Important notice

• USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.

Bug fixes

All

• Resolved multiple cases that could result in traffic being improperly routed.
• Corrected an issue that resulted in MX appliances failing to authorize ports when 1) 802.1X port authentication was configured and 2) the configured RADIUS server sent the Tunnel-Private-Group attribute with a string value.
• Resolved an issue that caused MX appliances to not reply to IPv6 ICMP requests when they were addressed to one of the MX’s VLAN interfaces.
• Fixed an issue that could result in MX appliances responding to client ARP requests using the WAN MAC address instead of the LAN MAC address.
• Improved the management of network flows when source ports are exhausted. This will greatly reduce the impact of port exhaustion on network clients.
• Resolved an issue that could result in extended periods of incomplete route table updates when a WAN outage occurred if 1) the MX appliance was operating as an AutoVPN hub, 2) the MX appliance was configured in NAT mode, 3) OSPF route advertisement was enabled, and 4) a large number of VPN peers were connected.
• Corrected an issue that could result in Non-Meraki and AutoVPN traffic being incorrectly dropped when destined to LAN clients.
• Fixed an additional issue that could degrade the performance of traffic destined to and sourced by MX appliances when 1) IPv6 was enabled, 2) BGP was enabled, and 3) there were over 1024 AutoVPN peers.
• Resolved an issue that could result in inconsistent behavior for IPv6 BGP peers.
• Corrected an issue that could result in MX appliances failing to properly form IKEv1 VPN tunnels.
• Resolved an issue that could result in users encountering failed connections or connections taking an excessive amount of time to complete when using SAML authentication to authenticate an AnyConnect client VPN session.
• Corrected a very rare issue that could cause the AnyConnect VPN process to crash.
• Fixed an issue that could result in AutoVPN being disabled when 1) the MX appliance was configured in passthrough mode and 2) DNS caching size parameters were modified in the device configuration.
• Resolved an issue that could result in consecutive Dashboard-initiated reboots triggering MX appliances to fallback to an older version of their configuration.
• Fixed an issue that resulted in an incorrect PSU serial number being displayed on the Appliance Status page.

Small

• Fixed an issue that resulted in client traffic being dropped for clients connected to ports with 802.1X port authentication on MX67(C,W) and MX68(W,CW) appliances after port or VLAN-based group policy configuration changes were made.
• Corrected a very rare issue that could result in MX68(W,CW) appliances failing to supply full 802.11at power through PoE.
• Corrected an issue that could result in the association time for wireless clients connected to Z3(C), Z4(C), MX67(W), and MX68(W,CW) appliances incorrectly reporting as “-”.
• Resolved an issue where wireless MX and Z appliances could erroneously report an 802.1x authentication even in the event log when clients connected to an open SSID. 
• Fixed an issue that could result in an increased level of jitter and latency for AutoVPN traffic on Z3(C) appliances. That would specifically occur during periods of low and infrequent AutoVPN traffic.
• Updated incorrect carrier information for Telus and FirstNet cellular carriers.

Medium and large

• Corrected an issue that resulted in MX75, MX85, MX95, MX105, MX250, and MX450 appliances failing to forward inbound GRE traffic to LAN clients.
• Corrected an issue that could result in MX75, MX85, MX95, MX105, MX250, and MX450 appliances failing to forward NTP responses to LAN clients.
• Fixed an issue that could result in MX75, MX85, MX95, MX105, MX250, and MX450 appliances reporting an erroneous spike in network traffic usage.
• Corrected additional packet routing issues that could result in MX75, MX85, MX95, MX105, MX250, and MX450 appliances continuously operating at 100% device utilization.
• Resolved a flow timeout issue that could result in IPv6 inter-VLAN traffic being incorrectly dropped on MX75, MX85, MX95, MX105, MX250, MX450, and VMX-XL appliances. This was most likely to occur in client communication patterns where one side of the inter-VLAN conversation was “silent” for extended periods of time.
• Fixed an issue that could result in MX75, MX85, MX95, MX105, MX250, MX450, and VMX-XL appliances failing to appropriately block or allow IPv6 traffic that relied on L3 FQDN firewall rules.
• Fixed an issue that resulted in MX95 appliances being unable to boot up properly when more than 370 VLANs were configured. Configuring this number of VLANs is not recommended.
• Resolved a rare case that could result in a device reboot on MX450 appliances.

Legacy products notice

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
• When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.11.

Known issues status

• This list is being reviewed and updated.

Known issues

• Trusted traffic exclusions will not function on Z4(C) appliances if AMP is configured.
• Due to a rare issue, MX appliances may fail to initiate non-Meraki site-to-site VPN connections when IKEv2 is used. This is most likely to occur when there are mismatched VPN subnets configured between the MX and the non-Meraki VPN peer. This will be resolved in MX 19.1 releases.
• Due to an issue under investigation, VMX-XL appliances fail to add local networks into the routing table.

Other

• Added firmware support for disabling PoE on a per-port basis.
• The SIM PIN can now be configured via the device local status page without having to first set a custom APN.