I don't know how long this has been going on since my email server stopped sending me emails from my appliance but once I fixed it, I get emails saying the following.
This email was sent by your Sophos UTM software to notify
you that you have exceeded 110% of the user count for your license!
Licensed Users/IPs: 50
Counted Users/IPs: 272
All additional users/ips except the ones listed below will be blocked.
A 10% tolerance has already been deducted.
Please contact your Sophos Partner or Sophos to upgrade your license.
-------------------
here is the deal. I only have around 5 IP's/devices on the subnet it's complaining about but the attached report shows tons if IP's on that subnet.
that subnet has a single AP hanging off of it with only 5-6 wireless devices on it (google homes, an alexa and 3 android phones). I've changed the SSID and also had my kids phones reset. I was thinking it may be a virus but at this point, I'm not sure what's going on.
I also don't see any activity from those IP's and they are not pingable.
Any idea on how to see what's going on?
what logs can I find these in? I haven't found any evidence in logs yet. I'd like to find the MAC address or something. Nothing in DHCP or DNS.
If I reboot the appliance, the count goes away but it just comes back after a few hours.
Please... if someone can lead me in the right direction, that would be great.
I've read and followed the Rulz already a few times...
Ed
This thread was automatically locked due to age.
