Meraki

cmr

Security appliance firmware versions MX 19.1.5 changelog

Important notice

As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.

What's new

Added support for Advanced Security features on vMX appliances in routed mode
eBGP (CloudWAN Support) for vMX-XL appliances
Enhanced event logging for vMX-XL appliances
Enhanced dashboard tools for vMX-XL appliances
Enhanced uplink statistics for vMX-XL appliances
Enhanced client tracking for vMX-XL appliances
Enhanced fragmentation support for vMX-XL appliances
Enhanced security center reporting for vMX-XL appliances
Enhanced route tracking for vMX-XL appliances
Added API support for configuring VPN NAT Translation
Added API support for configuring Multicast Forwarding
Added API support for configuring Split DNS

Legacy products notice

When configured for this version, Z1 devices will run MX 14.56.
When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.11.

Bug fixes

All

Resolved an issue that could result in consecutive Dashboard-initiated reboots triggering MX appliances to fallback to an older version of their configuration
Improved the management of network flows when source ports are exhausted. This will greatly reduce the impact of port exhaustion on network clients.

Small

Fixed an issue that resulted in client traffic being dropped for clients connected to ports with 802.1X port authentication on MX67(C,W) and MX68(W,CW) appliances after port or VLAN-based group policy configuration changes were made.
Corrected an issue that could result in the association time for wireless clients connected to Z3(C), Z4(C), MX67(W), and MX68(W,CW) appliances incorrectly reporting as “-”.
Resolved an MX 19.1 performance regression affecting Z4(C) appliances.

Medium and large

Corrected an issue that resulted in MX75, MX85, MX95, MX105, MX250, and MX450 appliances failing to forward inbound GRE traffic to LAN clients.

Known issues

During the upgrade process, MX appliances upgrading from versions prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19.
There is an increased risk of encountering device stability and performance issues on all platforms and across all configurations.

thomasthomsen

Upgrading right now 🙂

cmr

It's been running stably for me on an MX75 for 28 minutes...

thomasthomsen

And it also seems fine for me on MX85.

MartinLL

Nice!

MLL

JonnyM

@cmr wrote:
What's new
Added API support for configuring Multicast Forwarding
Added API support for configuring Split DNS

Is there any documentation about these two features?

thomasthomsen

I was also wondering about Split DNS ... but perhaps its for Anyconnect ? - Or do you mean the API support and not the feature as documentation ?

/Thomas

JonnyM

Both, I think I was hoping that we'd get some DNS proxy / conditional forwarder support on the MX platform but that might be asking too much.

jimmyt234

Security and SD-WAN (MX,Z) Features Directory - Cisco Meraki Documentation

API for Local/Split DNS Service*

Gives administrators the power to control which DNS requests are answered by which servers.

Sounds like it may be just that! Lacking any other documentation at this time. They have also updated that entry to be 'API for..', it used to just say 'Local/Split DNS Service' so sounds like it will only be configurable in the API and not the GUI??

thomasthomsen

Very interesting - Lets see what happens.

JonnyM

I'm thinking API first and then they'll build the dashboard interface for it later

RaphaelL

During the upgrade process, MX appliances upgrading from versions prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19.

I dont understand that at all ...

cmr

I'm guessing the traffic classification engine changed and while it updates, it might not work. Therefore people could visit sites that are blocked or similar, but just for the few minutes the upgrade takes.

thomasthomsen

I was wondering the same thing.

So ... "during" the upgrade the MX can misclassify traffic ??? .. until the upgrade is done at it reboots ?

Is that what it is saying ?

RaphaelL

Same... because when the MX is upgrading , well it's upgrading , nothing is working and the device has to reboot to perform the upgrade.

Orrrr let's say you schedule a device upgrade in 2 weeks. The software is downloaded on the MX and untill the upgrade window , the classification is broken ? 🤔

cmr

Normally the MX continues to work from the time you schedule the upgrade, through the download and install and only stops for the reboot. I think it's the install part where it will pass traffic but might misclassify it.

Brash

I think it's as @cmr described - Once you kick off the upgrade, there's a few steps involved (simplified below):
- 1. Downloading
- 2. Updating packages/services etc.
- 3. Reboot of device

I assume the time of misclassifying traffic is specifically between steps 2 and 3 which is probably like a 5-10 minute window.

Holli69

Running 19.1.5 since 24 hours ago on MX95 without any issue

AnythingHosted

Upgrading MX75 now...

sptech

I upgraded a few to test with, any without dual WAN connections immediately quit passing traffic. WAN2 showed 100% loss, even though there was never a WAN2 connected. I converted LAN to WAN and then WAN to LAN and everything started functioning properly and the WAN2 loss went away and the networks started functioning properly.

cmr

@sptech what models were those? MX67?

sptech

Yes, all MX67.

Only effected devices with something plugged into Port 2 from what I can tell. I've found this to be true on 9 devices so far.

Possibly only devices with static addresses assigned to WAN1. I've got some devices that are DHCP on WAN1 and they weren't affected.

RaphaelL

If anyone is upgrading from MX 18.107 or MX 18.211 AND has a signifiant network usage ( device utilization over 15-20% before the upgrade ) I would be curious to see the device utilization AFTER the upgrade. Please share your results.