The current release of ISE doesnt have the feature to check mobile devices in this manner. The profiling feature allows them to be profiled and the latest client (CNA) allows ISE to push certs and network configuration profiles. However an upcoming release is rumored to have some integration with MobileIron (based on a recent demo from MobileIron) but I do not know what that will entail.
If a user is able to mask a check from MobileIron for being rooted then that should be considered a bug that MobileIron should address.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...