Important notice

• USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.

Bug fixes

• Fixed an issue that resulted in the AnyConnect VPN and IPSec client VPN services restarting when an MX appliance had a change to IPv6 uplink information, even when these services were not using or providing any IPv6 functionality.
• Corrected an issue that could result in devices connected to MX68(W,CW) and MX85 appliances being unable to negotiate 802.3at power levels from PoE.
• Fixed an issue that resulted in the AnyConnect VPN client appearing to hang for 2 minutes if the user hit cancel on the login page of the client.
• Resolved an issue that could result in MX appliances failing to free IP addresses from the client VPN subnet pool after IPsec client VPN clients disconnected.
• Corrected an issue that resulted in AutoVPN tunnels briefly dropping and re-establishing after configuration or WAN connectivity change if 1) the MX was configured in high availability (HA) mode and 2) both AutoVPN peers were running MX 18.
• Resolved an issue where MX appliances could encounter latency issues when 1) the appliance was configured in high availability, 2) the appliance was acting as an AutoVPN hub, and 3) IPv6 traffic was traversing AutoVPN.
• Corrected an issue that resulted in MX84, MX250, and MX450 appliances incorrectly returning a MAC address of 0 via SNMP for their WAN1 and WAN2 ports.
• Updated the protocol pack used by NBAR to version 66.
• Resolved an issue that could result in NBAR prematurely reaching its peak capacity for the amount of concurrent flows that it can track. When this occurred, the classification of traffic may have been less accurate. This change will increase the reliability of NBAR and its traffic classifications.
• Corrected an issue that could result in content filtering being bypassed if certain capitalization was used in the HTTP header of the GET request.
• Resolved an MX 18.107.3 regression that could result in longer device boot times for devices with many AutoVPN peers.
• Corrected an issue that resulted in MX67W and MX68(W,CW) platforms being unable to automatically select a new wireless channel for use.

Legacy products notice

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.

Known issues status

• This list of issues is currently being maintained and there may be new updates in the future.

Known issues

• After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions.
• Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page.
• MX appliances will now properly validate that DBD packets conform to the appropriate MTU size. If the MX’s OSPF peer has an improper MTU configured, it may cause the OSPF adjacency to fail to properly form. The updated behavior properly conforms to RFC. Please ensure these settings are properly configured on any MX’s OSPF peers to avoid disruption after upgrading to MX 18.1.X
• AutoVPN transmissions between peers which are running firmware versions 18.1 and later will consume an additional 4 bytes of overhead, totaling up to 68 bytes.
• Due to reasons still under investigation, MX85 appliances may be more likely to encounter an unexpected device reboot on this version.
• In very rare circumstances, MX appliances may report the incorrect interface IP address to the VPN registry. In some circumstances, this can interfere with the proper functioning of AutoVPN and teleworker VPN tunnels.
• MX appliances with content filtering enabled may encounter unexpected device reboots. This is more likely to occur if it has been a long time since the MX appliance was last rebooted.
• MX appliances may not failover to a backup cellular connection after the WAN interfaces have been disabled from Dashboard.
• MX67W and MX68(W,CW) appliances may experience unexpected device reboots for reasons currently under investigation. A potential cause may be oversized wireless packets.
• In rare circumstances the intrusion detection and prevention process may crash and restart. In some circumstances this can cause a minor disruption to network traffic. This issue is expected to be resolved through an update to the IDS/IPS container rather than the MX firmware version.
• Due to unknown reasons, MX64W and MX65W may experience unexpected device reboots. This is most likely related to the wireless subsystem.
• Due to a rare issue with no known method of reproduction, MX appliances have been documented to fail to fetch an updated device configuration for several days.
• In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may erroneously block SIP traffic from client VPN clients. This is most likely related to an issue with IP fragmentation and reassembly.
• In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may result in increased latency for Citrix. This may be related to an issue with IP fragmentation and reassembly
• Due to a rare issue under investigation, MX67C and MX68CW appliances may unexpectedly fail to detect some working SIM cards.
• In rare cases, large numbers of routes can cause network instability during AutoVPN connectivity changes.
• In rare cases, MX67C, MX68CW, and Z3C appliances may fail to enter into a "Ready" state despite being able to register to a cellular network and obtain an IP address for the modem.
• MXs appliances incorrectly modify the source IP address of ICMP time-to-live exceeded messages when routing them between VLANs.
• MX67W and MX68(W,CW) appliances may experience a crash of the wireless subsystem that results in a device reboot.
• Due to architectural changes to support content filtering powered by Talos, MX devices will no longer report the category that caused a URL to be blocked by content filtering when in full list mode.
• In rare cases, MX appliances may report severely incorrectly data for the loss and latency graphs visible on the Appliance Status page.
• Due to a rare issue with no known method of reproduction, MX95, MX105, MX250, and MX450 appliances may encounter unexpected device reboots.