Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
I'm using a Home License on my UTM9 installation,and although it says my limit is 50 users, it never showsanything under "IP Addresses Used", basically 0 out of 50.
I am not complaining that it's not enforcing the licenseproperly, although I know I'm not over 50 devices either.
It used to count IP's at one point.
I've see other posts about it, but no solutions ...
Would you tell me if you're able to see Web Reports and other reporting data properly? Also, what troubleshooting steps you've taken so far?
What do you see when you log into SSH as root and enter cc get licensing active_ips ? It should display you a list of all active IPs.
In reply to Jaydeep:
To be honest I didn't troubleshoot it much, but yes all the reporting seemed to work ...
I've tried backing up my config and restoring after a reset but it was the same.
In the end I've setup the unit from scratch with all the settings yesterday, and today I see it populated :)
In reply to Escape75:
Thanks for the update. Let us know if you face the issue again. It might be an issue with gathering information from IPtables to check the active IP counts.
Sounds good, I'll keep an eye on it and see if it starts going funky again :)
Well I believe this issue is somewhat related to the previous one I've seen ...
This time Management Overview is not showing new logins or changes,however under Active IP I see a list, I'm suspecting it won't update though.
This is on a brand new reset and all settings were configured again from webmin,so I know it's not an error in my backup - possibly one of the setting to blame.
Other logs work just fine, network protection, usage, hardware, etc.
See the log file frozen in time after September 17th ...
This time 'cc get licensing active_ips' does display a list of active IP's ...
I was correct, after a reboot and close to 2 day uptime the Active IP List is now still empty.
This is after a full reset and manual setup of all the settings - same issue as before.
cc get licensing active_ips shows  -- that is empty.
I've tried '/etc/init.d/postgresql92 rebuild' as well as 'psql -Ureporting -c"reindex database reporting;" reporting' ...
I think one of my settings is causing the licensing to show an empty list, as well as prevents showing new webadmin sessions ...
See my additional comments,- the issue is back even though I didn't do a restore and re-setup the box manually again.
Thanks for the posts and additional details. Since you've checked the database already, I assume there are no issues with the Log Disk partition filling up.
Would you please check kernel, selfmon, fallback and system logs to see anything unusual coming up?
As far as free space, I think everything looks fine:
No error messages or weird entries in Kernel, Selfmon, Fallback, and System messages that I can see.
Under user authentication I've noticed the following when logging in:
2019:09:24-15:30:30 xxx aua: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
2019:09:24-15:30:30 xxx aua: id="3006" severity="info" sys="System" sub="auth" name="Child 17721 is running too long. Terminating child"
2019:09:24-15:30:30 xxx aua: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="192.168.x.x" host="" user="admin" caller="webadmin" engine="local"
Still nothing new in active ip addresses or last webadmin sessions.
I should also add that under Application Control I see these types of messages, but I've always been getting them so I think they're safe to ignore:
2019:09:24-15:40:08 xxx afcd: vy_plugin: E: failed to parse DNS RR in answer section of length 13 at offset 4 [...], unsupported resource records class (Resource temporarily unavailable)
2019:09:24-15:40:31 xxx afcd: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 116 from 192.168.x.x:5353 to 126.96.36.199:5353 [...]
I have a suspicion it's one of my settings that's causing this, but none of the settings I've changed should've been able to do this in the first place.
Only that can explain why setting up the box twice, and re-doing all the settings manually would result in the same exact situation in the end.
Just wanted to report that after the update to UTM 9.700 final there's no change ...
Still not showing any used IP addresses, or any new configuration changes / logins under management.
I could provide a config backup that would replicate this issue most likely, if Sophos is interested ...
9.701-6 still doesn't fix the issues with no IP addresses being reported under Licensing ..
Also the Last WebAdmin sessions are always blank, as it's tied to the other issue ...
I've tried re-imaging the unit but restored the same config file, with same end result.
So I know the issue is with the config file, although I've re-applied all the settings by
hand on a box that was reset and ended up with exact same issue, so it's a particular
setting that's causing this but I don't know which one ...
I'm running on a custom LAN subnet address, with bridged ports eth1,2,3, and eth0 is default gw.
Webadmin is on port 443, bunch of Network Definition customization, also a custom DHCP server
range that's using custom mappings (via mac) for all clients, but nothing that should cause this ...
I've sent you a DM. Please check.
It looks like I’ve figured it out, “Reporting Settings” were all turned off and that was the cause ...