Hi,
Thank you for your post here.
Firstly we should confirm that your mobile traffic can reach TMG and when TMG block them, we need to collect error information in TMG live logging so that we can get which rule is blocking the traffic.
I think mobile should work under SNAT type. So, your access rule in TMG cannot require authentication.
The easiest way to test is to create an access rule to allow all outbound traffic for all users. Then you can test if the problem persists.
You should know which ports or protocols need to be used by these mobile devices and you need to create relevant access rules to allow them.
If you need further assistance, please feel free to contact us.
Best Regards
Quan Gu