Avaya recommends TLS protocol for H.248 communications between Branch Gateway and Communication Manager. The Branch Gateway SLA Monitor Agent also uses TLS to communicate with the SLA Monitor Server and Avaya Diagnostic Server (ADS).

To use TLS with Communication Manager, set the link-encryption type on Communication Manager and Branch Gateway.

On Communication Manager, you can specify whether to use TLS for H.248 communication. Selecting tls-only restricts the TLS communication use, whereas when you select any, Communication Manager can use TLS or PTLS. Avaya recommends TLS as it is more secure, whereas PTLS is an older proprietary protocol that older gateway releases used before introducing TLS.

Similarly, using the set link-encryption CLI command, the administrator can specify the link-encryption type the gateway uses. When using this command, ensure that at least one TLS version is enabled and that Communication Manager supports the selected version. By default, the gateway has TLS version 1.2 enabled. Only TLS 1.2 is supported when FIPS mode is enabled.

For more information on TLS administration, see Administering Avaya Aura® Communication Manager and Avaya Aura® G430 Branch Gateway CLI Reference.