topic Re: Remote access requirements in SASE and Remote Access

Remote access requirements

StevePearson — Mon, 13 Oct 2025 16:44:30 GMT

I have a site that is using the Remote Access VPN client to connect to a Spark 1600 cluster.

As part of some improvements, they what to manage the cluster with Smart-1 Cloud and report using SmartEvent, which doesn't appear to be a problem, but they also want to start doing checks on connecting remote users to ensure that the endpoint is running a supported OS, latest updates and that they have endpoint protection installed and up to date. (third party endpoint that they are not looking to change)

It's been suggested to use SCV, which I believe will require CPEP-Access licenses on the management server, but I can't find out if Smart-1 Cloud actually supports SCV!

Can anyone confirm this at all (either way), or suggest a different way to do this?

I had wondered about using the Endpoint Prevent client, turning off everything but the VPN blade and adding the Posture management Add-on. Probably over the top but it would have the added advantage of being able to manage and update the clients remotely as apposed to the manual upgrading of the Remote Access VPN client.

Another option may be to drop the VPN client entirely and use SASE instead, but again may be over the top.

Re: Remote access requirements

emmap — Tue, 14 Oct 2025 05:32:59 GMT

SCV is not supported with Spark appliances, regardless of management platform.

Re: Remote access requirements

the_rock — Tue, 14 Oct 2025 06:59:31 GMT

Sounds like harmony endpoint would be needed here.

Andy

Re: Remote access requirements

the_rock — Tue, 14 Oct 2025 15:23:49 GMT

@StevePearson You may want to check with TAC if there is another way...see what they say.

Andy

Re: Remote access requirements

PhoneBoy — Wed, 15 Oct 2025 14:22:48 GMT

It's not explicitly listed in the Smart-1 Cloud Known Limitations.
The main issue with SCV is that you have to modify files on the management.
Which means it will require TAC assistance to apply these changes.

Note that if you're using a SAML Provider as your authentication source, you can implement compliance checks in the Identity Provider.
Also, if you're using the CPEP-ACCESS licenses, you have access to the Endpoint Compliance and Firewall features of Harmony Endpoint.
This doesn't require using SCV or installing the full Harmony Endpoint client, just the standalone client (pick Endpoint Security VPN "flavor").