Security appliance firmware versions MX 18.104 changelog
Important notice
- While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances.
- HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions.
- The transition to Cisco Talos intelligence for our content filtering services means that some URL categories have changed names, some categories are no longer available, and multiple new categories are now available. Please review your configuration after upgrading to ensure content filtering is effectively tailored to your needs and deployment environment.
Legacy products notice
- When configured for this version, Z1 and MX80 devices will run MX 14.56.
- When configured for this version, MX400 and MX600 devices will run MX 16.16.6.
Bug fixes
- Fixed a rare issue that could result in AutoVPN tunnels failing to form.
- MX appliances will no longer attempt to perform content filtering on URLs with some invalid characters.
- Resolved a rare issue that could result in MX devices being unresponsive to Dashboard live tools, despite appearing to be online.
- Fixed an MX 18.1.03 regression that resulted in MX95 and MX105 reporting incorrect port numbers in NetFlow messages.
- Corrected a rare case that could result in flows not respecting bandwidth limits under low bandwidth conditions.
- Resolved an issue that caused Z3(C) devices to be described as “Security Appliance” as opposed to “Teleworker Gateway” on the device local status page.
- Corrected an issue that resulted in the device local status page incorrectly showing a configuration to convert the WAN1 port to operate as a LAN port.
- Fixed a rare issue that could result in a device reboot when AutoVPN was enabled.
- Fixed an issue that caused packet loss between client devices communicating within the same VLAN when both client devices were connected to ports configured for 802.1X port authentication.
- Corrected an issue that could result in an inconsistent connection to the Cisco Umbrella service when Umbrella Protection was configured.
- Resolved a case where the device local status page could still be accessed, even after it had been disabled via the Meraki Dashboard.
- MX appliances will now always connect to Active Directory servers using DCOM version 5.7. This should help resolve errors when communicating with Active Directory servers using more recent versions of software.
- Corrected an issue that could result in the Dashboard reporting of the Active Directory server status always showing a failed connection.
- Corrected an additional issue that could result in AutoVPN connectivity failing to form when cellular active uplink was configured.
- Resolved a rare issue that could prevent Z3(C) appliances from upgrading to MX 18.1.XX firmware versions when AutoVPN was enabled.
- Performance improvements for basic traffic routing and AutoVPN.
Known issues
- After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions
- Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page
- Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
- There is an increased risk of encountering device stability and performance issues on all platforms and across all configurations.
