Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 4775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Home License IP Count after IP Scan

OliverPlum

Hello there,

i've got an Home Lic with around 25 IP Adresses counted. 

I have to say that my Homelab is not a little one. I have 4 ESX Hosts with several VM's on it. 

The counter works perfect after 7 days no traffic from the IP it has been released from the list.

 

Now i started an IPScan in my Network and the Count in Sophos UTM goes to 127 and blocked IP's.

How can i resolve this issue?

 

cheers,

Olli



This thread was automatically locked due to age.
Parents
  • 0

    HI Olli,

    You can try to edit "/var/chroot-dhcps/var/state/dhcp/dhcpd.leases" and restart the DHCP server by "/var/mdw/scripts/dhcpd restart". But I am not sure if that will work as required.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi sachinggurung,

     

    that will not work because the DHCP is Windows DHCP and not Sophos.

    It's okay to wait. But i want to know why Sophos count IP Adresses after an IP Scan.

     

    Now i tried a few more IP Scans with Advanced IP Scanner and now the Limit is at 254 Adresses in /24. 

    All Adresses used in the whole subnet is quite strange. 

     

    cheers,

    Olli

  • 0 in reply to OliverPlum

    The UTM uses the Reporting Accounting log. It counts all addresses in the log, so all addresses it has seen a packet from in the last 7 days. Which means that if you have lots of PC's on your LAN that broadcast (and all do), they will be counted by the UTM, even if none of them have actually attempted to send a single packet through the UTM.

    There is a similar problem with countting when it comes to IPv6. All our internal systems are dual stack, which means double the number of licenses used, even though only a few of those systems use IPv6 through the firewall.

    Quite annoying, and in our case, expensive.

Reply
  • 0 in reply to OliverPlum

    The UTM uses the Reporting Accounting log. It counts all addresses in the log, so all addresses it has seen a packet from in the last 7 days. Which means that if you have lots of PC's on your LAN that broadcast (and all do), they will be counted by the UTM, even if none of them have actually attempted to send a single packet through the UTM.

    There is a similar problem with countting when it comes to IPv6. All our internal systems are dual stack, which means double the number of licenses used, even though only a few of those systems use IPv6 through the firewall.

    Quite annoying, and in our case, expensive.

Children
  • 0 in reply to Harro Verton

    Hi HarroVerton,

    Okay i understand but i don't have so many PC's in the Lan that can do a Broadcast. 

    The Issue must belong to the IP Scan send a Packet through UTM. 

    I switched to Sophos XG now and everything is fine. I feel more comfortable with the XG. 

    cheers,

    Olli

Unfiltered HTML