A new stable appliance firmware version is available. Firmware MX 19.1.11 was just released on 2025-09-09 and has been in this firmware category since 2025-09-08.
As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.
Starting with MX 19.1 firmware on vMX platforms, Meraki has begun to deprecate the use of 3DES encryption for Phase 2 (IPsec) of Client and IPsec VPN connections due to its insecure nature. Subsequent firmware releases will continue to deprecate it on all platforms.
Executive summary
This is a routine maintenance release for MX 19.1. It contains fixes related to IPsec VPN connections and stability improvements for MX75 and MX85 appliances. Please read through the full details below.
We strongly encourage customers running older releases to begin the process of migrating to MX 19.1 or MX 19.2.
Additionally, customers with MX75 and MX85 appliances that are already running previous MX 19.1 releases are also encouraged to upgrade. The additional fixes in this release build upon the previous improvements in MX 19.1, which meaningfully address the most frequent causes of unexpected device reboots on the MX75 and MX85 appliances.
Bug fixes - general fixes
Resolved a rare case that could result in eBGP sessions failing to form over IPsec VPN connections. (MX-38146)
Corrected an issue that could result in IPsec VPN traffic not correctly failing over to the Internet when tunnel monitoring health checks were simultaneous failing on both WAN uplinks. (MX-36301)
Resolved an issue that resulted in MX appliances not performing TCP MSS clamping for IPsec VPN peers. (MX-2492)
Bug fixes - limited platform fixes
Stability improvements for MX75 and MX85 appliances. (MX-34321)
Legacy products notice
When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13.
Known issues status
This list is being reviewed and updated.
Known issues
During the upgrade process, MX appliances upgrading from version prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36307)
Due to an issue under investigation, MX appliances may incorrectly route traffic destined to subnets learned through eBGP over a Non-Meraki VPN connection. (MX-34803)
When failover is configured between non-Meraki VPN tunnels, the Route Table page on Dashboard may incorrectly show the route for the primary VPN tunnel is inactive. (MX-36316)
During the upgrade process, MX appliances upgrading from versions prior to MX 19 will experience a failure to connect to non-Meraki VPN peers if any VPN peer names contain a space. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36312)
Other
The product complies with EN 18031-1:2024 and EN 18031-2: 2024
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
