Effective Oct. 3, 2016, Avaya will begin executing a remote agent push of the SHA-2 software to all customers with Secure Access Link (SAL) 2.0-2.3 gateways. Avaya is doing this to address the SHA-2 security issue described in PSN004539u and to avoid a potential loss of all remote access to your Avaya solution. Customers that have already upgraded to SAL 2.5.2+ will not receive this remote agent push. Customers with SAL 1.x gateways and Secure Services Gateways (SSG) will still need to perform upgrades to the latest release of SAL prior to the Oct. 1, 2016, end of support date or they will lose all remote connectivity when Avaya shifts to SHA-2 security certificates.
While Avaya originally communicated the need to upgrade SAL Gateways to be SHA-2 compliant in July 2015, thousands of SAL Gateways have still not been upgraded. In response, Avaya has devised this “push” method, which cannot upgrade the whole SAL Gateway but can ‘’push” a new agent to the SAL gateway for SHA-2 compliance. Once the agent is pushed to a SAL Gateway, that gateway cannot be updated or upgraded until the release of SAL Gateway 3.0 (targeted in fiscal year 2017). The best practice continues to be to perform a standard upgrade of SAL Gateways using the Upgrading Secure Access Link (SAL) Gateway for SHA-2 Security Compliance Playbook. However, this push method is necessary in order to ensure that all SAL Gateways are upgraded and operational when the shift to SHA-2 is made in late December 2016. Read the SAL Gateway Remote Agent Push PSN004788u for detailed information on the remote agent push to customers.
If you do not take action and choose to not accept the Avaya remote agent push, your system will lose all remote connectivity when Avaya shifts to SHA-2 certificates, including remote access by Avaya Support engineers, alarm monitoring and resolution by Avaya EXPERT SystemsSM, and diagnostic capabilities like the Configuration Validation Tool.