Secure Remote Access Service

For Staff For Staff
For student For student
Not for alumni Not for alumni
Overview
 
Secure Remote Access Service
 

The Secure Remote Access Service (“The SASE Service”) is a modern security channel that provides users with an enhanced remote access experience, ensuring secure and efficient connections to the University's sensitive IT services, systems and data—anytime, anywhere.
 

Key benefits of SASE
 
  • Flexible and Enhanced Performance: True ‘access from anywhere’ without compromising security or speed, faster and more reliable than traditional VPNs. 
  • Robust Security: State-of-the-art technologies for protecting the University's IT systems, data and user credentials.

 

Type of Devices Officially Support:
 
 Laptop or Desktop PC models purchased under PC or Laptop Tender with FO
Others *
Type of DeviceDomain-joined Windows DeviceStandalone Windows DeviceMac OS Device
Official SupportYesYesNoNo

* Including the non-standard laptop/PC models owned by the University/Department Units/Research Projects/Centres, or any personally owned laptops/PCs.

doc

Download and Install Cisco Secure Client (Windows)

doc

Download and Install Cisco Secure Client (macOS)

doc

Connect to or Disconnect from Secure Internet Access (SIA) and Secure Private Access (SPA) Using Cisco Secure Client on Windows

doc

Connect to or Disconnect from Secure Internet Access (SIA) and Secure Private Access (SPA) Using Cisco Secure Client on macOS

SIA (Secure Internet Access) and SPA (Secure Private Access)

It depends on the resources you need to access. SIA enables access to internet and SaaS services, while SPA provides access to private resources and IaaS. If you’re unsure how to classify the traffic, please log in/enroll in both SIA and SPA.

You will be automatically logged out of SIA & SPA after 24 hours and will need to reauthenticate to continue using these services.

It is a best practice to disconnect from / unenroll from SIA & SPA manually once finish using.

This could be caused by a network issue. If you are on campus, please make sure you are connected to one of the following Wi-Fi networks:

  • BU-Standard
  • BU-Advanced

If you are already connected to one of these networks and still experience issues, try restarting your device or contact ITO for further assistance.

Currently, SASE only supports web browsing, remote desktop connection and access to ITO-managed network drives. Internal resources should be configured to remove IP restrictions for SASE IP addresses. For more details, please contact ITO for further assistance.

The Campus LAN will take priority, and your network traffic will bypass SASE service.

Please enter the full path of the network drive (eg. \\xxx.hkbuad.local\xxx).

  • Make sure you have the access right to the drive
  • If you are off campus, make sure you are connected through the SASE service before attempting to map the drive.
  • If you continue to have issues, please contact ITO for assistance.
img-faq01 img-faq01

You can ignore this error message. Please try logging in with your credentials again; you should then be able to access the network drive.

img-faq02 img-faq02

Please verify that you have entered the correct username and password. Also, ensure that the domain is set to HKBUAD. If it is not, enter your username in the format HKBUAD\username

img-faq03 img-faq03

Please restart your computer and try again. If you are on campus, make sure you are connected to either the BU-Standard or BU-Advanced Wi-Fi networks. If the issue persists, contact ITO for further assistance.

img-faq04 img-faq04
img-faq05 img-faq05
img-faq06 img-faq06
img-faq07 img-faq07
img-faq08 img-faq08
Posture Checking

It typically takes around 10-15 minutes for the system to re-evaluate your device.  If you want to trigger the posture check immediately, you can manually unenroll and then re-enroll your device. For instructions on how to unenroll, please refer to the installation guide.

img-faq09 img-faq09

You may have installed multiple endpoint security agents, some of which may not be supported by the solution. Please uninstall any unsupported security agents (refer to the minimum requirement of installation guide).

If you have installed ESET Endpoint Security, please refer to the steps below to uninstall it from Windows or macOS devices:

1.     Uninstall ESET (for Windows users)

  • Search for “Add or remove programs” in the search box.
img-faq10 img-faq10
  • Locate ESET Security in the list.
  • Click the ‘’ icon and select Modify.
  • Click ‘Next’.
img-faq11 img-faq11
  • Select ‘Remove’.
img-faq12 img-faq12
  • Click ‘Finish’.
img-faq13 img-faq13

2.     Uninstall ESET (for macOS users):

  • Open Finder and go to the Applications folder.
  • Locate the ESET Endpoint Security application.
  • Right-click on the application and select ‘Move to Trash’.
  • Empty the Trash to complete the uninstallation.

3.     Restart your computer

4.     Manually unenroll

Third-party security firewall may take over native firewall, so you fail the posture checking. To fix the issue, please follow the steps below:

1.    Disable the Third-Party Firewall:

  • Open the third-party firewall application.
  • Look for the option to disable or turn off the firewall, usually found in the settings or preferences menu.
  • Confirm that the third-party firewall is disabled.

2.    Enable Windows Firewall (for Windows users):

  • Navigate to Control Panel > Windows Defender Firewall > Turn Windows Defender Firewall on.
img-faq14 img-faq14
  • Ensure that Windows Firewall is turned on for both private and public networks.

3.    Enable Mac Firewall (for Mac users):

  • Go to System Preferences > Security & Privacy.
  • Click on the Firewall tab.
  • If the firewall is off, click ‘Turn firewall on or off
img-faq15 img-faq15
  • You can also click ‘Firewall Options’ to customize settings if needed.

4.    Restart Your Computer:

  • After making these changes, restart your computer to ensure all settings are applied correctly.
Miscellaneous

Cisco Secure Client does not support multiple user sessions.  Before signing out or switching to another user account, please disconnect from/ unenroll from the SIA/ SPA.  This helps prevent you SASE account from being locked.

No, the Cisco Secure Client supports Windows and macOS devices only.

Free of Charge

Building a Secure Digital Future: Essential Tools for Information Protection
training3 training3
Briefing Session I on Secure Remote Access Service

The Secure Remote Access Service (“The SASE Service”) is a modern security channel that provides users with an enhanced remote access experience, ensuring secure and efficient connections to the University's sensitive IT services, systems and data—anytime, anywhere. 

This briefing session will introduce you to this new service and guide you on its use, which will cover the following topics:  

  • An overview of key features and benefits.
  • A step-by-step guide to getting started.
10 October 2025 (Fri)
3:00 pm – 4:00 pm
Online 
Cantonese
Staff 
Training Deck
Training Video
training3 training3
Briefing Session II on Secure Remote Access Service

The Secure Remote Access Service (“The SASE Service”) is a modern security channel that provides users with an enhanced remote access experience, ensuring secure and efficient connections to the University's sensitive IT services, systems and data—anytime, anywhere. 

This briefing session will introduce you to this new service and guide you on its use, which will cover the following topics:  

  • An overview of key features and benefits.
  • A step-by-step guide to getting started.
13 October 2025 (Mon)
3:00 pm – 4:00 pm
Online 
English
Staff 
Training Deck
Training Video