IMPORTANT NOTICE

• USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.

BUG FIXES

• Fixed an issue that resulted in MXs appliances incorrectly modifying the source IP address of ICMP time-to-live exceeded messages when routing them between VLANs.
• Stability improvements for MX67(C,W), MX68(W,CW), MX75, and MX85 appliances
• Corrected an issue that could degrade the performance of traffic destined to and sourced by MX appliances when 1) IPv6 was enabled, 2) BGP was enabled, and 3) there were over 1024 AutoVPN peers
• Resolved an issue that resulted in Z4(C) appliances incorrectly advertising SSIDs that were configured as hidden
• Additional changes to increase the robustness of connectivity and self-recoverability for integrated cellular modems

LEGACY PRODUCTS NOTICE

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.

KNOWN ISSUES STATUS

• This list of issues is currently being maintained and there may be new updates in the future.

KNOWN ISSUES

All

• Due to unknown causes, the NBAR traffic analysis engine may fail to classify traffic in some cases.
• Due to conditions under investigation, MX appliances often fail to initialize a service required for encrypted communication with Umbrella.
• In very rare circumstances, MX appliances may report the incorrect interface IP address to the VPN registry. In some circumstances, this can interfere with the proper functioning of AutoVPN and teleworker VPN tunnels.
• Due to a rare issue with no known method of reproduction, MX appliances may reboot unexpectedly.
• In rare circumstances the intrusion detection and prevention process may crash and restart. In some circumstances this can cause a minor disruption to network traffic. This issue is expected to be resolved through an update to the IDS/IPS container rather than the MX firmware version.
• Clients using an older version of the AnyConnect client may not be able to successfully perform Duo multi-factor authentication. This can be resolved by updating the AnyConnect client to 4.10.05085 or higher.
• Due to a rare issue with no known method of reproduction, MX appliances have been documented to fail to fetch an updated device configuration for several days.
• In rare cases, large numbers of routes can cause network instability during AutoVPN connectivity changes.
• Due to architectural changes to support content filtering powered by Talos, MX devices will no longer report the category that caused a URL to be blocked by content filtering when in full list mode.
• Due to an MX 18.107.7 regression, MX appliances that 1) have Mandatory DHCP enabled and 2) are rebooted, can encounter severe disruptions to network traffic. We recommend customers with Mandatory DHCP enabled do not upgrade to this firmware version.
• The Non-Meraki VPN service may fail to properly establish IKEv2 tunnels when the MX appliance is acting as the IKEv2 responder and many allowed subnets are configured.
• Due to an MX 18.1 regression, VPN status information about WAN2 is not properly reported. This will result in the information in the VPN status page being incorrect.

Desktop

• MX64W and MX65W appliances may experience unexpected device reboots for reasons currently under investigation.
• MX67C, MX68CW, and Z3C appliances may erroneously detect a SIM card as missing. This state can be cleared by rebooting the device.
• MX67W and MX68(W,CW) appliances may experience unexpected device reboots for reasons currently under investigation. A potential cause may be oversized wireless packets.
• Due to unknown reasons, MX64W and MX65W may experience unexpected device reboots. This is most likely related to the wireless subsystem.
• MX67C, MX68CW, and Z3C appliances may encounter an issue where they are unable to communicate with the integrated modem. This state can be cleared by rebooting the device.
• In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may erroneously block SIP traffic from client VPN clients. This is most likely related to an issue with IP fragmentation and reassembly.
• In rare cases, MX67(C,W) and MX68(W,CW), MX75, MX85, MX95, and MX105 appliances with intrusion prevention configured may result in increased latency for Citrix. This may be related to an issue with IP fragmentation and reassembly.
• MX67C, MX68CW, and Z3C appliances may fail to apply custom APNs.
• Due to a rare issue under investigation, MX67C and MX68CW appliances may unexpectedly fail to detect some working SIM cards.
• In rare cases, MX67C, MX68CW, and Z3C appliances may fail to enter into a "Ready" state despite being able to register to a cellular network and obtain an IP address for the modem.
• When MX67C, MX68CW, and Z3C appliances are repeatedly unable to communicate with the integrated modem, they will attempt to reset the modem to restore connectivity. In some cases, this reset procedure may fail, requiring the appliance to be physical power cycled to restore connectivity with the modem.
• Due to an MX 17 regression, the integrated cellular modem on MX67C, MX68CW, and Z3C appliances may fail to acquire an IP address via DHCP. This can be resolved with a physical power cycle of the appliance.
• When using a cellular active uplink with the primary uplink configured as cellular, the Dynamic DNS hostname will not function properly.
• MX67W and MX68(W,CW) appliances may experience a crash of the wireless subsystem that results in a device reboot.

Rackmount

• MX250 and MX450 appliances may incorrectly forward LLDP and BPDU messages received on the LAN out their WAN interface(s) during the bootup process.
• Due to a rare issue with no known method of reproduction, MX95, MX105, MX250, and MX450 appliances may encounter unexpected device reboots.
• Due to reasons still under investigation, MX85 appliances may be more likely to encounter an unexpected device reboot on this version.