Meraki

janic

Hi fellow Meraki admins,

Lately, we've noticed across multiple customers that the firmware of all devices within a network is not being automatically upgraded as expected. I'm not just talking about waiting 1–2 months for an upgrade to the latest firmware, but rather critical updates (at least according to the dashboard) still remaining unscheduled. We've seen multiple customers running firmware that is over 10 months old, with seemingly no automatic scheduling.

The wording in the dashboard regarding firmware management is, in my opinion, misleading. Under "Network-wide" → "General", the configuration states:

"The *insert Meraki Product* in this network are configured to run the latest available firmware."

As a Meraki admin, when I read this, I expect the network to eventually update to the latest firmware—certainly not after 10 months.

Now, here’s my issue: I'm not expecting Meraki support to immediately conduct an in-depth investigation, but my support ticket response was disappointing. They simply told me that this is "expected behavior" and referenced their docs:

Though it will eventually be pushed to qualified networks via the automated upgrade process, the automated upgrade process does not happen immediately after release and is rolled out over time. The automated process can sometimes take weeks to occur on all networks, depending on certain factors.

I'm sorry, but I find it hard to believe that this feature is intended to work this way.

Sure, we can leverage the API to manually schedule firmware updates for our customers, but this has been a built-in feature for years. As paying customers, we should expect it to work as advertised, especially since Meraki actively promotes it in their sales documentation.

How do you guys handle firmware upgrades across 40+ organizations? Am I supposed to just accept the current state of things?

Brash

I'll first state that I don't manage 40+ organizations so my experience may vary.

I've personally never found the automatic updates to be all that helpful. I've seen firmware pushed immediately to some orgs while others haven't had it pushed for ages.

My preference is to manually manage upgrades.
That way I can pilot new versions before pushing it to all organizations.

Mloraditch

I manage more than you (around 100 and nearly 7500 devices) and currently we do it manually. We've noticed what you have with it not being anywhere near automatic it's on our todo list to add some monitoring and pushes to our tools via the API.

I certainly understand that people should be able to opt-out and some like doing things automatically, but the whole point of their Beta/RC/Prod rings is to suss out the biggest bugs and they definitely still advertise upgrades as automatic but it's anything but that except for the random times they decide otherwise.

It's a problem I shouldn't have to be dealing with especially when some of the bugs addressed are vulnerabilities.

They need to clarify the actual policy and ideally provide settings so I say push upgrades once GA for some period of time or similar if they aren't going to actually globally push.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Paccers

if anything we have the opposite problem and the auto-scheduling pops up and schedules upgrades when we don't want it to! (we keep a tight grip on change management and scheduling).

To be fair to Meraki I don't think it's a guarantee every single Network will get auto-scheduling of upgrades performed so I wouldn't rely on that.

I'd recommend trying to suss out whether you can perform a sweep and upgrade of firmware every 6 months or so at least (easier said than done with 40 Orgs, especially if they have differing times/tolerance for upgrades!)

Meraki

Community

Confusion Around Meraki Firmware Auto-Updates

Confusion Around Meraki Firmware Auto-Updates