Automatic Firmware Upgrades

Ryan20241 · ‎02-18-2025

I've been reading through a few threads here and on reddit, but haven't been able to come to a conclusion on this yet.

We have a network with MS firmware from 2023. This thread seems to indicate that firmware updates will only automatically get pushed out if the current firmware is end of support - and given the MS firmware is listed as Critical, I would've thought it would have met the criteria for being upgraded.

https://community.meraki.com/t5/Security-SD-WAN/Can-t-Configure-Automatic-Firmware-Upgrade/m-p/133563

This thread claims that if you set an upgrade window, you'll be able to set everything to "upgrade as scheduled" and let Meraki handle things. We have an upgrade window set, but that option isn't available.

https://community.meraki.com/t5/Dashboard-Administration/AUTOMATIC-Firmware-Upgrade/m-p/46384

If we have to manually schedule upgrades that's fine, but it seems like something that you should be able to automate?

Thanks.

kmcgaugh · ‎02-18-2025

Could you provide a screenshot of what you are trying to accomplish? Also, I think a quicker way to get a resolution to this issue would be to open a case and call Cisco Meraki support.

Kaleb Mohr, CCNA. | Network Engineer
https://www.linkedin.com/in/kaleb-mohr

I am not an employee of Cisco or Cisco Meraki.

RWelch-USA · ‎02-18-2025

Scheduling Firmware Upgrades

Keeping up-to-date on firmware allows administrators to utilize the latest features and ensures that the latest security enhancements are running on their hardware. Admins can upgrade to the latest stable or beta firmware. Follow the steps below to schedule a firmware upgrade.

Navigate to Organization > Monitor > Firmware upgrades.
Click the Schedule Upgrades tab in the upper-left.
Select the devices or networks to be upgraded by clicking the checkboxes beside the network names. Admins can specify upgrades on a per-network or per-device type basis by using the Device type, Current version, and/or Status drop-down selectors.
Click the Schedule upgrades button.
Select the firmware version for upgrade using the Target firmware version selector.
Select either Perform the upgrade now or Schedule the upgrade for, specifying a specific date and time for the upgrade.
Review the Change Summary and select Schedule change for network.

Managing Firmware Upgrades

RWelch-USA · ‎02-18-2025

FAQ

Q: What does the date beside “Warning” and “Critical” mean?

A: This date is an End of Firmware Maintenance (EFM) date for that particular firmware version. Six months prior to this date, firmware will go into “Warning” status. Once the EFM has passed, the firmware will go into "Critical" status. We highly recommend updating the firmware before it reaches "Critical" status.

Q: What are the implications of running firmware marked with “Warning” and “Critical” status?

A: You might experience performance degradation, stability issues, and be exposed to the security vulnerabilities addressed in the latest stable or latest beta firmware.

Managing Firmware Upgrades

mloraditch · ‎02-18-2025

I think the thrust of the question is what exactly determines when Meraki automatically pushes upgrades. Its not clear at all to me. Sometimes they do, sometimes they don't. I often find networks on firmware with Critical Status.

The FAQ here: https://documentation.meraki.com/General_Administration/Firmware_Upgrades/Cisco_Meraki_Firmware_FAQ#How_often_are_upgrades_done.3F

just says periodically.

Part of the simplicity of Meraki is (in theory) not having to manage firmware updates (see this old post: https://meraki.cisco.com/blog/2016/09/firmware-upgrades-merakified/ )unless we need to try a new feature or experience a bug, but I know I find myself scheduling updates for networks with releases several months behind a critical date.

It's a bit frustrating and I'm considering having our developer add firmware status to our tools as checking all of my orgs individually is a nightmare

If you found this post helpful, please give it a thumbs up. If my answer solves your problem please click Accept as Solution so others can benefit from it.

JamesT91 · ‎02-19-2025

The unfortunate reality is that you need to manage your own firmware as letting Meraki automatically update, as you have experienced, doesn't happen half the time and you end up with networks in Critical status that have not been upgraded in years.