We could use global groups instead of groups in the Firewall.
If you change the ip lib network you could make a change in one place np.
group address IP_LAN 10.1.1.1
group network-address LAN 10.1.1.1/24
group port HTTP 80, 443 e.t.c
When configuring firewall rules or nat, you could use the same groups.
This would simplify the configuration.
Make global groups
@syncer I think the problem is that many fields (eg. within the NAT, WLB, PBR facilities) don't allow to use groups you can use in the firewall stanzas. I think there's no need to poll on this, seems to me like a no-brainer, everyone wants this. Many modern products also add auto variables such as eth0_ipaddresses or eth0_networks. Juniper has an implementation that also allows for hierarchical grouping.
If you want to next-step it and go beyond most vendors: allow for eg. interfaces eth0 address group name. as long the requested type matches the list it should be possible.
Often times the lists are an abstraction that allows for an integrator to keep control over the overall vyos config, but the client would have control over (certain) lists for their day-to-day network operations.