If you want to ban all computers of a SEP group to access a special website, then you do not need to write anything in source. It's enough that destination is determined.
But if you want to ban only some computers, you can define these computers in the firewall policy not only by IP address. You can use IP address ranges (matching the ranges of your DHCP server), MAC addresses and so on.
Or define central host groups (Policies > Policy Components > Host Groups) which you can directly use in firewall policies.