The Inverse team is pleased to announce the immediate availability of 
PacketFence v11.2. This is a major release with new features, enhancements and 
bug fixes. This release is considered ready for production use and upgrading 
from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network Access 
Control (NAC) solution. Boasting an impressive feature set, PacketFence can be 
used to effectively secure small to very large heterogeneous networks.

Among the features provided by PacketFence, there are:
powerful BYOD (Bring Your Own Device) capabilities
multiple enforcement methods including Role-Based Access Control (RBAC) and 
built-in network behaviour anomaly detection
state-of-the art devices identification with Fingerbank
compliance checks for endpoints present on your network
integration with various vulnerability scanners, intrusion detection solutions, 
security agents and firewalls
bandwidth accounting for all devices
A complete overview of the solution is available from the official website:
Changes Since Previous Release
New Features
Added MAB floating device support to Ruckus/Brocade switches (#6774)
Support for roles in VPN access
Allow to centralize the virtual IPs on the same server (#6853)
Added support for Kandji MDM as a provisioner
OpenWiFi switch module
Allow to manage devices (unregister) when reaching max nodes (#6860)
ISO installer based on Debian 11 (#6803)
Allow Meraki::MR_v2 module to be able to use a RADIUS Disconnect instead of 
only a RADIUS CoA
Simplify local development of Venom tests (#6711)
Integration tests on Fingerbank (#6725, #6786, #6798, #6816)
Integration tests on captive portal (#6744)
Integration tests for CLI login (#6783)
Upgrade to Venom 1.0.0 (#6775)
Upload logs of tests (#6784)
Management of TLS minimum and maximum versions in GUI (#6773)
Integration tests for Inline L2 and L3 (#6769)
Drastically improved the performance of the Ruckus unbound DPSK implementation 
Added an admin action to allow RADIUS Probe requests
Allow access to the Status/Node Manager/Device Registration pages on SAML auth.
Give each monitoring script a maximum of 10 seconds to run (#6828)
Resign CA feature in PKI (#6770)
Allow to download any certificates without private key using a button (#6778)
Fixes date format of the PKI SQL tables (#6823)
Use the Digest of the profile on SCEP request (#6823)
Improve CLI login support on Ubiquiti Edge switches (#6727)
Expose the open locationlog as a variable to switch templates.
Improve the speed on the node online query.
Message portal module can be used without the portal template.
The ip6tables rules are now managed by PacketFence (#6836)
Certificate signing requests created via the admin interface now include a 
Subject Alternative Name (SAN)
The Subject Alternative Names of a certificate are now displayed in the admin 
SSL Certificates - RADIUS / HTTPs page Simple GUI Enhancements (wording 
clarification) (#6613)
New mysql-probe service to monitor haproxy-db backends
Allow to add environment overrides to Fingerbank collector via the config 
Change the behavior of pf::condition::not_equal to always succeed when match 
value is undef
Allow to renew certificate X days before the expiration date
Send email X days before the expiration date to the user email/ profile email / 
PKI CN provides certificate for the same CN but for different profiles (profile 
name added in Subject)
Auto-revoke certificate if expired
PKI actions are now logged to the admin API audit log
Reduce list of accepted ciphers in haproxy-portal and haproxy-admin to 
reinforce security
Improved the performance of the bandwidth accounting cleanup process (#6850)
Purge binary logs task
Integration tests for firewall SSO (HTTPS/RADIUS) (#6822)
Add text warning on unreg date when past date is used (#6871)
Add an option to sync a single ConfigStore storage in the bin/cluster/sync tool 
Updated PayPal integration documentation
Bug Fixes
Reply to Windows devices configured through Intune even if they requested a 
non-existing URL (#6687)
Add RADIUS audit log entry in correct tenant when switches are defined by MAC 
address (#6540)
Fixed issue with edition of PKI template (#6713)
Fixed issue on PKI template save (#6749)
Fixed issue on PKI templates can be modified by a SCEP request (#6751)
Fixed issue with PKI From value when sending certificate by email (#6370)
Fixed documentation for Huawei (PR #6692)
Fixed issue when pulling the wrong certificate only based on the cn (#5861)
Fixed regression in the Unifi module for deauthentication of webauth clients 
when the APs are defined using an IP or CIDR in the configuration (#6686)
Fixed revoke certificate on unregistration (#6826)
Send certificates by email using alerting settings (#5917)
Validate email format on TLS Enrollment form
Fixed issue where portal could apply actions from different auth rules (#6896)
Handle DBI library ping call dying in pfconfig MySQL backend (#6895)
See for 
the complete change log.

See the Upgrade guide for notes about upgrading:
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As such, you 
are free to download and try it by either getting the new release or by getting 
the sources:

Documentation about the installation and configuration of PacketFence is also 
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free and Open 
Source NAC solution. There are multiple ways you can contribute to the project:
Documentation reviews, enhancements and translations
Feature requests or by sharing your ideas
Participate in the discussion on mailing lists 
Patches for bugs or enhancements
Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing to

You can also fill our online form ( and a 
representative from Inverse will contact you.

Inverse offers professional services to organizations willing to secure their 
wired and wireless networks with the PacketFence solution.



PacketFence-devel mailing list

Reply via email to