Security appliance firmware versions MX 16.14 changelog Important notice While Meraki appliances have traditionally relied on UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications, with MX 16 we are beginning a transition to using TCP port 443 as the primary means for cloud connectivity. In order to ensure proper connectivity to the Meraki cloud after this upgrade, please ensure that traffic using TCP port 443 between 209.206.48.0/20 is allowed through any firewalls that may be deployed upstream of your Meraki appliances. HTTP proxy, which allows default management traffic from MX appliances to be sent through a proxy, is deprecated on MX 16 and higher firmware versions. Legacy products notice When configured for this version, Z1, MX60, MX60W, MX80, and MX90 devices will run MX 14.56. Bug fixes Updated the AnyConnect VPN service Resolved a case that could incorrectly result in brief periods of heightened device utilization. Corrected an issue that could result in communication issues between Z3(C) appliances and client devices connected through a port that was configured to operate at 100Mbps link speed. Fixed a case that could result in group policies not correctly applying to client devices. Corrected an issue that could result in layer 7 firewall rules still taking effect for clients with the whitelisted group policy applied. Resolved an issue that resulted in MX appliances operating in a backup/spare/standby capacity in a high availability pair improperly attempting to establish non-Meraki site-to-site VPN connections. Fixed an MX 15.12 regression that could result in some Macbook clients running some older software versions being unable to reconnect to the client VPN shortly after disconnecting. Corrected an issue that resulted in "Ethernet Port Carrier Change” Event Log messages referencing an incorrect port number on MX95 and MX105 appliances. Resolved a rare case that could cause a device reboot when processing fragmented traffic. Added the ability for MX65(W) appliances to automatically recover when an error causes PoE to stop being provided. Fixed an issue that resulted in the PoE power indicator on the Appliance Status page displaying on the incorrect port for MX75 appliances. Resolved an issue that resulted in Z3(C) appliances that upgraded to MX 16 versions being unable to directly downgrade to MX 14 releases. Corrected a case that could theoretically result in MX250 and MX450 appliances not properly rebooting after a crash had occurred. Upgrade reliability improvements for MX64(W) and MX65(W) appliances. Known issues After making some configuration changes on MX84 appliances, a brief period of packet loss may occur. This will affect all MX84 appliances on all MX firmware versions Due to MX 15 regressions, USB cellular connectivity may be less reliable on some modems Due to an MX 15 regression, the management port on MX84 appliances does not provide access to the local status page Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240. BGP-learned routes may not be properly reflected in the Route Table page on the Meraki Dashboard, despite BGP and packet routing operating correctly. There is an increased risk of encountering device stability issues on all platforms and across all configurations.
... View more
