I dont think UAG has the capability ( currently) to define Access List based on Mac Address.
However, you can check the Connection Server Restriction Feature.
Refer to https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-cloud-pod-architecture/GUID-61B2727E-DFFC-4...
NOTE: You can implement the above without Cloud Pod as well.
Create separate Pool for internal and external users.
Set Connection Server Restriction on the External Pool and define 1 specific CS for external use.
Point the UAG to External Connection server..
