Important notice

• As of MX 19.1, Cisco Meraki will no longer support USB-based Cellular Failover on the MX and Z platforms.

Legacy products notice

• When configured for this version, Z1 devices will run MX 14.56.
• When configured for this version, MX400 and MX600 devices will run MX 16.16.9.
• When configured for this version, MX64(W), MX65(W), MX84, MX100, and vMX100 devices will run MX 18.107.12.

Executive summary

• This is a generally available hotfix release for MX 19.1.7 containing two bug fixes for MX75, MX85, MX95, MX105, MX250, and MX450 appliances.
• Additionally, we are disabling a change introduced in MX 19.1.7 to address known issue MX-35210. We intend to further enhance this and reintroduce it in a later release.
• Customers with MX75, MX85, MX95, MX105, MX250, and MX450 appliances that use VPN NAT or have a large number of network flows (especially to a small amount of destination IP addresses) are strongly encouraged to evaluate this release.

Bug fixes - limited platform fixes

• Corrected an issue that could result in high device utilization or an unexpected device reboot when the pool of ports available for NAT translation were exhausted on MX75, MX85, MX95, MX105, MX250, and MX450 appliances.
• Fixed an issue that resulted in MX75, MX85, MX95, MX105, MX250, and MX450 appliances experiencing an unexpected device reboot when VPN NAT was configured. This resolves known issue MX-36180.

Known issues status

• This list is being reviewed and updated.

Known issues

• During the upgrade process, MX appliances upgrading from version prior to MX 19 may experience a failure to properly classify traffic. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36307)
• Due to an issue under investigation, MX appliances may incorrectly route traffic destined to subnets learned through eBGP over a Non-Meraki VPN connection. (MX-34803)
• Duplicate retrospective “malware download detected” emails may be erroneously sent. (MX-30111)
• Due to an issue under investigation, making certain configuration changes to WAN interfaces (such as disabling or enabling an interface) can cause the IDPS process to fail. This issue may also cause high device utilization. The issue can be worked around by rebooting the MX appliance or disabling and then re-enabling IDPS. (MX-34504)
• Due to an MX 19.1.5 regression, Z4(C) appliances may fail to provide PoE power to connected devices. (MX-34938)
• Due to an MX 19.1 regression, traffic will fail to route over AutoVPN when the only active uplink is a cellular connection. (MX-35703)
• When failover is configured between non-Meraki VPN tunnels, the Route Table page on Dashboard may incorrectly show the route for the primary VPN tunnel is inactive. (MX-36316)
• During the upgrade process, MX appliances upgrading from versions prior to MX 19 will experience a failure to connect to non-Meraki VPN peers if any VPN peer names contain a space. This issue will be resolved once the appliance has completed the upgrade to MX 19. (MX-36312)
• Duplicate retrospective “malware download detected” emails may be erroneously sent. (MX-30111)
• Due to an issue under investigation, MX75, MX85, MX95, MX105, MX250, and MX450 appliances can fail to establish iBGP sessions when the subnet associated with the highest-numbered VLAN participating in the site-to-site VPN has a 1:M VPN NAT rule configured. (MX-36231)
• Due to a rare issue, MX appliances may encounter an unexpected reboot when servicing many clients with a large number of network flows. This is more likely to occur on MX450 appliances supporting 10,000 or more active clients and 500,000 or more concurrent flows. (MX-35210)

Other

• Temporarily disabled the fix for known issue MX-35210 until it can be reworked in a future release. This reintroduces known issue MX-35210.