New MX 16.15 stable release candidate - assorted minor fixes and an AnyConnect update

cmr
Kind of a big deal
Kind of a big deal

New MX 16.15 stable release candidate - assorted minor fixes and an AnyConnect update

Security appliance firmware versions MX 16.15 changelog

Important notice

  • While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances.
  • HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions.

Legacy products notice

  • When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.56.

Bug fixes

  • Updated the AnyConnect VPN service
  • Stability improvements for MX250 and MX450 appliances.
  • Corrected an issue that resulted in the Meraki Dashboard incorrectly showing MX75 and MX85 appliances configured to operate in passthrough mode as using an SFP uplink, as opposed to the copper uplink.
  • Resolved an MX 15.43 regression that resulted in MX appliances that were configured to 1) operate as an in-line passthrough or a one-armed VPN concentrator and 2) were configured to operate in high availability (HA) mode using an incorrect MAC address for management and connection monitoring traffic.
  • Corrected MX 16 regressions that resulted in the IPSec Client VPN subnet not being advertised to IBGP peers.
  • Fixed an issue that could result in the route table page incorrectly showing routes for an Auto VPN peer as up.

Known issues

  • After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
  • Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems
  • Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
  • Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
  • BGP-learned routes may not be properly reflected in the Route Table page on the Meraki Dashboard, despite BGP and packet routing operating correctly.
  • There is an increased risk of encountering device stability issues on all platforms and across all configurations.

Other

  • Add MX MAC address in dhcp_lease Event Log events.
3 REPLIES 3
Jon_A
Conversationalist

Is there an estimated timeline on when this we be moved to a Stable release?

cmr
Kind of a big deal
Kind of a big deal

@Jon_A it moves to stable once a certain number of networks have deployed it, the code will be the same.  If issues are discovered for the early adopters then a new 16.16 SRC will be released to address them.

Jon_A
Conversationalist

@cmr Great! Thank you for the information.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels