Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1441 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where does the license counter get the IPs from?

TPok
Hi,

we recently switched from an appliance to a software licence. Now I'm a little confused where the license counter gets the IPs from.

Whe have several subnets in separate VLANs. For example:
VLAN 100 - 10.0.0.0/24
VLAN 101 - 10.0.1.0/24
VLAN 102 - 10.0.2.0/24

They are all connected to a layer 3 switch, which has an IP address (10.0.x.254) in each subnet an acts as a router between those nets. Of course the clients use the layer 3 switch as default gateway.

The ASG is also connected to the layer 3 switch in a seperate VLAN (VLAN 199, IP of firewall = 10.0.199.1, IP of switch = 10.0.199.254). The switch uses the ASG as default gateway. So all destination IPs that can not be routed internally are forwarded to the ASG. There is no NATing in between.

Now I look at the license counter of the ASG and there is only one IP counted. It's 10.0.199.254.
So where does the license counter get the IPs from? I can see all real internal source IPs in the log files. But they are not counted.

Thanks for your input,
Stephan


This thread was automatically locked due to age.
Parents
  • 0
    somehow with the way things are routed or natted or vlaned the firewall is only seeing one ip address.  What version of astaro?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    If it's not NATted, then something in your configuration, or on the ASG, is having trouble looking at IPs on that VLAN.  Another thought -- the ASG will not count IPs attached to an interface that has a default gateway defined (as these are generally internet connections) -- does your internal interface on the ASG have a default gateway set?  IF so, remove it and create static routes (or policy routes, OSPF, etc.) instead.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to William Warren
    If it's not NATted, then something in your configuration, or on the ASG, is having trouble looking at IPs on that VLAN.  Another thought -- the ASG will not count IPs attached to an interface that has a default gateway defined (as these are generally internet connections) -- does your internal interface on the ASG have a default gateway set?  IF so, remove it and create static routes (or policy routes, OSPF, etc.) instead.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner