Great news. You can also consider my earlier suggestion of 123.123.0.0/16 to limit the constant fail2ban notifications caused by enabling RF. The mobile IP addresses shouldn’t change beyond that subnet.
Edit: Obvs the 123.123 is an example for the user’s actual IP address.
You shouldn’t need RF if you do that IMO. Try it anyway. In the UK, the first two parts of the IP address very rarely change for ISPs and mobile operators here. You’ll need to get the IP for each user, whitelist those: 0.0/16.