While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that all “Meraki cloud communication” traffic specified in the Help > Firewall Info page is allowed through any firewalls or security filtering devices that may be deployed upstream of your Meraki appliances. These requirements have been updated on Nov 2022, so it’s important that you review them.
HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions.
The transition to Cisco Talos intelligence for our content filtering services means that some URL categories have changed names, some categories are no longer available, and multiple new categories are now available. Please review your configuration after upgrading to ensure content filtering is effectively tailored to your needs and deployment environment.
Bug fixes
Fixed an issue that could result in DHCP leases not being provided by MX84 or MX100 appliances after upgrading to MX 17.10.4.
Corrected a rare issue that could result in MX84 appliances not becoming unresponsive after a firmware upgrade.
Fixed an issue that resulted in all HTTP traffic failing when HTTP content caching was enabled. We recommend leaving this feature disabled in all cases until it can be formally deprecated.
Resolved a rare issue that could result in ports configured for 802.1X port authentication with MAC Authentication Bypass to get stuck in a fail-closed state after a reboot occurred.
Fixed a rare issue that could result in not having connectivity to all non-Meraki VPN peers when many non-Meraki VPN peers were configured.
Corrected an issue that could result in source-based routes not taking priority over network default routes.
Legacy products notice
When configured for this version, Z1 and MX80 devices will run MX 14.56.
When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
Known issues
After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
Due to an MX 17 regression, RADIUS messages that transit across AutoVPN may fail to be routed correctly.
Other
Made the content filtering system more aware of system state issues (such as system time not having been set through NTP yet) that would cause content filtering lookup requests to fail. This may make web traffic more responsive in certain edge-case situations.
Content filtering URL lookups to the Talos backend will no longer follow routes configured for client traffic. These lookups should now always egress a WAN interface.
When upgrading MX'es I don't get this release as the latest stable version when upgrading from 16.16.x. It only lets me upgrade to 17.10.2. Once I am on 17.10.2. I can upgrade to 17.10.5 by selecting 'latest patch' option. Why is there no way to upgrade to 17.10.5 directly?
