Well, we had almost completed rolling out 15.20 and now we have a new take...: Security appliance firmware versions MX 15.21 changelog Important notice This is an early-stage beta version for the MX 15 release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 14 or MX 13 releases will provide a more stable upgrade alternative. The DES encryption algorithm is no longer supported for use in formation of VPN tunnels. Creating VPN tunnels using aggressive mode IKE is no longer supported. Supported products notice Z1, MX60, MX60W, MX80, and MX90 devices are not supported on MX 15 and newer releases. New feature Added firmware support for configuring the IKEv2 PRF parameter Bug fixes Corrected an issue that could result in the firmware-default scripts used for managing cellular connectivity to function improperly. Resolved an issue that could prevent the channel utilization graph from displaying properly on Z3(C) platforms. Improved the timestamps used in logs created by list_updater Fixed an issue that could result in extra router solicitation messages being generated Resolved an MX 15 regression that resulted in IPv6 traffic being dropped while the MX was configured in passthrough mode. Known issues After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions Some stability-impacting issues present in MX 14.19 that affect a small population of MX250 and MX450 devices still exist Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network. World-wide device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed in North America and North America device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed outside of North America. When deployed in warm spare / high availability (HA), MX67C and MX68CW do not support using their cellular connectivity to pass client traffic. In this deployment, the cellular connectivity can only be used for device monitoring or network troubleshooting. This is an expected limitation for these platforms. When MX67(C,W) and MX68(W,CW) units are deployed in warm spare / high availability (HA), rebooting the spare appliance may cause a disruption of client connectivity for 10 or more seconds. After making some configuration changes on MX67(C,W) and MX68(W,CW) appliances, a period of packet loss may occur for 10 or more seconds. For a brief period of time upon boot, MX67(C,W) and MX68(W,CW) platforms can become bridged. This increases the likelihood of network loops forming in topologies with multiple inter-connected network devices for this brief period of time. MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time. On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard. Once a Z3 has been updated to this firmware version it can only run MX 14.31 or MX15.8 and higher. This is an expected result of updates to the device booting mechanisms and this limitation will not be resolved in future releases. Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page Due to MX 15 regressions, the MX may not be able to form non-Meraki site-to-site VPN connections to peers behind a NAT Due to issues still under investigation, MX84, MX100, MX400, and MX600 appliances may not be able to establish OSPF or BGP sessions Other Removed mechanisms for MX appliances to download scripts for managing cellular connectivity from Dashboard. These lists will now be exclusively updated and managed through firmware updates.
... View more