https://live.paloaltonetworks.com/t5/general-topics/restrict-network-access-for-mobile-devices/m-p/235942#M67628 <P>Our IOs and android devices are restricted by device certificates.</P><P>&nbsp;</P><P>create a root cert on th PA and then generate device cert and push via mobileiron.</P><P>&nbsp;</P><P>we have seperate gateways for mobile devices.</P> Thu, 18 Oct 2018 05:16:17 GMT Mick_Ball 2018-10-18T05:16:17Z https://live.paloaltonetworks.com/t5/general-topics/restrict-network-access-for-mobile-devices/m-p/235874#M67615 <P>Hello,</P><P>&nbsp;</P><P>I have an environment where mobile devices are managed using MobileIron. I want to restrict network access such that the only mobile devices that can connect are managed and belong to a known user.</P><P>&nbsp;</P><P>What is the best way to approach this problem?</P><P>&nbsp;</P><P>I have done some preliminary testing and it seems that the HIP checks requiring the device to be managed does not work (I have tried with both a managed Android and iOS device and they both failed the HIP check and in collected logs, Managed=No), and the ability to check for the presence of another app (like MobileIron) only works for Android devices.</P> Wed, 17 Oct 2018 20:13:36 GMT https://live.paloaltonetworks.com/t5/general-topics/restrict-network-access-for-mobile-devices/m-p/235874#M67615 mikembau 2018-10-17T20:13:36Z https://live.paloaltonetworks.com/t5/general-topics/restrict-network-access-for-mobile-devices/m-p/235942#M67628 <P>Our IOs and android devices are restricted by device certificates.</P><P>&nbsp;</P><P>create a root cert on th PA and then generate device cert and push via mobileiron.</P><P>&nbsp;</P><P>we have seperate gateways for mobile devices.</P> Thu, 18 Oct 2018 05:16:17 GMT https://live.paloaltonetworks.com/t5/general-topics/restrict-network-access-for-mobile-devices/m-p/235942#M67628 Mick_Ball 2018-10-18T05:16:17Z