Thank you finally ....
And Im REALLY curious about this one:
Do anyone have more information on this issue, because I have a feeling that it is "not so rare" on the MX85 for example.
Confirmed from Meraki support that "Fixed a rare issue that could result in the WAN interfaces for MX appliances incorrectly transitioning to a down state for a brief period of time" has to do with uplink status changes when utilizing both WAN ports on MX85. Finally!!!
Huge update ! Kinda suprised not seeing these changes ported to MX17
Not able to test right now but anyone with a wireless MX can you confirm if this fixes wireless client connectivity issues and slowness?
Edit:
I see I was unable to fully read the notes 🙂
Still listed in the known issues , no ? :
No clue how I missed that, lol, thank you 🙂
So, I see most of my MX's that are running 17.10.2 (stable) have been automatically scheduled to upgrade to this release. This seems to imply that it's a more important update, or some of these fixes are more important than one would initially assume, no?
So anyone have any insights on this statement?
Between the slow wireless with content filters and that statement, I'm not sure I want to pull the trigger on this forced update release without some additional details.
That is a default note in (almost?) all rc/beta fw
I just tested this firmware with a Z3, there's still a known problem with RADIUS over AutoVPN since MX17.
Do you have more info ( or a thread ) about this issue ? Is it only affecting Z Series ?
Hey Raphael,
Not limited to Z series. It affects Meraki Security Appliance model that has a Wi-fi built-in.
I opened a case with Meraki since Jan and the Support Engineer confirmed with me there's a known bug on this.
https://www.reddit.com/r/meraki/comments/zk3w6p/nasty_bug_in_mx_17102_for_mxs_with_builtin_wifi/
Cheers,
Leo
It could be fixed in 17.10.4 now.
Thank you for letting me know.
Just opened a case with Meraki as I couldn't downgrade to that version. Can't wait to test it on my Z3 before upgrading.
Cheers,
Leo
"Minor improvements to the reporting of flow data via syslog", a couple of our MX's upgraded 10 106 last night, and since then there has been no patterns "deny all" come through, don't suppose anybody knows what the minor improvement was?
As for:
Has anyone with a MX100 who has been having the WAN throughput degrade to over 50% after 15.44 tried this firmware? Cisco support says this release FINALLY fixes this issue and wondering if anyone has tried.
I saw the performance on the latest patch MX 17.10.4 is way better than this MX 18.106.
3 case in these days after MX upgrade: a lot of websites won't load despite not being blacklisted!
Rollback done to v17.10.2 and problem solved
Please Meraki don't force to any stable RC release!!!
Hey dade80vr
I have been having the same issues upgrading to v17.10.4. I have ticket open with Meraki as of yesterday. I have rolled back (3) organizations so far and have many more orgs to deal with. Not only are some sites not loading sporadically, Windows systems are receiving this error in the logs ~ every 10 seconds: SChannel (event ID 36876) errors in Event Viewer -> Windows Logs -> System along with systems are not being allowed to report into our Carbon Black AV servers. It seems the newer firmware/s believe the certs have expired or aren't valid. I am still collecting data but it seems to affect the MX84's more. Can you confirm if your issues are on MX84's and/or you see the SChannel errors on Windows systems in your environment/s?
My post here in the community is here. I have only had once response.
https://community.meraki.com/t5/Security-SD-WAN/SChannel-Errors-on-Windows-Systems/m-p/187260#M43866
Hi sphrcross
I had problems also with the update to 18.106 and even to 17.10.4 specifically with MX84, where the rollback solved it. The problem I faced was that MX was not loading some http pages, apparently because it was redirecting port 80 to 443.
I opened a case but unfortunately Meraki suppport have not yet identified the problem and due to the lack of a window to carry out joint tests they have not been able to confirm it.
I hope this comment will help the community and be aware of this update.
Best,
I am on the phone with Meraki right now working it. I just shared your information with them. Thanks @IDV
Thanks, I sent this into my case as well since they want us to try it. I am still on 15.44 since the bandwidth issue introduced in 16.X and wasn't addressed in 17.x either
Was the MX sending the TCP-reset ? It would pretty easy to determine with the IP TTL.
Take the TTL of the SYN-ACK from the 443 conversation and compare with the TTL of the TCP reset.
Hey RaphaelL
After ~ 3 hours on the phone with Meraki and sharing the information provided by @IDV , @Raphael, @dgander , @dade80vr & @dade80vr we have a "bandage" to resolve this until an update to fix it is released. I was informed that Meraki is aware of the issue and is working on a solution. No ETA as to when the actual fix will be known. Meraki also stated that this is only affecting MX84's. I suspect it may affect other models as well that the setting listed below is available on.
Solution: Disable Web Cache and reboot router.
Security & SD-WAN -> SD-WAN & Traffic Shaping
Unfortunately a reboot is required for the change to take effect.
I hope this helps anyone currently having the issue.