Support Center > Search Results > SecureKnowledge Details
iOS mobile device with Custom MAC is able to connect Mobile Access Gateway and is shown as "compliant"
Symptoms
  • A Mobile device, which is known to be non-compliant is still able to connect with Mobile VPN / Capsule Connect app to Mobile Access Gateway, and SmartView Tracker log shows this device as compliant.
    This mobile device had to be checked for compliance by an MDM vendor based on the $FWDIR/conf/mdm.conf file on Mobile Access Gateway.
Cause

This is not a Check Point issue, but a Mobile Device Management (MDM) vendor / iOS issue.

iOS sends Dummy MAC address "02:00:00:00:00:00" from Capsule Connect if application was not installed from a Mobile Device Management (MDM) vendor. This Dummy MAC address allows all iOS devises to bypass the MDM.

Note: When an app is installed from MDM portal, the real device's MAC address is used to identify the device, and MDM provider has a way to get this real MAC address.


Solution
Note: To view this solution you need to Sign In .