Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Like Tree2Likes

Reply
 
LinkBack Thread Tools Display Modes
Member
Join Date: Aug 2009
Posts: 83
#11 (permalink)  
Old 12-05-2013, 09:25 AM
Default

Quote:
Originally Posted by AngeloC View Post
In cc, (you start in MAIN) go to licensing-->activeips@ and type =[] to clear the array
go back up (..) and then into user_limit_exceeded$ and type =0 to reset that flag
Hi Angelo,

I'm sorry, but I think I don't really understand what to do to reset the active IP's. I have been "playing around" with DHCP and now UTM thinks I'm out of IP's...
You say "in cc", is this the normal UTM management console? Because I can't type anything in the activeips tab. Or do I need to do something at the ssh console?

Sorry for not understanding, hope you can help me!
Thanks!
With kind regards,
Erwin.
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,681
#12 (permalink)  
Old 12-05-2013, 03:27 PM
Default

Erwin, those are at the command line. It's perhaps clearer to use the set command instead of going into cc:
# cc set licensing active_ips =[]
# cc set licensing user_limit_exceeded 0
Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!

Last edited by BAlfson; 06-10-2014 at 02:41 PM. Reason: new syntax: added "=" thanks to jetkins and teched
Reply With Quote
Member
Join Date: Aug 2009
Posts: 83
#13 (permalink)  
Old 12-05-2013, 04:57 PM
Default

Quote:
Originally Posted by BAlfson View Post
Erwin, those are at the command line. It's perhaps clearer to use the set command instead of going into cc:
# cc set licensing active_ips []
# cc set licensing user_limit_exceeded 0
Cheers - Bob
Hi Bob,

Thanks for your reply, I logged in on the machine using SSH.
I entered su and logged in as root.
After running cc set licensing active_ips [] the UTM gives me this;

0
{
'Nattrs' => [
'nodelist'
],
'attrs' => [],
'check' => 'input',
'datatype' => 'ARRAY',
'fatal' => 1,
'format' => 'The %_N requires %_d.',
'msgtype' => 'INCOMPATIBLE_DATA',
'name' => 'The active IP address list requires a Perl array.',
'never_hide' => 0,
'nodelist' => 'licensing->active_ips',
'value' => '[]'
}

I guess it doesn't accept the command...
After running cc set licensing user_limit_exceeded 0 it gives me back a 1, but the active IP addresses are not reset yet...

Do you know what's going wrong? I'm using UTM 9.106-17
Thanks alot in advance for your help!
Regards,
Erwin.
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,681
#14 (permalink)  
Old 12-05-2013, 06:31 PM
Default

The first line in the response is 0, so that means there was no error produced by the first command.

The user_limit_exceeded command returned a 1, indicating a failure, but it probably worked. Try:
/usr/local/bin/count_active_ip.plx --showcount
Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,060
#15 (permalink)  
Old 12-05-2013, 08:11 PM
Default

Hi, if you just want to re-use some IPs that were previously handed out by DHCP, you can:

1. lower the lease time in the DHCP settings.
2. disable and re-enable the DHCP server

Also, you should make your DHCP pool small enough so that you won't exceed the license limit.

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote
Member
Join Date: Aug 2009
Posts: 83
#16 (permalink)  
Old 12-05-2013, 11:33 PM
Default

Quote:
Originally Posted by BAlfson View Post
The first line in the response is 0, so that means there was no error produced by the first command.

The user_limit_exceeded command returned a 1, indicating a failure, but it probably worked. Try:
/usr/local/bin/count_active_ip.plx --showcount
Cheers - Bob
Hi Bob,

It's not working, /usr/local/bin/count_active_ip.plx --showcount showed me that 53 IP's are in use and I'm still gettings emails that I'm over the limit...

Thanks,
Erwin.
Reply With Quote
Member
Join Date: Aug 2009
Posts: 83
#17 (permalink)  
Old 12-05-2013, 11:36 PM
Default

Quote:
Originally Posted by BarryG View Post
Hi, if you just want to re-use some IPs that were previously handed out by DHCP, you can:

1. lower the lease time in the DHCP settings.
2. disable and re-enable the DHCP server

Also, you should make your DHCP pool small enough so that you won't exceed the license limit.

Barry
Hi Barry, thanks for your reply, but that's actually not the best thing to do, it's exactly what brought me in to this issue. After resetting DHCP server it started to give out other IP's and now the counter has hit 53, my max is 50...

regards,
Erwin.
Reply With Quote
Member
Join Date: Aug 2009
Posts: 83
#18 (permalink)  
Old 12-05-2013, 11:48 PM
Default

Quote:
Originally Posted by BAlfson View Post
The first line in the response is 0, so that means there was no error produced by the first command.

The user_limit_exceeded command returned a 1, indicating a failure, but it probably worked. Try:
/usr/local/bin/count_active_ip.plx --showcount
Cheers - Bob
Hi Bob,

When I enter "cc set licensing user_limit_exceeded 50" the UTM also gives me a 1 as an answer, but in the management console I see a change...
Under the active IP Addresses tab there are two lists, "IP addresses IN SCOPE of license" and "IP addresses OUTSIDE SCOPE of license"

"cc set licensing user_limit_exceeded 0" in SSH gives me 52 IP's in the list "IN SCOPE of license" within the management console (HTTPS://...:4444)

"cc set licensing user_limit_exceeded 50" in SSH gives me 2 IP's in the list "IN SCOPE of license" and 50 IP's in the list "OUTSIDE SCOPE of license" within the management console (HTTPS://...:4444)

Can you tell me if this is a good or a bad thing?
Thanks!
With kind regards,
Erwin.

UPDATE: It doesn't really matter, we are 5 hours later now and everything is back the way it was... All IP's are in the "IN SCOPE of license" list again...

Last edited by ehofstede; 12-06-2013 at 04:48 AM. Reason: Information update
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:48 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.