The Inverse team is pleased to announce the immediate availability of PacketFence v7.3. This is an important release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

     What is PacketFence?

PacketFence is a fully supported, trusted, Free and Open Source Network Access Control (NAC) solution. Boasting an impressive feature set, PacketFence can be used to effectively secure small to very large heterogeneous networks.

Among the features provided by PacketFence, there are:

 * powerful BYOD (Bring Your Own Device) capabilities
 * state-of-the art devices fingerprinting with Fingerbank
 * multiple enforcement methods including Role-Based Access Control
   (RBAC) and hotspot-style
 * compliance checks for endpoints present on your network
 * integration with various vulnerability scanners, intrusion detection
   solutions, security agents and firewalls
 * bandwidth accounting for all devices

A complete overview of the solution is available from the official website:

     Changes Since Previous Release

*New Features*


   Added a RADIUS only mode to PacketFence

 * Add a cluster wide view of pfqueue statistics (#2195) (PR #2573)
 * Added the possibility of importing switches from a CSV file (PR #2480)


 * The GUI will now display the VLAN in the locationlog view
 * The timezone is now a selectable item to prevent invalid input
 * Updated ACE text editor to version 1.2.8
 * Search forms for nodes and users can now be reset (PR #2555)
 * Configuration files can now be saved in read-only mode except
   violation, switches, role (#2464) (PR #2566)
 * Extended descriptions are now supported in the custom reports
 * Mail can now be sent using SSL and StartTLS (PR #2446)
 * Self-signed certificate errors for Nessus 6 can now be ignored (PR
 * Violations can now be triggered by Nessus 6 scanner (PR #2568)
 * The device registration page now supports connection profiles like
   any other portal
 * The username sent in firewall SSO now supports a configurable format
   (PR #2499)

   PacketFence will now monitor TLS certificates expiration and alert
   if they are expired (PR #2444)

 * LDAP source caching is now caching the rule match rather that the
   whole source match (PR #2560)
 * The admin GUI startup time has been decreased (#2545)
 * New and improved documentation for Debian clustering
 * Show DHCP Option82 data in the node view (#2396)
 * Custom reports columns representing a node or a user can now be
   configured to be clickable for details on the object in question
   (#PR 2508)
 * New Fortigate 50E 802.1x support
 * The computer authentication username can now be normalized when
   using EAP-TLS (PR #2414)
 * Added a task count jitter to reduce the chance that pfqueue workers
   exit at the same time
 * Experimental support for Content Security Policy (CSP) has been
   added, but is disabled by default (PR #2336)
 * A violation can now redirect to a URL specified in a template (PR #2400)

*Bug Fixes*

 * The syslog parser has moved from Compliance to Integration in the
   GUI (#2467)
 * pfsso now logs in packetfence.log (#2553) (PR #2557)
 * httpd.dispatcher now logs in httpd.dispatcher.log (PR #2557)
 * Fixed incorrect inline sub type detection
 * Fixed ipset update with the incorrect ip address
 * Fixed missing confirm prompt when restarting all services via the
   admin interface (#2365) (PR #2571)
 * Fixed violation definition sync when removing a violation from the
 * Fixed incorrect Connection-Type when using EAP-TTLS (#2582)
 * Fixed VoIP logic to reduce the chance of duplicate locationlog
   entries (#2527)
 * Fixed SNMP connection issues on Extricom controllers
 * Fixes segfaults when logging in the multithread environments (#2603)
 * reuseDot1x: Changed the way authentication sources are matched with
   realms regarding a security concern(#2536)
 * Trust the wsrep_ready flag of MariaDB Galera cluster for read only
   detection as putting the DB in read-only can result in occasional
   de-synchronization between members. (#2593) (PR #2594)
 * Run the configreload as the pf user when done through pfcmd (PR #2510)
 * Run the 6.0+ upgrade scripts as the pf user to prevent permissions
   issues after running them (PR #2509)
 * Fixed incorrect NULL realm use when authenticating to the admin GUI
 * Enforced use of the system time instead of browser time when using
   preset time values (#2559)
 * Logging into the status page when reuse dot1x is enabled is no
   longer broken (#2542) (PR #2598)

See the complete change log.

See the UPGRADE file for notes about upgrading:

     Getting PacketFence

PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release or by getting the sources:

Documentation about the installation and configuration of PacketFence is also available:

     How Can I Help?

PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:

 * Documentation reviews, enhancements and translations
 * Feature requests or by sharing your ideas

   Participate in the discussion on mailing lists

 * Patches for bugs or enhancements
 * Provide new translations of remediation pages

     Getting Support

For any questions, do not hesitate to contact us by writing <>

You can also fill our online form ( and a representative from Inverse will contact you.

Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.

Ludovic Marcotte  ::  +1.514.755.3630  ::
Inverse inc. :: Leaders behind SOGo (, PacketFence 
( and Fingerbank (

Check out the vibrant tech community on one of the world's most
engaging tech sites,!
PacketFence-devel mailing list

Reply via email to