I have R80.10 with mobile and IPsec blades active and I need to ensure that only compliant clients can connect. A compliant client is one that has AV running with updated DAT and Windows critical updates installed. ESoD on mobile portal is not an option because it doesn't work well with all the browser protections. I was thinking on use CP Mobile for Windows client but I don't know how I can enforce compliance check. I've already enabled desktop policy and I have a green Compliant button on the client, but the gateway is not scanning the client...