This is an early-stage beta version for the MX 16 release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 15 or MX 14 releases will provide a more stable upgrade alternative.
Due to a regression currently under investigation, MX appliances may be unable to establish cellular connectivity on both integrated cellular modems and external USB modems. We recommend that customers that rely on cellular connectivity in their deployments wait until a later MX 16 release to upgrade.
Legacy products notice
When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.55.
Bug fixes
Resolved an issue that resulted in the DNS lookup live tool always sending DNS queries to the DNS server configured on the uplink, regardless of whether a different IP address was specified when running the tool.
Corrected a case that could result in a crash of the process responsible for managing and maintaining non-Meraki and client VPN tunnels.
Fixed a very rare case that could result in packet loss on MX64(W) appliances.
Corrected an MX 16.4 issue that may have resulted in the device local status page incorrectly reporting that the appliance was not able to communicate with the Meraki Cloud.
Resolved an issue that resulted in Layer 3 firewall rules including FQDNs in the source or destination addresses failing to apply when MX appliances were configured in passthrough mode.
Corrected an issue that resulted in an MX not properly updating the MTU value used for AutoVPN after 1) the MX appliance had established an AutoVPN tunnel with multiple MX appliances, 2) the AutoVPN peer appliances had different MTU values, and 3) the AutoVPN peer appliance possessing the lowest MTU value was disconnected and not reconnected.
Fixed an issue that resulted in communications across non-Meraki site-to-site VPN connections not being subject to configured bandwidth limits.
Update the AnyConnect VPN service
Security improvements
Known issues
After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
Some stability-impacting issues present in MX 14 that affect a small population of MX67(C,W) and MX68(W,CW) appliances still exist.
Some stability-impacting issues present in MX 14 that affect a small population of Z3(C) appliances still exist.
Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network.
World-wide device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed in North America and North America device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed outside of North America.
When deployed in warm spare / high availability (HA), MX67C and MX68CW do not support using their cellular connectivity to pass client traffic. In this deployment, the cellular connectivity can only be used for device monitoring or network troubleshooting. This is an expected limitation for these platforms.
MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time.
On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard.
Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
Significant performance regressions for VPN traffic may be observed on MX84 and MX100 appliances
Group policies do not correctly apply to client devices
Z3(C) appliances that are upgraded to MX 16 versions cannot directly downgrade to MX 14 releases. They must first downgrade to an MX 15 release.
MX IDS security alerts are not detected for Anyconnect VPN traffic
BGP-learned routes may not be properly reflected in the Route Table page on the Meraki Dashboard, despite BGP and packet routing operating correctly.
There is an increased risk of encountering device stability issues on all platforms and across all configurations.
If my answer solves your problem please click Accept as Solution so others can benefit from it.
