Important notice

• As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.

Executive summary

• This is the first Stable release for MX 19.1. It contains a variety of new features that expand the MX product line’s connectivity and security capabilities, while also continuing to improve ease of management at scale.
• For customers already on MX 19.1, this includes a few small bug fixes around packet routing, AutoVPN MTU when SGT is in use, and 802.1X port authentication on the MX67(C,W) and MX68(W,CW) appliances. Please read through the full details below.
• With the promotion of MX 19.1 to Stable and MX 19.2 to Stable Release Candidate, we strongly encourage customers to begin their process of migrating from older releases. We do not intend for any significant fixes to become available through future MX 18.2 releases.

New feature highlights

• Added support for configuring eBGP over Non-Meraki site-to-site VPN connections.
• Added support for failover (and failback) between Non-Meraki VPN tunnels
• MX appliances can now integrate with the Cisco XDR network security product from the Meraki Dashboard
• Significantly expanded the troubleshooting capabilities available from the device local status page
• Improved traffic classification with SD-AVC (Software-Defined Application Visibility and Control)
• Added support for Catalyst and Meraki SD-WAN fabric Interconnect
• Added support for Advanced Security features on vMX appliances in routed mode
• Added API support for configuring VPN NAT Translation
• Added API support for configuring Multicast Forwarding
• Added API support for configuring Split DNS

What's new

• Updated the list of built-in APNs for the Bell provider to include “mcorp.bell.ca.ioe” for Z3C, Z4C, MX67C, and MX68CW appliances. (MG-5215)

Bug fixes - general fixes

• Fixed an issue that resulted in the AutoVPN MTU not being updated when SGT was enabled. The maximum AutoVPN MTU is now 1426 bytes when SGT is enabled. (MX-39600)
• Fixed an issue where packets would follow a less specific static IPsec route even if there was a more specific eBGP over IPsec learned route. (MX-37758)

Bug fixes - limited platform fixes

• Resolved a rare issue on MX67(C,W) and MX68(W,CW) appliances that could result in ports configured for 802.1X authentication getting stuck in an unauthorized state. This would result in a lack of connectivity for clients connected to the port. (MX-37247)
• Fixed an issue that could result in ICMP fragmentation needed messages sent from client VPN clients being incorrectly routed on MX75, MX85, MX95, MX105, MX250, and MX450 appliances. (MX-37532)
• Resolved a MX 19.1 regression that could result in an unexpected device reboot on MX75 appliances when many firewall rules were present. (MX-41498)

Legacy products notice

• When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.13.

Known issues status

• This list is being reviewed and updated.

Known issues

• During the upgrade process, MX appliances upgrading from version prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36307)
• Due to an issue under investigation, MX appliances may incorrectly route traffic destined to subnets learned through eBGP over a Non-Meraki VPN connection. (MX-34803)
• When failover is configured between non-Meraki VPN tunnels, the Route Table page on Dashboard may incorrectly show the route for the primary VPN tunnel is inactive. (MX-36316)
• During the upgrade process, MX appliances upgrading from versions prior to MX 19 will experience a failure to connect to non-Meraki VPN peers if any VPN peer names contain a space. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36312)

Other

• The product complies with EN 18031-1:2024 and EN 18031-2: 2024