PacketFence v4.3.0 – Free and Open Source network access control (NAC) solution

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks. 

Here are the changes in 4.3.0:
New Features
  • Added MAC authentication support for Edge-corE 4510
  • Added support for Ruckus External Captive Portal
  • Support for Huawei S2700, S3700, S5700, S6700, S7700, S9700 switches
  • Added support for LinkedIn and Windows Live as authentication sources
  • Support for 802.1X on Juniper EX2200 and EX4200 switches
  • Added support for the Netgear M series switches
  • Added support to define SNAT interface to use for passthrough
  • Added Nessus scan policy based on a DHCP fingerprint
  • Added support to unregister a node if the username is locked or deleted in Active Directory
  • Fortinet FortiGate and PaloAlto firewalls integration
  • New configuration parameters in switches.conf to use mapping by VLAN and/or mapping by role
  • When validating an email confirmation code, use the same portal profile initially used by to register the device
  • Removed old iptables code (ipset is now always used for inline enforcement)
  • MariaDB support
  • Updated WebAPI method
  • Use Webservices parameters from PacketFence configuration
  • Use WebAPI notify from pfdhcplistener (faster)
  • Improved Apache SSL configuration forbids SSLv2 use and prioritzes better ciphers
  • Removed CGI-based captive portal files
  • For device registration use the source used to authenticate for calculating the role and unregdate (bugid:1805)
  • For device registration, we set the “NOTES” field of the node with the selected type of device (if defined)
  • On status page check the portal associated to the user and authenticate on the sources included in the portal profile
  • Merge pf::email_activation and pf::sms_activation to pf::activation
  • Removed unused table switchlocation
  • Deauthentication and firewall enforcement can now be done throught the web API
  • Added support to configure high-availability from within the configurator/webadmin
  • Changed the way we’re handling DNS blackholing when unregistered in inline enforcement mode (using DNAT rather than REDIRECT)
  • Now handling rogue DHCP servers based both on the server IP and server MAC address
Bug Fixes
  • Fixed pfdetectd not starting because of stale pid file
  • Fixed SQL join with iplog in advanced search of nodes
  • Fixed unreg date calculation in Catalyst captive portal
  • Fixed allowed_device_types array in device registration page (bugid:1809)
  • Fixed VLAN format to comply with RFC 2868
  • Fixed possible double submission of the form on the billing page
  • Fixed db upgrade script to avoid duplicate changes to locationlog table
See the ChangeLog file for the complete list of changes.
See the UPGRADE file for notes about upgrading.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s