I'll take a crack at attempting to understand what you want and state what is possible.
MWG 7 there will be one or multiple "director" nodes. These "director" nodes distribute the traffic to the "scanning" nodes for filtering. You setup the Virtual IP on the director nodes and it will then distribute any traffic it receives on that interface.
Speaking to you example, specifically the part about "wgw1 refuse the connection and forwards it to cluster .171", this is not possible. I'm sure there is something creative you could do, but I would have to ask the question... why dont you point the users pointed to 172 to 171?