IP counting works for me with 7.892 and a limited license. Didn't try for IPv6 IPs, so cannot say for sure.
I stumbled however about two things that at first I thought was a bug, but after thinking about the way we count IP addresses was understandable to me:
If I connect to a content filter (e.g. http proxy) via the WAN interface, those IP addresses using the proxy from the "WAN" are not counted licensewise.
As we do not (up to my knowledge) count IP addresses from the WAN interface, otherwise we'd count the whole internet, this is probably the reason for this behaviour.
This is something we might consider changing: also counting every unique IP address that connects to one of our proxy services, even if the connection comes from the WAN interface.
On the other hand, all not WAN facing IP addresses that are configured on the firewall's interfaces are counted. I have configured two local subnetworks, for both are the interface IPs also listed within the active IP addresses.
IP counting works for me with 7.892 and a limited license. Didn't try for IPv6 IPs, so cannot say for sure.
I stumbled however about two things that at first I thought was a bug, but after thinking about the way we count IP addresses was understandable to me:
If I connect to a content filter (e.g. http proxy) via the WAN interface, those IP addresses using the proxy from the "WAN" are not counted licensewise.
As we do not (up to my knowledge) count IP addresses from the WAN interface, otherwise we'd count the whole internet, this is probably the reason for this behaviour.
This is something we might consider changing: also counting every unique IP address that connects to one of our proxy services, even if the connection comes from the WAN interface.
On the other hand, all not WAN facing IP addresses that are configured on the firewall's interfaces are counted. I have configured two local subnetworks, for both are the interface IPs also listed within the active IP addresses.
You don't really want us to open up the ASGs and make them license-dos-able. Or do you? I could write a license-dos attack in three-four lines of perl or bash.
The only feature, where it might make sense is the WAF/reverse proxy.
And btw: running the http-proxy so that everybody on the internet can (ab-)use it, might not be a clever idea too.
