This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM says I keep exceeding my licensed users, but I'm not

I count around 25 IP addresses, but every day UTM seems to add more. The latest email the UTM sent me says I'm at 75 users. I've tried disabling and reenabling the DHCP server, as well as cutting the range to one IP address, then back to normal. If anything, these steps seem to make it worse. Why is this happening, and what can I do?



This thread was automatically locked due to age.
Parents
  • Hi Charles and welcome to the UTM Community!

    The UTM counts IPs that it has "seen" in the last 7 days.  It "sees" an IP if you ping it even if it's not there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the reply Bob. Two obvious questions.

    1) How do I reset the 7 day counter?

    2) I have never had over 50 devices. I've run UTM for years, but this just started a week or so ago. What created this problem?

    Not much of a jump, but this morning I'm up to 76 devices. Is there maybe a bug in the DHCP lease module?

  • You used to be able to restart the UTM I believe to get it to clear out old lease information.  I'm not sure that is really the case anymore.  An older trick was to disable DHCP, shrink your range, enable, disable, expand it back and it would clear out leases.  You could also try deleting the DHCP range altogether and recreate it.

    There is a way to SSH in and modify, but I don't know that one.  I bet Bob does though.  ;)

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Sophos "fixed" the trick that let one reset the count.  If there's a way to do it today, I'd be surprised.

    No DHCP bug that might cause this has been reported here.  Do you see a lot of active leases on the 'IPv4 Lease Table' tab?  Do you see a lot of IP assignments in the DHCP server logs?  To see all IPs in the log in March:

     # zgrep 'DHCPACK' /var/log/dhcpd/2021/03/*|grep -oP 'DHCPACK to .*? \('|sort -n|uniq -c

    It's more likely some device that's scanning a range of IPs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Sophos "fixed" the trick that let one reset the count.  If there's a way to do it today, I'd be surprised.

    No DHCP bug that might cause this has been reported here.  Do you see a lot of active leases on the 'IPv4 Lease Table' tab?  Do you see a lot of IP assignments in the DHCP server logs?  To see all IPs in the log in March:

     # zgrep 'DHCPACK' /var/log/dhcpd/2021/03/*|grep -oP 'DHCPACK to .*? \('|sort -n|uniq -c

    It's more likely some device that's scanning a range of IPs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data