Dear Community,
Recently I installed Sophos UTM 9 (.407-3)
After a few days I had issues with the number of Active IP Addresses. It now says that there are 245 IP's in use (exceeds licence by 190).
This can't be, because I don't have more than 40 devices. Besides that, those devices have a ‘static’ IP, assigned from a Windows Server 2012 DHCP server.
If I take a look at the WebAdmin > Licensing > Active IP Addresses I see the most illogical IP's. The DHCP range on the Windows Server is .20 to .199, however, only 25 IP's are currently leased. The highest IP that is used is .83.
Now back at the WebAdmin again, I see the strangest addresses, for example .251. There is no way that I would use that IP address and it cannot be leased or something.
What I tried to do to solve the problem:
- First of all I did a Ping to a lot of the addresses. Results: the host cannot be found;
- I deleted the DHCP range on the Sophos UTM. Although it was disabled, I thought that it may interfere or something;
- Second I disconnected some devices, of which I suspected them of weird behaviour. Result: none.
Every time I cleared the licensed IP through the terminal with the CC command. But still after a day or so I recieved a mail that all addresses are used again.
I thought of looking in the logs, but I don’t know which logs too look at (anybody has a suggestion?).
I think it is either one of two problems; 1. There is a faulty device in my network, what I using a lot of different IP’s (that’s why I wanted to look in the logs, if it would be the same device you 'should be able to' recognise it by the MAC address) of 2. There’s something wrong with Sophos (a.k.a. it is placing almost the whole range of the 192.168.188.x network in de Licensed IP table).
And that Sophos is acting weird, I noticed that because of some other things. For example; although the IP limit was reached, I was able to go on the internet, with devices while their IP addresses where in the ‘outside scope’ box. in my believe; shouldn't they be blocked?
For now it seems like the IP licence isn’t doing anything. I was also able to connect through VPN and have internet access, while I used a ‘new’ IP with the VPN (SSL VPN Pool, a 10.x.x.x address).
Also, sometimes it seemed like it took really a lot of time to repopulate the tables in the WebAdmin > Licensing > Active IP Addresses. I tried to refresh it, but after half an hour of waiting and no change, I gave up (I connected to the internet on multiple devices by then, without any trouble, so they should be listed there).
To prove that I truly am a home user, I have attached a screenshot from the Web Protection Statistics, where you can see that there are only 21 unique users. (and for what I thought, there are only about 21 users at all, who access the internet. Anyways by far not 245).
I tried to be as clear as possible, but if you have any questions, I’be happy to answer.
Your help is greatly appreciated!
Kind regards,
Adriaan Heijboer
WebAdmin > Web Protection Statistics.PNG https://drive.google.com/open?id=0BwoVESK-l0ChTEY1VWl0UzAxZWM
This thread was automatically locked due to age.
