"License usage: EXCEEDING 110% OF USER COUNT on Sophos UTM"

Question

I'm really confused. I just received this email stating i have like 192 devices on my network.. when i don't? DHCP on my 2012 r2 server shows like 20 IP's were to handed out and most of the time they are not even on. Message in the email says 
 "This email was sent by your Sophos UTM software to notify you that you have exceeded 110% of the user count for your license! Licensed Users/IPs: 50 Counted Users/IPs: 192 All additional users/ips except the ones listed below will be blocked. A 10% tolerance has already been deducted." 
 
 Can someone explain this to me? Because DHCP most definitely hasn't handed out that many IPs nor do I have that many users.

UThomas · Accepted Answer

ARP Proxy on internal interface is disabled, but I get the same result with Windows 10. Strange. Or is this another "feature" of 9.410-6 (Update: NO: It's Win10)

Edit: Windows 10 is sending the Ping request for 192.168.0.7 to the MAC address of the Sophos. Win7 doesn't do that if there is no arp respone.

dirkkotte · Answer

look to management / licensing / active IP's 
 here you should see used IP's from last 7 days.

BAlfson · Answer

Sean, if you don't mind losing your logs, graphs and reporting data, you can reload from a new ISO and restore a configuration backup. 
 IMPORTANT: You can restore a 9.408 backup to a 9.409 system, but you cannot restore 9.409 to 9.408. Be sure you have the right backups and ISO. 
 Cheers - Bob