@MacuserJim Here you go: Security appliance firmware versions MX 14.35 changelog Bug fixes Corrected an issue that resulted in being unable to pull cellular signal statistics for Z3C devices Resolved an issue that could result in devices failing to pull configuration updates from the Meraki Dashboard in rare circumstances Fixed an issue that resulted in VPN subnet translation rules configured to translate /32 subnets into another /32 subnet were treated as 1:M translations instead of 1:1 translations. This resulted in inbound flows to the translated IP address being blocked unless they matched a previously established outbound flow. Corrected an MX 14.31 regression that resulted in cellular modems not being detected on MX100, MX400, and MX600 appliances. Fixed an issue that resulted in the Z3 and Z3C not returning the expected SNMP outputs Resolved an issue that resulted in layer 3 firewall rules not being applied to client VPN traffic when an MX was configured in passthrough mode Corrected an MX 14.34 regression that resulted in OSPF not initializing Fixed an MX 14.7 regression that could cause a small network outage when MX64(W) devices were configured in HA and the spare device was rebooted. Resolved an issue that resulted in the spare MX appliance not forwarding traffic to the primary MX, when MX250 or MX450 appliances were configured in HA and the spare was in the Passive; ready state. Fixed several issues that could result in a network loop forming when MX84 appliances were configured in HA Corrected an issue that resulted in MI being unable to fetch Application Performance Data from MX67(C,W) and MX68(W,CW) appliances Known issues In conditions still under investigation, the Z3(C) may fail to authenticate clients that are physically connected to the Z3(C) during bootup when 802.1X port authentication has been configured Please note that until certification has been obtained, the Z3C will not be supported on Verizon's network. In conditions still under investigation, group policy assignment via Active Directory group mappings is not performed correctly for MX67(C,W) and MX68(W,CW) units. World-wide device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed in North America and North America device SKUs of the MX67C, MX68CW, and Z3C units cannot be deployed outside of North America. When deployed in warm spare / high availability (HA), MX67C and MX68CW do not support using their cellular connectivity to pass client traffic. In this deployment, the cellular connectivity can only be used for device monitoring or network troubleshooting. This is an expected limitation for these platforms. When MX67(C,W) and MX68(W,CW) units are deployed in warm spare / high availability (HA), rebooting the spare appliance may cause a disruption of client connectivity for 10 or more seconds. After making some configuration changes on MX67(C,W) and MX68(W,CW) appliances, a period of packet loss may occur for 10 or more seconds. For a brief period of time upon boot, MX67(C,W) and MX68(W,CW) platforms can become bridged. This increases the likelihood of network loops forming in topologies with multiple inter-connected network devices for this brief period of time. MX67C, MX68CW, and Z3C units must be connected to the Meraki Dashboard initially to retrieve an update to allow for proper use of the integrated cellular connectivity. This is most likely to be an issue when bringing the units online for the very first time. On the MX67(C,W) and MX68(W,CW) platforms, when the MX is providing PoE to a connected device, this information will not be reflected on the Meraki Dashboard. Once a Z3 has been updated to this firmware version it can only run MX 14.31 or MX15.8 and higher. This is an expected result of updates to the device booting mechanisms and this limitation will not be resolved in future releases. After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions Some stability-impacting issues present in MX 14.19 that affect a small population of MX250 and MX450 devices still exist In conditions still under investigation, content filtering may fail to block a website the first time the website is accessed In conditions still under investigation, content filtering may not consistently block HTTPS websites In conditions still under investigation, BGP and OSPF will fail to initialize if the MX is configured to operate in VPN concentrator mode and no subnets are defined for the local networks configuration Other Removed a behavior where the MX would reboot after 4 consecutive hours without working uplink connectivity
... View more