Important notice

• USB modems with MX/Z series devices running firmware MX 18 or newer will be limited to best effort support and will not be receiving any future firmware fixes or improvements.

Executive summary

• This is a maintenance release for MX 18.211 containing only bug fixes.
• The fixes are mostly focused on resolving rare, but potentially disruptive issues that could be encountered while using VPN (AutoVPN, Non-Meraki site-to-site VPN, and Client VPN).
• Another noteworthy fix restores the proper functioning of factory resets for MX95, MX105, MX250, and MX450 appliances.
• Additional fixes are also present, so please read through the full details below.

Bug fixes - general fixes] fixed a very rare issue that could result mx appliances operating as vpn concentrators encountering a device reboot or a failure to connect to new autovpn peers. this was most likely to occur on [bug fixes - general fixes

• VPN concentrators with thousands of AutoVPN peers connecting and disconnecting over a period of months.

Bug fixes - general fixes

• Resolved an issue that could result in MX appliances incorrectly dropping traffic destined for AutoVPN peers for traffic that was received through the WAN interface. This occurred when the MX appliance was configured in passthrough mode and a default route was learned through eBGP.
• Corrected a regression that caused traffic sourced by the MX to incorrectly follow the client routing table when a default route was advertised and multiple AutoVPN hubs were configured. This affected the MX's ability to establish an iBGP connection over AutoVPN, as well as impacting its ability to correctly route traffic such as NetFlow and syslog.
• Corrected an MTU issue that could result in MX appliances erroneously performing fragmentation of AutoVPN traffic after encapsulation had been performed. This occurs when the MX appliance is using an MTU other than 1500, such as 1230 or 1486.
• Resolved a very rare issue that could result in MX appliances encountering a device reboot when non-Meraki VPN or IKE-based client VPN were in use. This did not affect devices using AnyConnect VPN.
• Resolved an issue that resulted in MX appliances incorrectly fragmenting non-Meraki VPN traffic after encryption and encapsulation had been performed, rather than before it.
• Corrected an issue that could result in an unexpected reboot when an IPv6 DHCPv6-PD packet advertised a prefix of larger than /64.
• Resolved an issue that resulted in traffic shaping priorities not being applied correctly when default traffic shaping rules were enabled.

Bug fixes - limited platforms

• Corrected an MX 18.2 regression that resulted in it not being possible to perform a factory rest on MX95, MX105, MX250, and MX450 appliances.
• Corrected an MX 18.211.4 regression that could result in MX75, MX85, MX95, MX105, MX250, and MX450 appliances encountering an unexpected device reboot when processing a large volume of network flows.
• Fixed a rare issue that could result in AMP incorrectly blocking traffic on MX75, MX85, MX95, MX105, MX250, and MX450 appliances.
• Fixed an issue that resulted in vMX appliances running on Cisco UCS servers failing to upgrade to MX 18.2XX versions when the vMX appliance was running a version older than MX 17.
• Fixed a rare issue that could result in unexpected device reboots for MX67(W), and MX68(W,CW) appliances operating under heavy network load.
• Further resolved cases where MX68(W,CW) and MX85 appliances could improperly attempt to provide PoE power to connected devices.

Legacy products notice

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
• When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.11.

Known issues status

• This list is being reviewed and updated.

Known issues

• Trusted traffic exclusions will not function on Z4(C) appliances if AMP is configured.
• Due to a rare issue, MX appliances may fail to initiate non-Meraki site-to-site VPN connections when IKEv2 is used. This is most likely to occur when there are mismatched VPN subnets configured between the MX and the non-Meraki VPN peer. This will be resolved in MX 19.1 releases.
• Due to an issue under investigation, VMX-XL appliances fail to add local networks into the routing table.
• Due to an issue under investigation, MX appliances may incorrectly report 100% loss on the SD-WAN monitoring page.
• In rare cases MX75, MX85, MX95, MX105, MX250, and MX450 appliances may encounter an unexpected device reboot.
• Due to an issue under investigation MX75, MX85, MX95, MX105, MX250, and MX450 appliances may report an erroneous spike in network traffic usage.
• Z4(C) appliances fail to forward ARP messages that have a VLAN tag, even if the VLAN tagging correctly matches with the Z4(C)'s port configuration.
• Due to issues under investigation, MX75 and MX85 appliances may encounter unexpected device reboots.
• Z4(C) appliances fail to properly forward STP frames received on its LAN interfaces.