New MX 15.42.2 stable firmware - fixes 1Gb SFP module compatibility

Kind of a big deal
Kind of a big deal

New MX 15.42.2 stable firmware - fixes 1Gb SFP module compatibility

Security appliance firmware versions MX 15.42.2 changelog

Mx 15 feature highlights

  • Added support for Cisco Umbrella integration
  • Added support for establishing non-Meraki VPN tunnels using IKEv2
  • Added support for configuring source-based default routes
  • Local breakout of SaaS applications to use public Internet links instead of Auto VPN tunnels. L3 breakout policies are available with all license tiers. Smart application breakouts are available with the Secure SD-WAN Plus license.

Important notice

  • Please note MX 15.41 and higher includes a change that resolved an issue that caused MX appliances to not source DHCP messages from the shared virtual MAC address when configured in High Availability (HA). DHCP messages from MX appliances configured in HA will now be sourced from the shared virtual MAC address.
  • Due to underlying changes present in MX 15, MX appliances will now strictly validate the remote ID parameter during VPN tunnel formation. If you notice issues with non-Meraki VPN tunnel connectivity after upgrading to MX 15 for the first time, please ensure the remote ID configured in the site-to-site VPN page for a given non-Meraki peer matches what is configured as the local ID on that device.

Legacy products notice

  • When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.55.

Bug fixes

  • Resolved an issue that resulted in MX250, MX450, MX95, and MX105 appliances being unable to properly utilize some MA-SFP-1GB-TX SFP modules.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions.
  • Some stability-impacting issues present in MX 14.19 that affect a small population of MX250 and MX450 devices still exist.
  • Some stability-impacting issues present in MX 14 that affect a small population of MX67(C,W) and MX68(W,CW) appliances still exist.
  • Some stability-impacting issues present in MX 14 that affect a small population of Z3(C) appliances still exist.
  • Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network.
  • When deployed in warm spare / high availability (HA), MX67C and MX68CW do not support using their cellular connectivity to pass client traffic. In this deployment, the cellular connectivity can only be used for device monitoring or network troubleshooting. This is an expected limitation for these platforms.
  • MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time.
  • On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard.
  • Once a Z3 has been updated to this firmware version it can only run MX 14.31 or MX15.8 and higher. This is an expected result of updates to the device booting mechanisms and this limitation will not be resolved in future releases.
  • The DES encryption algorithm is no longer supported for use in formation of VPN tunnels.
  • Creating VPN tunnels using aggressive mode IKE is no longer supported.
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems.
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page.
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.