Important notice

• USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.

Executive summary

• This is a hotfix release for MX 18.211.5 containing two bug fixes for MX75, MX85, MX95, MX105, MX250, and MX450 appliances.
• For other models, there are no additional fixes compared to the previous MX 18.211.5.1 release.
• Customers with MX75, MX85, MX95, MX105, MX250, and MX450 appliances that use VPN NAT or have a large number of network flows (especially to a small amount of destination IP addresses) are strongly encouraged to evaluate this release.

Bug fixes - limited platforms

• Fixed an issue that resulted in MX75, MX85, MX95, MX105, MX250, and MX450 appliances experiencing an unexpected device reboot when VPN NAT was configured.
• Corrected an issue that could result in high device utilization or an unexpected device reboot when the pool of ports available for NAT translation were exhausted on MX75, MX85, MX95, MX105, MX250, and MX450 appliances.

Legacy products notice

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
• When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.12.

Known issues status

• This list is being reviewed and updated.

Known issues

• Trusted traffic exclusions will not function on Z4(C) appliances if AMP is configured.
• Due to a rare issue, MX appliances may fail to initiate non-Meraki site-to-site VPN connections when IKEv2 is used. This is most likely to occur when there are mismatched VPN subnets configured between the MX and the non-Meraki VPN peer. This will be resolved in MX 19.1 releases.
• Due to an issue under investigation, VMX-XL appliances fail to add local networks into the routing table.
• Due to an issue under investigation, MX appliances may incorrectly report 100% loss on the SD-WAN monitoring page.
• In rare cases MX75, MX85, MX95, MX105, MX250, and MX450 appliances may encounter an unexpected device reboot.
• Due to an issue under investigation MX75, MX85, MX95, MX105, MX250, and MX450 appliances may report an erroneous spike in network traffic usage.
• Z4(C) appliances fail to forward ARP messages that have a VLAN tag, even if the VLAN tagging correctly matches with the Z4(C)'s port configuration.
• Due to issues under investigation, MX75 and MX85 appliances may encounter unexpected device reboots.
• Z4(C) appliances fail to properly forward STP frames received on its LAN interfaces.
• Duplicate retrospective “malware download detected” emails may be erroneously sent.
• Due to an issue under investigation, making certain configuration changes to WAN interfaces (such as disabling or enabling an interface) can cause the IDPS process to fail. This issue may also cause high device utilization. The issue can be worked around by rebooting the MX appliance or disabling and then re-enabling IDPS.
• Due to an issue under investigation, MX75, MX85, MX95, MX105, MX250, and MX450 appliances can fail to establish iBGP sessions when the subnet associated with the highest-numbered VLAN participating in the site-to-site VPN has a 1:M VPN NAT rule configured.

Known issues - february 18th update

• Due to a rare issue, MX appliances may encounter an unexpected reboot when servicing many clients with a large number of network flows. This is more likely to occur on MX450 appliances supporting 10,000 or more active clients and 500,000 or more concurrent flows.