This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exceeding 110% of user count

monday i goth this email from my utm.

i, running static addresses and have currently 20 active devices.
why does the UTM think i have 253 devices?

[CRIT-026] License usage: EXCEEDING 110% OF USER COUNT on Sophos UTM

his email was sent by your Sophos UTM software to notify
you that you have exceeded 110% of the user count for your license!

Licensed Users/IPs: 50
Counted  Users/IPs: 253

All additional users/ips except the ones listed below will be blocked.
A 10% tolerance has already been deducted.

Please contact your Sophos Partner or Sophos to upgrade your license.

Thank you,

   Sophos

-- System Uptime : 3 days 7 hours 29 minutes System Load : 0.78 System Version : Sophos UTM 9.307-6 Please refer to the manual for detailed instructions.

active.SDrtlA.txt

192.168.0.164
192.168.0.90
192.168.0.232
192.168.0.253
192.168.0.152
192.168.0.143
192.168.0.250
192.168.0.66
192.168.0.237
192.168.0.118
192.168.0.120
192.168.0.204
192.168.0.123
192.168.0.9
192.168.0.187
192.168.0.130
192.168.0.172
192.168.0.83
192.168.0.190
192.168.0.147
192.168.0.4
192.168.0.153
192.168.0.25
192.168.0.246
192.168.0.70
192.168.0.60
192.168.0.180
192.168.0.29
192.168.0.205
192.168.0.146
192.168.0.74
192.168.0.221
192.168.0.207
192.168.0.40
192.168.0.84
192.168.0.230
192.168.0.210
192.168.0.216
192.168.0.42
192.168.0.95
192.168.0.98
192.168.0.197
192.168.0.119
192.168.0.211
192.168.0.224
192.168.0.111
192.168.0.121
192.168.0.114
192.168.0.38
192.168.0.174
192.168.0.135
192.168.0.140
192.168.0.160
192.168.0.81
192.168.0.18
192.168.0.51

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Dan, it looks like someone ran an IP scan that went through the UTM. It's been documented here before, so I don't feel badly about telling you how you can reset:
cc set licensing active_ips =[]
cc set licensing user_limit_exceeded 0

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonTorrey over 8 years ago in reply to BAlfson

Bob,

Hi. How do you execute those two commands?

Thanks,
Jason
Cancel
Vote Up 0 Vote Down

Cancel
0 itsfruity over 8 years ago in reply to JasonTorrey

In the shell of course.

Enable it and set passwords at Management --> System Settings --> Shell Access
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 itsfruity over 8 years ago in reply to JasonTorrey

In the shell of course.

Enable it and set passwords at Management --> System Settings --> Shell Access
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 JasonTorrey over 8 years ago in reply to itsfruity

Thanks. This is the first time that I have used the Shell to make changes. Exciting times!

I set up a loginuser password, logged in via SSH, and attempted to run the commands but was told that I didn't have the right permissions:

loginuser@asg:/home/login > cc set licensing active_ips =[]

-bash: /usr/local/bin/confd-client.plx: Permission denied

loginuser@asg:/home/login > cc set licensing user_limit_exceeded 0

-bash: /usr/local/bin/confd-client.plx: Permission denied

What's the next step from here?
Cancel
Vote Up 0 Vote Down

Cancel
0 itsfruity over 8 years ago in reply to JasonTorrey

Set a password for the "Root" user as well.

Type: su -

Then type the root password. You're now logged in as root! Re-type the commands.
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonTorrey over 8 years ago in reply to itsfruity

Thank you. Very nice. Is the following the expected normal output for these commands?

loginuser@asg:/home/login > su -

Password:

asg:/root # cc set licensing active_ips =[]

0

{

'Nattrs' => [

'nodelist'

],

'attrs' => [],

'check' => 'input',

'datatype' => 'ARRAY',

'fatal' => 1,

'format' => 'The %_N requires %_d.',

'msgtype' => 'INCOMPATIBLE_DATA',

'name' => 'The active IP address list requires a Perl array.',

'never_hide' => 0,

'nodelist' => 'licensing->active_ips',

'value' => '=[]'

}

asg:/root # cc set licensing user_limit_exceeded 0

1

asg:/root #
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to JasonTorrey

Hi, Jason, and welcome to the UTM Community!

What do you get now when you run:

/usr/local/bin/count_active_ip.plx --showcount

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonTorrey over 8 years ago in reply to BAlfson

Bob,

Thanks. This is the result:

Totals: IPv4: 90 IPv6: 0

It would appear that something didn't work, yes?

Jason
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to JasonTorrey

Yes, it appears that Sophos decided that allowing resets was resulting in too much fraudulent use of their software. I don't know if there's a new way to clear the IP list.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonTorrey over 8 years ago in reply to BAlfson

Thanks, Bob, for your assistance with this.

It took about a week for the Sophos box to come back to its senses and report the correct amount (below the 50 limit). Why it takes that long and why you cannot influence this correction, I am left to wonder.

Jason
Cancel
Vote Up 0 Vote Down

Cancel