Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 6109 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(Free License) --> License usage: EXCEEDING 90% OF USER COUNT - false counting?!

MatthiasGinster

Dear All,

today my UTM notified me that I'm exceeding 90% of the user-count.
(So this means 45 devices / IP's)
As I know that this is depending on IP-addresses used, I got a Home edition with 50 IP's, I really wonder how the UTM counts.

When running a network scan with either netscanner or fing etc. there is never more than 35 devices that I can find. (and there shouldn't be any other at all!)
The hosts I've configured are even less with a count of 13, the other ones are DHCP assigned.

While I was about to get mad, I at least saw in the license overview the IP's used. I can see that these are only from my internal network range.
This list features lots of IP's I can't find in my network and got no idea where these come from, considering the DHCP lease time (see below).

So two questions:

1. How does this count actually work? Even while it sounds stupid while writing, to me it looks like the UTM is counting wrong at some point.
2. Are there probably any old IP's in this list and if yes, how to tidy it up?

Some information beside:

The UTM has two AP's (1xAP15 & 1xAP55C) whichs IP's are included in the 35 devices.
There is an "internal" WIFI which is bridged into the internal network one guest network. The guest didn't have any clients in days (and therefore no DHCP leases).
I'm using SSLVPN, but during ~1 week I haven't used it and there was no VPN IP listed in the license-list.
The UTM is using two NIC's, one for the internal network and one for WAN (which has a fixed IP), the internal IP is also counted in 35 devices.
The UTM is installed on a quad-core-celeron board with 4gb RAM and 64gb SSD, SDD is almost empty, RAM usage is ranging around 75%.
The DHCP lease-time is 86400s (24h).


I'd appreciate any help - I tried whatever I could find but I'm in the need for external expertise.

Regards,
Matthias





This thread was automatically locked due to age.
Parents
  • 0

    One of the annoyances is that IPv6 addresses are counted in this license limit as well, which means that devices that are dual stacked count as 2 licenses.

     

    What's your DHCP time-out?  It possible that you are getting new IP addresses for your devices before the license count has flushed.

    Tim Grantham

    Enterprise Architect & Business owner

  • 0 in reply to BLS

    Thanks guys, this doesn't solve anything so far...

    1. ManBearPig: The 35 devices I've mentioned (it may be +/- 3) are all devices that have been in the network for about 2-3 weeks (probably for even longer).
    There is no such thing that one device was active days ago and is inactive and replaced by another so that both will count.

    2. xnsys: I'm not using any IPV6, with 50 devices there is no benefit for me plus that I have no idea about it :-). In the UTM IPV6 is disabled.
    The DHCP time-out is as per my post 86400s --> 24h.
    I've checked again and the actual count is 44 IP's, yesterday it was 46/50.

    What makes me wonder is the following:

    I've been on vacation for 3 weeks and therefor not at home connected to my network (only  few times via VPN). i also doubt that anyone else was logged in, while the only way would be WIFI (if from outside of the house) and there is no additional device in the WIFI management. I came back the 26th and received the warning on 27th.
    So even while a lot of devices (maybe 20?) have been online during my absence, all devices which probably had different IP's before my vacation should be already cleared from the IP-license list during the first 7 days after my vacation.
    So how can be all the IP's I can't find in the list...? And is there a way to clear the list faster than 7 days? (Just imagine a friend visiting me for a few hours, his IP will "block" my network for another 7 days)

    Regards,
    Matthias

Reply
  • 0 in reply to BLS

    Thanks guys, this doesn't solve anything so far...

    1. ManBearPig: The 35 devices I've mentioned (it may be +/- 3) are all devices that have been in the network for about 2-3 weeks (probably for even longer).
    There is no such thing that one device was active days ago and is inactive and replaced by another so that both will count.

    2. xnsys: I'm not using any IPV6, with 50 devices there is no benefit for me plus that I have no idea about it :-). In the UTM IPV6 is disabled.
    The DHCP time-out is as per my post 86400s --> 24h.
    I've checked again and the actual count is 44 IP's, yesterday it was 46/50.

    What makes me wonder is the following:

    I've been on vacation for 3 weeks and therefor not at home connected to my network (only  few times via VPN). i also doubt that anyone else was logged in, while the only way would be WIFI (if from outside of the house) and there is no additional device in the WIFI management. I came back the 26th and received the warning on 27th.
    So even while a lot of devices (maybe 20?) have been online during my absence, all devices which probably had different IP's before my vacation should be already cleared from the IP-license list during the first 7 days after my vacation.
    So how can be all the IP's I can't find in the list...? And is there a way to clear the list faster than 7 days? (Just imagine a friend visiting me for a few hours, his IP will "block" my network for another 7 days)

    Regards,
    Matthias

Children
  • 0 in reply to MatthiasGinster

    There could be your problem, if your DHCP time out is for 24 hours, and the licensing count remains for 7 days, then it is potentially possible that devices are getting a new IP address and therefore boosting the license count.

     

    I would suggest changing your DHCP timeout to 7 days.

    Tim Grantham

    Enterprise Architect & Business owner

  • 0 in reply to BLS

    Thx xnsys!

    I've changed it now - so I should see during the next days consequently how the count should go lower.
    If not I'll come back on this here.

    But what makes me wonder: I've seen often with other DHCP's that even when leases are expired, the client will get quite often the same IP as before.
    Unless the range is almost fully utilized (so when there are enough free IP's available) most DHCP-servers will assign the previous one. 

    And while looking to my problem from this point of view there seems to be no logic within.

    1. The 7 days license aging-time should be expired within the three weeks.
    There should have been plenty of free licensed IP's available.
    2. When coming back, the devices transmitting in my network should have been still within the 35 devices mentioned initially.

    Regards,

    Matthias

Unfiltered HTML