cloud Pod as well.

Create separate Pool for internal and external users.

Set Connection Server Restriction on the External Pool and define 1 specific CS for external use.

Point the UAG to External Connection server..