Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 5805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active IPs counting in reverse proxy (WAF only) scenario

RadekBelsky

Hi all,

can I kindly ask, how the Active IPs are counted in the software/virtual deployment of UTM as reverse proxy (WAF only)?

E.g.: I have 10 real web servers behind the LAN interface, which I want to publish through the WAN interface to the internet.

Do I need the unlimited licence or licence for 10 users (active IPs) only?

I have read the KB https://www.sophos.com/en-us/support/knowledgebase/115453.aspx ,but still little bit confused.

(Coming from TMG2010 world [:$] )

Regards

Radek



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Radek, and welcome to the UTM Community!

    In the USA, we would sell you a 10-IP license for Network Protection and Webserver Security.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thank you for your answer.

    Let me widen my example:
    I have 10 real web servers behind the SW UTM LAN interface, published through the WAN interface to the internet.
    These web servers are visited daily by 750 unique IPs from the internet.

    What licence count do I need for UTM modules?
    10-IP licence or 750-1000-IP (with some reserve)?

    Thank you in advance.
    Radek

  • 0 in reply to RadekBelsky

    Hi Radek,

    the utm counts the protected IPs in your internal LAN.

    When you have not more than 10 IPs behind your UTM, than you need a 10IP license.

    you can check the actual counted IPs on your UTM ssh console using the following command:

    count_active_ip.plx --showcount

    Cheers Andreas

     

    UTM SCE/SCA | Endpoint SCE

Reply
  • 0 in reply to RadekBelsky

    Hi Radek,

    the utm counts the protected IPs in your internal LAN.

    When you have not more than 10 IPs behind your UTM, than you need a 10IP license.

    you can check the actual counted IPs on your UTM ssh console using the following command:

    count_active_ip.plx --showcount

    Cheers Andreas

     

    UTM SCE/SCA | Endpoint SCE

Children
  • 0 in reply to AndreasRieger

    Hi Andreas,

    I don't have any UTM installation yet, I'm in the planning phase.

    I've found this chapter in the Sophos SG Series Sizing Guide:

    How is “user” defined in licenses for software/virtual installations?

    “User”, in the sense of Sophos software licensing, are workstations, clients servers, and other devices
    that have an IP-address and are protected by or recieve service from the Sophos gateway.
    As soon as a “user” communicates with or through the gateway, their IP-address is added to
    the list of licensed devices in the gateway’s local database.
    No distinction is made if the “user” communicates with the Internet or with a device in another LAN-segment.

    It seems to me, through this description, that IPs of the clients from the internet, which are visiting the protected Web Servers, are counted too and they need to be licenced.

    Although this will be very unfair.

    Am I wrong and can you please confirm, that only protected web servers count behind the LAN interface in the WAF only (reverse proxy) software/virtual UTM deployment is needed to get licenced?

    Thank you and regards

    Radek

Unfiltered HTML