MX Firmware - 15.23 BETA

NolanHerring
Kind of a big deal

MX Firmware - 15.23 BETA

Looks like firmware version 15.X is back in BETA

 

 

Important notice

  • This is a beta version for the next major MX release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 14 releases will provide a more stable upgrade alternative.
  • The DES encryption algorithm is no longer supported for use in formation of VPN tunnels.
  • Creating VPN tunnels using aggressive mode IKE is no longer supported.

Supported products notice

  • Z1, MX60, MX60W, MX80, and MX90 devices are not supported on MX 15 and newer releases.

New features

  • Added firmware support for configuring BGP hold timers.

Bug fixes

  • Stability improvements for MX250 and MX450 appliances.
  • Fixed an issue that could result in MX64(W) and MX65(W) appliances being unable to successfully fetch a configuration from the Meraki Dashboard without Meraki Support’s intervention.
  • Corrected an MX 15.12 regression that could result in some fragmented packets being dropped in rare circumstances.
  • Wireless stability improvements.
  • Fixed an MX 15 regression that could result in higher-than-expected CPU utilization when many AutoVPN routes were present in the configuration.
  • Corrected an issue that resulted in OSPF routes being advertised much slower than expected when the AutoVPN process was reinitialized.
  • Resolved an issue that could result in MX67(W) and MX68(W,CW) appliances entering a reboot loop if 802.1X port authentication was configured while wireless was also enabled.
  • Resolved an MX 15.15 regression that could result in MX65(W) appliances being unable to successfully upgrade to MX 15 releases.
  • Corrected an MX 15.15 regression that could result in MX65(W) appliances being unable to properly route some traffic if 1) one or more of ports 3-7 were configured as an access port AND 2) one or more of ports 8-12 were configured as an access port.
  • Fixed an issue that may have resulted in unnecessary CPU utilization when clients were wirelessly associated, but not passing any traffic.
  • Corrected a rare issue that could result in clients connected to MX68(W,CW) appliances on ports 8-12 being unable to communicate on the network.
  • Resolved additional cases that resulted in MX 15 performance regressions on MX250 and MX450 platforms.
  • Made some small optimizations to the processing of wireless traffic. This may result in small wireless throughput improvements in some cases.
  • Fixed a case that may have resulted in wireless WMM parameters being set incorrectly.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Some stability-impacting issues present in MX 14.19 that affect a small population of MX250 and MX450 devices still exist
  • Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network.
  • World-wide device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed in North America and North America device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed outside of North America.
  • When deployed in warm spare / high availability (HA), MX67C and MX68CW do not support using their cellular connectivity to pass client traffic. In this deployment, the cellular connectivity can only be used for device monitoring or network troubleshooting. This is an expected limitation for these platforms.
  • When MX67(C,W) and MX68(W,CW) units are deployed in warm spare / high availability (HA), rebooting the spare appliance may cause a disruption of client connectivity for 10 or more seconds.
  • After making some configuration changes on MX67(C,W) and MX68(W,CW) appliances, a period of packet loss may occur for 10 or more seconds.
  • For a brief period of time upon boot, MX67(C,W) and MX68(W,CW) platforms can become bridged. This increases the likelihood of network loops forming in topologies with multiple inter-connected network devices for this brief period of time.
  • MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time.
  • On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard.
  • Once a Z3 has been updated to this firmware version it can only run MX 14.31 or MX15.8 and higher. This is an expected result of updates to the device booting mechanisms and this limitation will not be resolved in future releases.
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Due to issues still under investigation, MX84, MX100, MX400, and MX600 appliances may not be able to establish OSPF or BGP sessions
  • As a new major version evolving through beta, there are a number of new, uncommon issues that may result in device reboot that we are continuing to investigate and work through. In particular, the Z3(C), MX84, MX100, MX400, MX600, MX250, and MX450 appliances have unresolved issues that we are tracking closely and continuing to investigate and drive towards resolution.

Other

  • While we have previously listed MX 15 releases as “early-stage beta versions,” we will be dropping the “early-stage” status going forward. After having MX 15 available in beta for much of 2019, we have seen a significant increase in the breadth of deployments of MX 15 and through that, and our own internal testing, we have been able to identify and resolve many issues affecting this upcoming release. While this is an important step forward for MX 15, it remains in development and additional caution in upgrading production appliances to MX 15 releases is still warranted with the known issues above taken into consideration.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
5 REPLIES 5
BrandonS
Kind of a big deal

I noticed the email showed different new features.  I wonder if one or the other is wrong?

 

The firmware for the security appliances in 2 networks in the organization "Team One Solutions" will be upgraded to MX 15.23.

The new firmware includes support for the following features:

- Added support for the Cisco Umbrella integration beta
- Added support for reporting of flows blocked by layer 7 firewall rules to syslog
- Added firmware support for configuring a default route per VLAN
- Ex community all-star (⌐⊙_⊙)
Riaz_Voltex
Conversationalist

Does anyone know if 3DES encryption is no longer supported on MX 15.23? My entire Mesh VPN is using 3DES encryption.

Both DES and 3DES will not work on the 15.x version. I tried it previously and did not work. Meraki support documentation did not mention 3DES only DES but a call into their support and I was told both DES and 3DES not supported.

Roska
A model citizen

Thanks for sharing @NolanHerring 

cmr
Kind of a big deal
Kind of a big deal

I've been running an MX64 as an internet firewall and an HA pair of MX84s as a hub of an SD-WAN all day with this firmware and so far, so good.  Upgrading another set of sites tomorrow.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels