The Inverse team is pleased to announce the immediate availability of PacketFence 4.3.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.2 is strongly advised.

     What is PacketFence ?

PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.

Among the features provided by PacketFence, there are:

 * Powerful BYOD (Bring Your Own Device) workflows
 * Simple and efficient guests management
 * Multiple enforcement methods with Role-Based Access Control (RBAC)
 * Compliance checks for computers present on your network
 * Integration with various vulnerability scanners and intrusion
   detection solutions
 * Bandwidth accounting for all devices

A complete overview of the solution is available from the official website:

     Changes Since Previous Release

*New Features*

 * Added MAC authentication support for Edge-corE 4510
 * Added support for Ruckus External Captive Portal
 * Support for Huawei S2700, S3700, S5700, S6700, S7700, S9700 switches

   Added support for LinkedIn and Windows Live as authentication sources

 * Support for 802.1X on Juniper EX2200 and EX4200 switches
 * Added support for the Netgear M series switches
 * Added support to define SNAT interface to use for passthrough
 * Added Nessus scan policy based on a DHCP fingerprint
 * Added support to unregister a node if the username is locked or
   deleted in Active Directory

   Fortinet FortiGate and PaloAlto firewalls integration

 * New configuration parameters in switches.conf to use mapping by VLAN
   and/or mapping by role


 * When validating an email confirmation code, use the same portal
   profile initially used by to register the device
 * Removed old iptables code (ipset is now always used for inline
 * MariaDB support
 * Updated WebAPI method

   Use Webservices parameters from PacketFence configuration

 * Use WebAPI notify from pfdhcplistener (faster)
 * Improved Apache SSL configuration forbids SSLv2 use and prioritzes
   better ciphers
 * Removed CGI-based captive portal files
 * For device registration use the source used to authenticate for
   calculating the role and unregdate (bugid:1805)
 * For device registration, we set the "NOTES" field of the node with
   the selected type of device (if defined)
 * On status page check the portal associated to the user and
   authenticate on the sources included in the portal profile
 * Merge pf::email_activation and pf::sms_activation to pf::activation
 * Removed unused table switchlocation
 * Deauthentication and firewall enforcement can now be done throught
   the web API
 * Added support to configure high-availability from within the
 * Changed the way we're handling DNS blackholing when unregistered in
   inline enforcement mode (using DNAT rather than REDIRECT)
 * Now handling rogue DHCP servers based both on the server IP and
   server MAC address

*Bug Fixes*

 * Fixed pfdetectd not starting because of stale pid file
 * Fixed SQL join with iplog in advanced search of nodes
 * Fixed unreg date calculation in Catalyst captive portal
 * Fixed allowed_device_types array in device registration page
 * Fixed VLAN format to comply with RFC 2868
 * Fixed possible double submission of the form on the billing page
 * Fixed db upgrade script to avoid duplicate changes to locationlog table

See the ChangeLog file for the complete list of changes:

See the UPGRADE file for notes about upgrading:

     Getting PacketFence

PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:

Documentation about the installation and configuration of PacketFence is also available:

     How Can I Help ?

PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:

 * Documentation reviews, enhancements and translations
 * Feature requests or by sharing your ideas

   Participate in the discussion on mailing lists

 * Patches for bugs or enhancements
 * Provide new translations of remediation pages

     Getting Support

For any questions, do not hesitate to contact us by writing <>

You can also fill our online form ( and a representative from Inverse will contact you.

Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.

Ludovic Marcotte  ::  +1.514.755.3630  ::
Inverse inc. :: Leaders behind SOGo ( and PacketFence 

Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
PacketFence-announce mailing list

Reply via email to