Issues after MX 18.106 firmware Upgrade on MX84 & MX100

Gadgetprog
Conversationalist

Issues after MX 18.106 firmware Upgrade on MX84 & MX100

After upgrading to MX 18.106 firmware on MX84 & MX100 we are experiencing websites not loading in browsers and extremely slow loading of some HTML based Outlook email content. We are receiving "ERR_CONNECTION_REFUSED" and "The connection for this site is not secure" messages in browsers. In Outlook we are seeing the image icon in place of the images until they load, which is extremely slow. Also, a month ago I loaded version 18 beta and experience the VPN tunnels frequently bouncing, but that seems to have been resolved in this latest version. I'm planning to rollback the firmware this evening.

 

Anyone else experiencing these issues? 

Making great things happen with technology.
18 Replies 18
RaphaelL
Kind of a big deal
Kind of a big deal

You upgraded from what version out of curiosity ?

Gadgetprog
Conversationalist

Both the MX84 and MX100 were on version 17.10.2. I have 9 remaining locations currently running version 17.10.2 without issue. Only the two locations that were upgraded to 8.106 are having these issues. Digging deeper it seem to be related to websites running older TLS or expired certificates. Not 100% sure on that yet...

Making great things happen with technology.
PhilipDAth
Kind of a big deal
Kind of a big deal

Anything appearing under:

Secure & SD-WAN/Security Centre/MX Events

or

Network-Wide/Event Log (make sure Security Appliance is selected as event source)

Gadgetprog
Conversationalist

No, nothing in the Secure & SD events. As for the Network wide, I don't see any activity listed there related to the websites I am trying to access. Also, the sites were previously added to the allow list (a long time ago) and when checking for Content Filtering, no filter rules show up as being a blocking source.

Making great things happen with technology.
GordA
New here

Yep. Same thing. Internet is basically unusable now.

 

Meraki.PNG

 

Update was at 3:00am. You can see the complete failure of connectivity afterwards.

 

Weirdly, using the tools on the MX reports good speeds and low latency. Just everything connected on the LAN side has gone fun-house mirrors.

 

Going to request a firmware rollback.

cmr
Kind of a big deal
Kind of a big deal

I'm running it on an MX75, but the only web controls in use are categories.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
dade80vr
Getting noticed

Hi, same here! Rollback done to 17.10.2.

Meraki please do not force upgrade to any "Stable RC" versions!

chrisellis
New here

I had the same issue as listed above.  I did packet capture sent to Meraki and they want to install it again so they can run packet captures.   Pretty much told them no.  What I have sent them should show the issue.  But as soon as I rolled back to the 17.10.2 version all problems went away.  All Meraki support suggest that i upgrade to 17.10.4.  Which I have schedule for next week.   

Gadgetprog
Conversationalist

After I downgraded from 18.106 to 17.10.2 all was good. I then thought I'd try upgrading to 17.10.4. Unfortunately, the issues returned. I then downgraded back to 17.10.2 and all is good.

Making great things happen with technology.
Kave
Getting noticed

Solved issue 🙂

We are using MX105 and MS 250.

 

had issue with firmware upgrade when upgrade from 16 x to 17 x or higher ver.

 

problem was HTTPS traffic got slow even with good bandwidth .

 

Please use Unique Client Identifier instead MAC addres as shown on screen shot.

 

you can find it in Security & SD-WAN --> Addressing&VLANs

 

Kave_0-1680574190194.png

 

 

kav noroozi
RaphaelL
Kind of a big deal
Kind of a big deal

Having a hard time to understand how client tracking and TCP/TLS sessions are related.

Iñaki
New here

Hi, same problem. We must rollback to 16.16. We`ll try to update to 17.10.2

dade80vr
Getting noticed

Disable "web cache" in SD WAN & Traffic Shaping and reboot MX will solve the problem as a work around.

Kave
Getting noticed

We are using MX105 and MS 250.

 

had issue with firmware upgrade when upgrade from 16 x to 17 x or higher ver.

 

problem was HTTPS traffic got slow even with good bandwidth .

 

 to fix this issue Please use Unique Client Identifier instead MAC addres as shown on screen shot.

 

you can find it in Security & SD-WAN --> Addressing&VLANs

 

Kave_1-1680574220736.png

 

kav noroozi
Magil
New here

Does anyone know if Meraki/Cisco has opened a bug report for this issue? We're seeing a similar issue with the "ERR_CONNECTION_REFUSED" message coming up since the 18.106 firmware upgrade of our MX100s. It would be interesting to know if Meraki has acknowledged this as a bona fide issue and that they are actually working on a fix.

cmr
Kind of a big deal
Kind of a big deal

18.106.1 and 18.107 are out now and may help 🤞

If my answer solves your problem please click Accept as Solution so others can benefit from it.
CyberDingo
Getting noticed

I don't know about others, but I am still experiencing this issue with v18.106.1 and v18.107 😞

LakesideLion
Getting noticed

We're getting this behavior now with an MX450 on 18.107.8.  Anyone else experiencing this now?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels