If you can't find it in the documentation of the firewall, it's time to contact the maker or the company that installed it. If it doesn't work with the current one, there might be a good alternative. Specialised companies know such.
Currently, In our College, Firstly new user needs to register their device's MAC address to the NOC. (All 2000 student go to single NOC Room). When they register their MAC address, a static address is assigned to them and entry is added to the Cyberoam firewall. (Now, they have started to use DHCP to assign static IP to a MAC address).
Now, what we want is that wifi becomes open and has no MAC filtering. So, once a user is connected to the internet, The firewall blocks every connection to that host except one IP address and a specific port which would be of our Authentication Server. Then, the user will get a captive portal that will allow them to download our College's App. Once user Installs the App, The App should send a request to the Auth Server to allow Access to Intranet Services to that specific MAC Address. Then the App should Contain an Internet page on which there will be a Connect button. When they click on connect on connect button, The auth server will whitelist their MAC for Internet Access(Whoever has paid for it) to the firewall and assign bandwidth and Quota Limit. (Optional) The firewall should blacklist the MAC when their session ends.
So basically, we want to create a middle auth server which will have its own database(& separate panel for admins) which will communicate to the firewall for blacklisting and whitelisting MAC's.
Is there any way, that by using firewall's API , we can meet above specified conditions