We own a Pix 501 Firewall (50 user licence). We don't physically own 50 computers and yet the Pix Firewall is reporting "407001 Licence limit of 50 exceeded" in the log file.
Most of our PC's have statically assigned IP addresses (false of habit!!), but I did also have DHCP active on the 501 for those 'rogue' laptops. Anyway, I turned off DHCP to see if that was causing the confusion. Alas, I'm still getting the problem.
Does anyone know what the 501 classes as _a_ user? Has anyone else experienced a similar problem?
If the show local-host shows less than what is mentioned by the log, it could be a bug.
%PIX-4-407001: Deny traffic for local-host interface:ip_addr, license limit of count exceeded
Explanation The host limit was exceeded. An inside host is counted toward the limit when one of the following conditions is true:
The inside host has forwarded traffic through the PIX Firewall within the last five minutes.
The inside host currently reserved an xlate connection or user authentication at the PIX Firewall.
Action The host limit is enforced on the low-end platforms. Use the show version command to view the host limit. Use the show local-host command to view the current active hosts and the inside users that have sessions at the PIX Firewall. To force disconnect one or more users, use the clear local-host command. To expire the inside users more quickly from the limit, set the xlate, connection, and uauth timeouts to the recommended values or lower.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...