It is not possible to configure NAT rules with network-groups. For example:
set firewall group network-group NG1 network '192.0.2.32/27' set nat source rule 110 source group network-group NG1 set nat source rule 110 translation address '192.0.2.248/32'
[edit] vyos@vyos# commit Configuration file errors encountered! [[nat]] failed