Script fails to run when using MX 16.x or higher

[jondarojas]

Hello,

When running a MX with 16.x through the script we get the following error:

MX device for xxxxx not running v15 firmware, skipping network.

[John-JBH]

mx.py contains the following so currently only v15 will work. Raised bug with Meraki to make the version check for 15 or greater.

FIRMWARE = 'wired-15'

def is_firmware_compliant(self): ''' Return if the MX is compliant to the firmware version.

    @rtype:  boolean
    @return: True / False
    '''
    return self.firmware[0:8] == FIRMWARE

[michael-melling]

Can you recommend a workaround?

[John-JBH]

Meraki DevOps are currently working the bug report raised. As Meraki are now pushing out 16.16.1 if you have allowed this, suspect they will find a fix.

Not sure what value this check has if any device above 15.x can support IKE v2. If you are running <15.x, you probably shouldn't be.

Once I have an update will add it here.

[michael-melling]

Many thanks.

I was using 16.16 and have tried 16.16.1 with the same result. I appreciate you didn't necessarily mean that upgrading the firmware would fix it, but thought I would try anyway. I might also try 17.6; just in case that works.

I will try raising a support ticket with Meraki too. Again I appreciate they are already aware, but I'm really keen to resolve this!

[michael-melling]

As a workaround, support advised me to make the following edits to the script:

  shared_code/mx.py

  Line 7 
  Old: FIRMWARE = 'wired-15'
  New: FIRMWARE = ['wired-15', 'wired-16']

  Line 145
  Old: return self.firmware[0:8] == FIRMWARE
  New: return self.firmware[0:8] in FIRMWARE

Is this viable. In our Azure environment I could not see how to access that file and wondered if it was something that was dynamically retreived from Meraki.

[John-JBH]

Michael,

If you have the relevant permissions in Azure you can edit the mx.py file. I have a follow up meeting with our provider tomorrow.

The changes suggested would work for v16 as self.firmware[0:8] in FIRMWARE

Is now treating FIRMWARE = ['wired-15', 'wired-16'] as an array.

If you go down this route you should also add FIRMWARE = ['wired-15', 'wired-16', 'wired-17']

As you can see, this may be never ending and if there is a change to the response to the API the Function is calling (Meraki may change the so that 'wired' is no longer included) the function will fail.

The Function will not remove site-to-site vpns, only add them, so this change will work for now. Anything existing will continue to work according to the documentation. Check with your Azure Admins to see if they can edit the Function.

I still think they should just remove the check and maybe add some error reporting if they see v14 come back in the API call.

I'll update with our progress once we have some.

[John-JBH]

Latest update is that Meraki are dropping support for the Azure Function. Haven't seen a formal notification yet but I think this will fail for v15 now as well.

[Michaetfp]

That is annoying, I found this last year, and Meraki have refused to comment for so long, well done for finding the reasons.

Did they mention anything to replace the function?

[phcwhi]

Having issues talking about this with Meraki myself. They are stating they won't support the code, even though the documentation is officially on their website, and the article author is the maintainer of this repo.

I don't believe it's possible to edit the mx.py code without self-hosting from your own repo. The function app is deployed from a package file and is always referencing the WEBSITE_RUN_FROM_PACKAGE app setting that would need to be updated. I thought about adding the scripts locally, but the function app also won't support the code locally within the app as it is built with the Consumption hosting plan on Linux, which only supports URL.

[Spyk3uk]

For us this just means we drop Meraki as a solution.

[subodhpatil]

Does anybody have any updates here? At least if Meraki can remove the condition of the firmware check it would be very helpful. Also editing code manually (I did), does it mean hosting it on your own git repository? How do you update the function app?

[subodhpatil]

Update, finally, I was able to download MerakiFunction.zip from git, modify the code and upload it to the storage account and then run the function app. Now the function app is working and creating VPN, and the connection is working

[subodhpatil]

Having issues talking about this with Meraki myself. They are stating they won't support the code, even though the documentation is officially on their website, and the article author is the maintainer of this repo.

I don't believe it's possible to edit the mx.py code without self-hosting from your own repo. The function app is deployed from a package file and is always referencing the WEBSITE_RUN_FROM_PACKAGE app setting that would need to be updated. I thought about adding the scripts locally, but the function app also won't support the code locally within the app as it is built with the Consumption hosting plan on Linux, which only supports URL.

You can download the code, modify and host it on a storage account. It works