When running the Modern Connect Tunnel client the ClearPass agent does not work. The ClearPass connection with its server using TCP port 6658 does not transit the VPN resulting in a failure. When using the Legacy Connect Tunnel this works correctly.
Note, in 12.4.0 current hotfixes the Modern Connect Tunnel client is just called the Connect Tunnel client. It is differentiated from the Legacy Connect Tunnel client by the Legacy name on the latter. A Windows 10 PC loading Connect Tunnel from the 12.4 SMA will load the MCT version by default.
The issue was resolved to be an issue with the ClearPass agent.
When ClearPass upgraded their agent to version 18.104.22.168997 this was resolved and the ClearPass agent works correctly with Modern Connect Tunnel.
Secure Mobile Access>SMA 1000 Series
Secure Mobile Access>SMA 1000 Series>Connect Tunnel for Device Guard
Secure Mobile Access>SMA 1000 Series>Connect Tunnel Client