The Inverse team is pleased to announce the immediate availability of
PacketFence v10.3. This is a major release with new features,
enhancements and bug fixes. This release is considered ready for
production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* built-in network behaviour anomaly detection
* state-of-the art devices identification with Fingerbank
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
* ... and many more!
A complete overview of the solution is available from the official
website:https://packetfence.org/about.html
<https://packetfence.org/about.html>
Changes Since Previous Release
*New Features*
* Static routes management via admin gui
* Aruba CX support
* Aruba 2930M Web Authentication and Dynamic ACL support (#6158)
* Meraki DPSK support
* Ruckus DPSK support
*
Support for Ruckus SmartZone MAC authentication in non-proxy modes
(#6201)
* Bluesocket support (#5878)
*
Support for SCEP inpfpki(#6213)
*Enhancements*
* Improved the failover mechanisms when an Active Directory or LDAP
server is detected as dead
* Expiration of the local accounts created on the portal can now be
set on the source level
* pfacct and radiusd-acct can now both be enabled together
(radiusd-acct proxies to pfacct)
* Added CoA support to Aerohive module
* Added role based enforcement (Filter-Id) support to Extreme module
* Use Called-Station-SSID attribute as the SSID when possible
* Added CLI login support to Huawei switch template
* Added detectionBypass in DNS resolver (#6028)
* Improve support of Android Agent for EAP-TLS and EAP-PEAP
* Improve CLI login support on HP and Aruba switches
* Use the "Authorization" header when performing API calls to Github
in the OAuth context
* Replace xsltproc/fop by asciidoctor-pdf (#5968)
*
FortiGate Role Based Enforcement (#5645)
* Add support for roles (RBAC) for Ruckus WLAN controllers (#2530)
* Upgrade to go version 1.15 (#6044)
* Build ready-to-use Vagrant images for integration tests and send
them to Vagrant cloud (#6099)
* Documentation to configure Security Onion 2.3.10
* Added integration tests for 802.1X wireless and wireless MAC
authentication (#6114)
* Restrict create, update, and delete operations to the default and
global tenant users (#6075)
* Remove pftest MySQL tuner (#6130)
*
Allow NetFlow address to be configured (#6139)
* Deprecated fencing whitelist
* Description field for L2 and routed networks (#5829)
* Updated Stripe integration to use Stripe Elements (API v3) (#6121)
* Added Cisco WLC 9800 configuration documentation
* Inheritance on parent role on Role and Web Auth
* Enhance CLI login on SG300 switches
* Enable/disable the natting traffic for inline networks
* Remove unused table userlog (#6170)
* Clarifications on Ruckus Role-by-Role capabilities (#6201)
* DNS/IP attributes in pfpki certificates (#6213)
* Additional template attributes in certificate profile (#6213)
* Remove unused table inline_accounting (#6171)
* Make pfdhcplistener tenant aware (#6204)
*
Upgrade to MariaDB 10.2.37 (#6149)
*Bug Fixes*
* Switch defined by MAC address are not processed by pfacct in cluster
mode (#5969)
* Restart switchport return TRUE if MAC address is not found in
locationlog for bouncePortCoA (#6013)
* Switch template: CLI authorize attributes ignored (#6009)
* ubiquiti_ap_mac_to_ip task doesn't update expires_at column in
chi_cache table (#6004)
* A switch can't override switch group values using default switch
group values (#5998)
* web admin: timer_expire and ocsp_timeout are not displayed correctly
(#5961)
* web admin: Realm can't be selected as a filter on a connection
profile (#5959)
* API: remove a source doesn't remove rules from authentication.conf
(#5958)
* web admin: high-availability setting is not display correctly when
editing an interface (#5963)
* SSIDs are not hidden by default when creating a provisioner (#5952)
* with_aup is correctly displayed on GUI (#5954)
* web admin: sender is wrong when you use Preview feature (#6023)
* sponsor guest registration: unexpected strings in email subject (#3669)
* Use the proper attribute name for Mikrotik in
returnRadiusAccessAccept (#6051)
* Audit log: profile has an empty value when doing
Ethernet/Wireless-NoEAP (#5977)
* pfacct stores 00:00:00:00:00:00 MAC in DB when Calling-Station-ID is
XXXX-XXXX-XXXX (#6109)
* Update the location log when the Called-Station-Id changes (#6045)
*
Only enable NetFlow in iptables if NetFlow is enabled (#6080)
* Firewall SSO: take username from accounting data if available in
place of database (#6148)
Seehttps://github.com/inverse-inc/packetfence/compare/v10.2.0...v10.3.0
<https://github.com/inverse-inc/packetfence/compare/v10.2.0...v10.3.0>for
the complete change log.
See the Upgrade guide for notes about
upgrading:https://packetfence.org/doc/PacketFence_Upgrade_Guide.html
<https://packetfence.org/doc/PacketFence_Upgrade_Guide.html>
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:https://packetfence.org/download.html
<https://packetfence.org/download.html>
Documentation about the installation and configuration of PacketFence is
also available:https://packetfence.org/support/index.html#/documentation
<https://packetfence.org/support/index.html#/documentation>
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community
<https://packetfence.org/support/index.html#/community>)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
tosupp...@inverse.ca <mailto:supp...@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact
<https://inverse.ca/#contact>) and a representative from Inverse will
contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
lmarco...@inverse.ca :: +1.514.755.3630 :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (https://fingerbank.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
