iOS mobile device with Custom MAC is able to connect Mobile Access Gateway and is shown as "compliant"
This is not a Check Point issue, but a Mobile Device Management (MDM) vendor / iOS issue.
iOS sends Dummy MAC address "02:00:00:00:00:00" from Capsule Connect if application was not installed from a Mobile Device Management (MDM) vendor. This Dummy MAC address allows all iOS devises to bypass the MDM.
Note: When an app is installed from MDM portal, the real device's MAC address is used to identify the device, and MDM provider has a way to get this real MAC address.