A new candidate appliance firmware version is available. Firmware MX 19.2.3 was just released on 2025-09-17 and has been in this firmware category since 2025-09-16.
As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.
Starting with MX 19.1 firmware on vMX platforms, Meraki has begun to deprecate the use of 3DES encryption for Phase 2 (IPsec) of Client and IPsec VPN connections due to its insecure nature. Subsequent firmware releases will continue to deprecate it on all platforms.
Executive summary
This is a routine maintenance release and the latest generally available release for MX 19.2. It primarily contains fixes addressing cases of unexpected device reboots and various fixes for IPsec VPN. Please read through the full details below.
Bug fixes - general fixes
Stability improvements across various devices and configurations. (HWMX-236, MX-34321, MX-38160, MX-41498)
Resolved a rare case that could result in eBGP sessions failing to form over IPsec VPN connections. (MX-38146)
Resolved an MX 19.1 regression that resulted in NAT-mode MX VPN concentrators incorrectly continuing to advertise routes for AutoVPN spokes via OSPF when the WAN connection went down. (MX-41298)
Corrected an issue that could result in IPsec VPN traffic not correctly failing over to the Internet when tunnel monitoring health checks were simultaneous failing on both WAN uplinks. (MX-36301)
Resolved an issue that could result in MX appliances failing to report flow data for IPsec VPN traffic via Netflow. (MX-32201)
Fixed an MX 19.2 regression that resulted in VPN exclusion policies affected traffic generated by the MX itself. (MX-41771)
Updated the NBAR traffic classification engine (MX-37907, MX-38160)
Resolved a rare issue that could result in MX appliances losing WAN connectivity with the upstream modem until its DHCP lease expired. This issue only occurs if 1) the MX appliance attempts to renew an expiring DHCP lease, 2) the modem has not recently replied to ARP requests at the time the DHCP Offer is received by the MX, and 3) the modem terminates the old DHCP lease upon receiving a DHCP request. (MX-39230)
Fixed an issue that resulted in the device local status page not correctly reflecting when IPv6 had been disabled on a PPPoE uplink. (MX-21285)
Bug fixes - limited platform fixes
Corrected a rare issue that could result in NAT port exhaustion much earlier than expected when multiple client devices were reaching out to a common IP address all using the same source and destination ports on MX75, MX85, MX95, MX105, MX250, and MX450 appliances. (MX-41638)
Corrected an issue that could result in Z3C, MX67C, and MX68CW appliances incorrectly using an MTU of 1280 bytes. (MG-4917)
Legacy products notice
When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13.
Known issues status
This list is being reviewed and updated.
Other
The product complies with EN 18031-1:2024 and EN 18031-2: 2024
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
