Realtime tag provider security zone with Scale Out Architecture

Hello All,

I have a scale out system with FE and BE Ignition gateways. V 8.1.24. We have a need to restrict tag writes to a few select perspective clients and want the rest to be read only. It seems the logical thing to do here is to utilize a security zone to limit tag writes. We have a security zone setup on the BE server, and in the policy we have tag write access on the Realtime tag provider set so that the user must be in the security zone to have write access. If we enter the IP address of the clients we want to be in the zone in the settings on the BE gateway security zone this does not work. It does not function because the tag write requests do not come directly from the client IPs but rather from the FE server they are connected to then over the gateway network. Is there a way to setup a security zone on the FE server and then link it to a security zone on the back end to achieve this functionality? Our workaround at the moment is to not allow user logins on the clients we wish to be read only. Functional but not ideal. Thanks for any information.