According to the manual:
"When you enable Mobile Access on a Security Gateway certain IPS Web Intelligence protections are activated. The settings of these protections are taken from a local file and are not connected to the IPS profile. These IPS protections always apply to Mobile Access traffic only, even if the Security Gateway does not have the IPS blade enabled."

This means that any mobile access traffic that matches one of those protections, will be dropped and shown in SmartView Tracker? How can I verify those protections are enabled?

I was trying to simulate Cross-Site Scripting/Command Injection attack from an external IP address, by appending a string in the website's URL. When I do this for a web server located behind the gateway, the traffic is blocked (I get timeout in browser) and I can see the log in tracker. When I do this for the mobile access portal itself, nothing happens. Is this a problem?