This is the device Utilization from Sept 15. I had requested TAC for checking CPU Utilization and they confirmed there is spike in CPU Utilization but i didn't get any report.

Average client count is under 1000 and some times it increases to 1890. The recommended client count for MX250 is 2000.

When we were running in 18.107.10 the device was much stable. After the upgrade there is in increase in device utilization. I will check with tac if we can test by downgrading the MX to 18.107.10

Do you have the graph to compare before ( MX 18.107 ) and after ( MX 18.211 / 19.1X ) ?

The only thing different from my case is that when we disable or whitelist 10/8 from the IPS we see a huge improvement. Device utilization decreases about 10-40% depending on the type of site.

Just verified the graph. It was normal till Sept 14. We upgraded to MX 18.211.2 in month of July 2024. It was fine till Sept 14 2024.

We have whitelisted around 20 rules in Intrusion detection and prevention as the trusted traffic in AUTO VPN was getting blocked.

IDS Mode is Prevention and Ruleset is balanced.

I see 3 suggestions. 

MX 18.107.10 , MX 18.211.4 , MX 19.1.5 ( latest Stable RC )

I would hope that going back to 18.107.10 would "fix" your issue.

Ok I will downgrade to one of these firmware and check if it helps.

Sure. I will check this firmware if it helps.

A new stable appliance firmware is now available on Tue, 29 Oct 2024 

I had done the upgrade twice. Still the problem exists. Will check with any other version

Wow !   This is a spoke right ?

It's Mesh.

Whats the workbaround provided? Did you try to downgrade with the older version and test?

The workaround is reinstalling our old edge router. Thankfully we didn’t get rid of it. Meraki support stated they downgrade past a certain point. If memory serves we reverted to one version maybe two. Neither did the trick. It’s a flat network no VLans. Runs seemingly fine until there’s a load placed on it. Then it’s dropped packed and sever latency. Mess started around September but there wasn’t a load on it before that so I’m really not sure when the issue started. All summer we had maybe 30 staff. September we had 1600 or so and that’s when it was over. 

Understood 

Correction: they can’t downgrade past a certain point. Meaning we went back one or two versions but that was all we were able to. It’s a known issue and been going on for two months. Now they are refusing to generate an RMA because they want to continue troubleshooting. Obviously not an option because I’m not sure how they can do that if the device isn’t in a production environment. Complete debacle. Just warning you guys when you go down this road of the pitfalls.  I asked for the firmware it was shipped with because it worked fine for a several months. But there’s apparently no documentation as to what that version was. Even if they knew, they said they can’t install it.  Frustrating. Just don’t go chasing your network looking for something that’s not there. We spent weeks doing that. The 250/450 are the issue. Like i mentioned we now have a pile of three useless devices with no end in sight. 

I don't have option of even replacing the device with edge router as we are completely dependent on auto VPN for our intranet connectivity and the impacted device is on a major site with around 1500 to 2000 users.