Meraki

Community

New MX 16.13 beta firmware release - VPN and stability fixes

cmr
Kind of a big deal
Kind of a big deal
‎Oct 14 2021 3:59 AM
‎Oct 14 2021 3:59 AM

New MX 16.13 beta firmware release - VPN and stability fixes

Security appliance firmware versions MX 16.13 changelog

Important notice

  • This is a beta version for the MX 16 release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 15 or MX 14 releases will provide a more stable upgrade alternative.
  • While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances.
  • HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions.

Legacy products notice

  • When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.56.

Bug fixes

  • Updated the AnyConnect VPN service
  • Improved performance and reliability of WAN connectivity in some cases for MX75 and MX85 appliances.
  • Corrected a race condition that could result in small amounts of traffic improperly flowing between the WAN and LAN during system bootup on MX64(W) and MX65(W) appliances.
  • Fixed a cosmetic issue that resulted in the Dashboard incorrectly reporting that a device was connected to the USB port on MX95 and MX105 appliances.
  • Resolved an issue that resulted in LLDP and EAP traffic being incorrectly sent out all LAN ports on MX64(W) and MX65(W) appliances.
  • Stability improvements for MX250 and MX450 appliances.
  • Corrected an issue that could result in traffic being sent to an incorrect IP address when MX appliances have a cellular active uplink enabled.
  • Resolved an MX 16 performance regressions for VPN traffic on MX250 and MX450 appliances.
  • Fixed an issue that could result in non-Meraki site-to-site VPN tunnel connectivity issues after a failover and failback to WAN2 occurred.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
  • Group policies do not correctly apply to client devices
  • Z3(C) appliances that are upgraded to MX 16 versions cannot directly downgrade to MX 14 releases. They must first downgrade to an MX 15 release.
  • BGP-learned routes may not be properly reflected in the Route Table page on the Meraki Dashboard, despite BGP and packet routing operating correctly.
  • There is an increased risk of encountering device stability issues on all platforms and across all configurations.
If my answer solves your problem please click Accept as Solution so others can benefit from it.
4 Replies 4
Owen
Getting noticed
‎Oct 14 2021 3:28 PM
‎Oct 14 2021 3:28 PM

  • Corrected a race condition that could result in small amounts of traffic improperly flowing between the WAN and LAN during system bootup on MX64(W) and MX65(W) appliances.

Wow, only took three years of waiting for this fix. Reported multiple tickets on this and each time engineering always said "working as designed". I wonder what it took for them to finally take this seriously and fix it.

Hopefully also includes other platforms as the MX84,100 also leak data between LAN and WAN on reboot, like STP which can cause BPDU guard to kick in.

0 Kudos
OVERKILL
Building a reputation
‎Oct 14 2021 8:15 PM
‎Oct 14 2021 8:15 PM

Pretty minor upgrade from 16.12 from the looks of things, thanks for the share. 

0 Kudos
ViniciusFranca
Here to help
‎Oct 21 2021 7:37 AM
‎Oct 21 2021 7:37 AM

Hi, for me and my our company this firmware version is very well.

 

Can you tell about the next stable version, and when will we have it?

In response to ViniciusFranca
cmr
Kind of a big deal
Kind of a big deal
‎Oct 21 2021 8:53 AM
‎Oct 21 2021 8:53 AM

@ViniciusFranca the beta versions move to stable release candidate if enough people adopt them, then to stable.  We too are using on most sites already and happy with it.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.