USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.
Bug fixes
Stability improvements for MX64W and MX65W appliances.
Stability improvements for Z3C, MX67C, and MX68CW appliances.
Corrected an MX 18.1 regression that could result in MX95, MX105, MX250, and MX450 appliances improperly duplicating multicast packets.
Resolved an MX 18.1 regression that resulted in MX95 and MX250 appliances failing to send CDP or LLDP messages.
Legacy products notice
When configured for this version, Z1 devices will run MX 14.56.
When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
Known issues status
This list of issues is currently being maintained and there may be new updates in the future.
Known issues
Due to unknown causes, the NBAR traffic analysis engine may fail to classify traffic in some cases.
Due to a rare issue with no known method of reproduction, MX appliances may reboot unexpectedly.
MX64W and MX65W appliances may experience unexpected device reboots for reasons currently under investigation.
MX67C, MX68CW, and Z3C appliances may erroneously detect a SIM card as missing. This state can be cleared by rebooting the device.
MX67W and MX68(W,CW) appliances may experience unexpected device reboots for reasons currently under investigation. A potential cause may be oversized wireless packets.
In rare circumstances the intrusion detection and prevention process may crash and restart. In some circumstances this can cause a minor disruption to network traffic. This issue is expected to be resolved through an update to the IDS/IPS container rather than the MX firmware version.
Clients using an older version of the AnyConnect client may not be able to successfully perform Duo multi-factor authentication. This can be resolved by updating the AnyConnect client to 4.10.05085 or higher.
Due to unknown reasons, MX64W and MX65W may experience unexpected device reboots. This is most likely related to the wireless subsystem.
MX67C, MX68CW, and Z3C appliances may encounter an issue where they are unable to communicate with the integrated modem. This state can be cleared by rebooting the device.
Due to a rare issue with no known method of reproduction, MX appliances have been documented to fail to fetch an updated device configuration for several days.
In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may erroneously block SIP traffic from client VPN clients. This is most likely related to an issue with IP fragmentation and reassembly.
In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may result in increased latency for Citrix. This may be related to an issue with IP fragmentation and reassembly.
MX67C, MX68CW, and Z3C appliances may fail to apply custom APNs.
Due to a rare issue under investigation, MX67C and MX68CW appliances may unexpectedly fail to detect some working SIM cards.
In rare cases, MX67C, MX68CW, and Z3C appliances may fail to enter into a "Ready" state despite being able to register to a cellular network and obtain an IP address for the modem.
When MX67C, MX68CW, and Z3C appliances are repeatedly unable to communicate with the integrated modem, they will attempt to reset the modem to restore connectivity. In some cases, this reset procedure may fail, requiring the appliance to be physical power cycled to restore connectivity with the modem.
Due to an MX 17 regression, the integrated cellular modem on MX67C, MX68CW, and Z3C appliances may fail to acquire an IP address via DHCP. This can be resolved with a physical power cycle of the appliance.
When using a cellular active uplink with the primary uplink configured as cellular, the Dynamic DNS hostname will not function properly.
MX67W and MX68(W,CW) appliances may experience a crash of the wireless subsystem that results in a device reboot.
Due to architectural changes to support content filtering powered by Talos, MX devices will no longer report the category that caused a URL to be blocked by content filtering when in full list mode.
Due to a rare issue with no known method of reproduction, MX95, MX105, MX250, and MX450 appliances may encounter unexpected device reboots.
Due to reasons still under investigation, MX85 appliances may be more likely to encounter an unexpected device reboot on this version.
The Non-Meraki VPN service may fail to properly establish IKEv2 tunnels when the MX appliance is acting as the IKEv2 responder and many allowed subnets are configured.
Other
Added support for configuring PPPoE uplinks without a password on the device local status page.
Added improved input validation on the device local status page when configuring the gateway IP address for WAN interfaces.
@RaphaelL agreed, however I don't see the 1:1 NAT issue listed as a bug fix or an active issue. This has prevented us from upgrading since that was awful.
Edit: Derp, I see that is fixed in the 18.210 firmware, not 18.107.10
MX appliances will fail to respond to ping messages when 1) the ICMP request is initiated from the WAN, 2) the IP address on the WAN interface is an IPv6 address, 3) the destination of the ping request is a statically assigned IPv6 address, and 4) the static address is an MX LAN IP address.
Due to an issue with no known method of reproduction, the IDS and IPS process may unexpectedly restart.
When a WAN failover occurs, Non-Meraki VPN tunnels will persist on the backup, non-primary uplink after a failback to the primary WAN interface if the WAN interface uses IPv6.
Everytime I see a "rare" bug , I always endup being affected by that bug , so I don't know the criteria to be classifed as rare , but I don't think that it is that rare.
But I have heard that MX 18.211 will be out in 2 weeks with TONS of bug fixes and will be moved to stable. Not quite sure confident to run that in prod , I will be waiting for MX 18.212++
Get notified when there are additional replies to this discussion.
