Device count

[almodovaris]

Sensei says I have 19 devices, but that is cheating, since it also counts the devices which aren't protected by Sensei.

[mb]

Hi @almadovaris,

I think this comment is related to premium licensing.

Sensei counts the number of devices that are present in the network in a day. 

Technically speaking, we can -only- count a device if that device somehow communicated with the gateway/firewall - thus Sensei.
This way, Sensei is able know its presence and report it through the reports.

For licensing purposes, only IPv4 addresses are counted; so dual stack hosts are not counted twice.

We do not intend to "cheat" in any way. Please reach out to the team via "Contact us" menu located in the upper right hand corner of the UI and team will follow up with you to check.

[almodovaris]

Perhaps I should have added that it didn't stop working. It says it freely protects up to 15 devices and the mentioned 19 devices are a rather cosmetic bug. Anyway it should count each protected MAC address. I don't think anyone uses the same MAC twice since that is asking for trouble.

[hushcoden]

I'm currently using the free version and I can't see where Sensei is counting my devices: is that a feature for the premium only?

[athurdent]

I'm currently using the free version and I can't see where Sensei is counting my devices: is that a feature for the premium only?

E.g. the dashboard widget will show the number of unique devices, or the dialogue after pressing the upgrade button.

[JasonJoel]

We do not intend to "cheat" in any way. Please reach out to the team via "Contact us" menu located in the upper right hand corner of the UI and team will follow up with you to check.

I have a similar concern. I have a home premium subscription. I am only protecting a couple of networks on my firewall - not all (I have my IoT network excluded as I'm sure that would put me over 100 devices). The interfaces I'm protecting have maybe 40 devices max. But my count shows a very high number - presumably from the interfaces I'm not protecting.

Since my count is over 100 total, what is sensei going to actually do?

Here are my stats:
Active Users: 0
Unique Local Devices: 101
Unique Local Ip Address: 112
Unique Remote Ip Address: 3071

[the-mk]

do you have port forwarding in place? i.e. sending 80 or 443 from WAN to some internal device?

[JasonJoel]

I do, for wireguard. For that I had to forward UDP/51820 from WAN to LAN.

[Koldnitz]

I have also been wondering about device counts.

After Sensei began working with OpenVPN, my device count has went through the roof.

Before 1.6.1, I would have 30 to 40 unique devices, now, with the OpenVPN support, it says I have anywhere from 300 to 700+ unique local devices.

Hi @jh,

Internal memory buffers are adjusted according to IPv4 hosts. You don't need worry about IPv6 addresses.

Unique Local Hosts include both IPv4 and IPv6 addresses. If you want to see only IPv4 addresses, add a "Transport Proto" filter (Add Filter button on the top of Reports page) as TCP. Then the number of unique hosts value shows your actual device count.

We're updating Conn - Facts information to better show this information. With 1.3, you'll also have "Unique Local Devices" information.

So, for your Home Subscription, we had set it to 50 for providing a peace of mind; so it should be enough for Home use. If in any case, number of devices exceeds this, provided that it's not sustained, it should not cause a problem.

I get same amount when I use the mb's recommended way to calculate devices (above).  Please also note this was from before they adjusted home user's cap to 100 devices.

I believe Sensei is now counting the devices I am communicating with over OpenVPN as on my network.

I have never received any notice from Sunny Valley Networks about this, but I would be lying if I said I was not worried about it.

I like the home subscription and have no issue being way below its cap with the actual devices on my home network.

[almodovaris]

Yup, I saw weird stuff like public IPs considered as local hosts. I have to admit that now that seems to be gone.

Perhaps your routing is misconfigured?

[mb]

@JasonJoel, you should be fine 10%-15% excessive use if that's not in a sustained fashion.

I guess if you're protecting openvpn "server" instances, this is has a potential implication with regard to Sensei detecting the "local device"

Can people experiencing this problem confirm if they have openvpn server or openvpn client instances?

[JasonJoel]

Thanks.

I have an OpenVPN server setup that I use to connect to my home network when I am away. There are only 2 users/devices setup to connect to the system.

Another question - is there any way to protect only SOME devices on a LAN/subnet, and not have all the ones you don't care about get counted in the licensing? I can think of application for this on IoT networks for sure where I may not care about a XBOX/PlayStation but may care about some limited number of VMs/general purpose computing devices.

[Koldnitz]

Mb,

I am using OpenVPN client.  I have 2 instances (load balancing) and I force a specific subset of IP addresses through them.  One of the IP addresses has a bittorent client.

The number of clients Sensei claims are on my network only balooned after netmap was able to work with OpenVPN.

If I remove my OpenVPN instances from protected interfaces, then filter protocol = TCP and set report for 15 minutes I actually get 17 devices.  I believe in reality I have somewhere between 30 and 40 devices on my network.

There is no way I have the 400 to 700 devices that Sensei has been showing ever since I was able to protect the OpenVPN interfaces.

I believe this is an interaction between Bittorrent and Sensei.

If need be I can easily not protect OpenVPN interfaces.

My main concern is you guys notice how many devices are showing on my network and ban me from using the home version of this product.

Cheers,

[almodovaris]

Well, I did it this way: I did not protect OPT2 (ovpnc1), but I protected OPT1 (igb2). And I have fixed all routing issues. Since then, the number of devices reported by Sensei got back to normal.

[mb]

@almadovaris, thanks for the update, noted.

@Koldnitz, got it. Don't worry about it, if that happens, drop us a ticket and we'll take care of the situation

Initial packet direction (egress or ingress) is important while Sensei is deciding on which end of the connection is actually local. We have also came accross some few cases where for some UDP flows the initial packet is arriving from WAN side. I guess this situation is elavated in the VPN scenario. Still investigating this. Will post an update once we have further information.

We are working on Device Identification & Automatic Asset Discovery these days. I believe this will also improve the situation here.

@JasonJoel, unfortunately, there's not an easy way to do this at the moment. However, after the device identification feature, it is possible that we'll also revisit this.