Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Some devices cannot connect - licensing issue?
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Hi,

I am working with a remote admin who has a new 5-user Kerio Box.

He wants only to use the firewall and site-to-site VPN features. Users do not need authentication against the Kerio box. There are only 4 users at the site, but, again, they are not authenticating. They do not have accounts set up on the box.

He has about 30 devices on a LAN .

He has some devices that cannot connect to the internet.

Dashboard shows 0 active users, 21 active devices.

The following error repeats error in the error log.

[28/May/2014 08:28:01] License error: License exhausted, cannot allow another host (192.168.5.85).

We tried alloacting all LAN IP addresses to a group and assigning that group to the admin user, but that has not helped.

Does he need extra user licenses for the devices, even though he is not using authentication? Since there are 30 devices, does this mean he needs a license for 6 user accounts, allowing 5 devices each?

This document appears to suggest that, but it is not very clear: http://kb.kerio.com/product/kerio-control/registration-and-l icenses-kerio-control/licenses-and-registrations-in-kerio-co ntrol-1300.html

If not, where should we look for a problem?

Thanks,

ft.

[Updated on: Thu, 29 May 2014 16:08]

  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
Hello Fishtech,

You are absolutely correct. It's five devices per "User", so thirty devices needs six user licenses.


Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Thanks for the info.

How do you guys define a "device"?

Thanks,

ft.
  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
A device is anything such as a Mac/PC; Smartphone or tablet. Network devices, such as a NAS also count.

Pretty much anything which has its own MAC address, gets an IP address, and needs access to the firewall.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Thanks...


Quote:
Pretty much anything which has its own MAC address, gets an IP address, and needs access to the firewall.



Does that mean...


has its own MAC address AND gets an IP address via DHCP from Kerio Control AND accesses the firewall.


How about if it has fixed IP (not allocated by Kerio Control) and accesses the firewall?

How about if it gets an IP via DHCP from Kerio Control, but does not access the firewall (say, a printer)?

Thanks,

ft.

[Updated on: Fri, 30 May 2014 15:06]

  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
If it has an IP address - regardless of where it gets it from - it counts as a device.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
OK, thanks.

Say we have 50 printers on the LAN and 50 IP phones. The printers & phones NEVER touch the firewall. The printers & phones do get IP addresses via DHCP from Control.

Does each printer and each phone each count as a device because they use DHCP, even though they do not touch the firewall?

I ask since right now I am doing DHCP with OSX server. I have been planning a switch to use Control but was unaware of the device limits despite being a control user for ~2 years.

Thanks,

ft.

[Updated on: Fri, 30 May 2014 16:08]

  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
Printers - provided they don't access the internet will not be counted. Phones will, because they undoubtedly will be used for email, browsing, software updates etc.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
OK. thanks.

For info, our 50 IP phones are desktop phones (not iPhones, etc). They connect to Kerio Operator on the LAN and do not ever need to cross the firewall.

So to clarify, my understanding is...


A "device" in the context of Kerio licensing is a device which touches the firewall of Kerio Connect.

A device which gets a DHCP address from Kerio Control, but which does not touch the firewall of Kerio Connect, does not count as a "device" in terms of Kerio Connect licensing.


Is this correct?

Thanks,

ft.
  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
As I understand it, yes.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
More clarification.

If the Kerio Connect device is configured as the default gateway for all devices, then won't everything on the network send packets to the gateway for it to determine whether it should be routed locally or to the internet? If so, would that traffic activate the license check and essentially require everything to need a license?

[Updated on: Fri, 06 June 2014 15:46]

  •  
ltc

Messages: 1
Karma: 0
Send a private message to this user
As I understand it that is not how it works.
All devices use their own ip-number and net mask to determine if traffic is local or if it has to be sent to the gateway/router.
If it worked like you suggest the gateway/router would become a serious bottleneck.

If you don't set the gateway address on a device I guess Kerio Control will not know about it and cant block it because of not enough licenses. I have at least seen this behavior with other equipment using licenses restrictions based on simultaneous mac addresses used.
Previous Topic: CPU 100% with 8.2.x
Next Topic: Error Log - Socket error: Unable to bind socket to address 0.0.0.0, port 80
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 03:37:13 CEST 2017

Total time taken to generate the page: 0.00505 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.