We have mainly PC and it is easy to check that these computers are "Corporate": we check a machine cetificate signed by our root CA.
Now we have some Mac book that need to connect through our MAG appliances. I realy don't know how to check these machines since host checker on Mac does not provide certificate check.... but only to check a process or a file ....
I'm wondering as well. Are your Macs in the domain, with a product like Centrify, so maybe you can issue them certificates? You could do a realm or role cert. requirement.
Also, for your PCs, are you assigning IP addresses from a pool or do you have a method of assigning a constant static IP to each machine?
Well for the PC we are using a pool on the MAG.
Yes the MAC are in the domain and we can issue them some machine certificate, but as the MAG can not check machine certificate on MACos machine.... The idea may be to assign user certificate, and authenticate with a Certificate Realm.
Have you tried making a Pulse connection set with the "Connection is established:" option "Automatically when the machine starts. Machine credentials used for authentication." (3rd) selected, and then authenticating the machine cert. against a certificate server?
I guess that wouldn't work... on Macs, Pulse can only check user certificates.