Ludovic Marcotte
2017-04-19 17:47:30 UTC
The Inverse team is pleased to announce the immediate availability of
PacketFence v7.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:https://packetfence.org/about.html
Changes Since Previous Release
*New Features*
*
Added provisioning support for SentinelOne (PR#1294)
*
Added MariaDB Galera cluster support
(PR#2002/PR#2023/PR#2039/PR#2040/PR#2041/PR#2043/PR#2044/PR#2070/PR#2076/PR#2079/PR#2080/PR#2082/PR#2090)
* All services are now handled by systemd (PR#2010)
*
IPv6 network stack in PacketFence (PR#2024)
* New Golang-based HTTP dispatcher (#1301/PR#2029/PR#2067)
* New Golang-based pfsso service to handle the firewall SSO requests
(#1144/PR#2037/PR#2062)
* Revamped Web administration interface (PR#2108)
*Enhancements*
* SNMP traps are now handled in pfqueue (PR#1656)
* Added the ability to grant CLI write access for Extreme Networks
switches (PR#1699)
* Added a distributed cache for the accounting information to safely
disable the SQL accounting records in active/active clusters (PR#1715)
* Reduced the number of ipset calls when adding ports for Active
Directory (PR#1886)
* pfmon tasks have their own configuration file (PR#1918)
* new command "pfcmd pfmon" - for running pfmon tasks via pfcmd (PR#1918)
* CentOS repositories (packetfence and packetfence-devel) packages are
now signed (PR#1946)
* Added way to unregister devices that were inactive for a certain
amount of time (maintenance.node_unreg_window) (PR#1948)
* Added a new last_seen column to nodes table to track their last
activity (Authentication, HTTP portal, DHCP) (PR#1948)
* Delete nodes based on the new last_seen column instead of looking at
the last DHCP packet (PR#1948)
* iplog: Floored lease time for "tolerance" (#1965/PR#1968)
* Can now restart the switchport where a node is connected from the
administration interface (PR#2006)
* Added interface description to location entries (PR#2007)
* New pffilter filtering engine (PR#2032)
* Ability to manage multiple "active" endpoints behind a single
switchport (PR#2034)
* pfdhcplistner now runs as a master-worker style service (PR#2036)
*
Added a winbindd wrapper for the PacketFence managed winbindd
processes (#2065/PR#2038/PR#2069)
* Added a caddy middleware for rate limiting the concurrent
connections (PR#2055)
*
Updated the Ruckus SmartZone module to use the most recent webauth
technique available (PR#2059/PR#2088)
*
Added vsys support for PaloAlto firewall SSO modules (PR#2061)
* Portal Profile has been renamed to Connection Profile (PR#2066)
* Moved common flows / process of DHCP processors in base class (PR#2086)
*
Removed PacketFence-Authorization-Status attribute from the RADIUS
replies to prevent RADIUS replies from being discarded due to an
unknown attribute (#2085/PR#2087)
* Added option to fetch users one by one in the NTLM cache instead of
all together (PR#2093)
* New parallel testing infrastructure (PR#2094)
* Roles are now stored in a configuration file for easier backup and
management (PR#2097)
* Tightened up HAproxy's SSL termination security (#893/#410/#411/#412)
* Tightened up Apache's encryption security by requiring TLS v1.2
support only and restricted cipher suites (#893/#410/#411/#412)
* Clickjacking attack prevention enforcement for recent browsers (PR#2111)
* Cross-site scripting (XSS) filtering is now requested from your
browser (PR#2114)
* Dell N2000 series support (#675/PR#2115)
* All logging is now done through syslog (PR#2124)
*
IP forwarding is now activated by default per PacketFence package
installation (#2145/PR#2146/PR#2148/PR#2149)
* Added more fine grain stats for the captive portal (#1962/PR#2173)
* Many documentation improvements (PR#2136/PR#2214)
*Bug Fixes*
* Fixed addition of an UDP SRV record port as a TCP port (PR#1886)
* Restored pf::api compatibility to Sourcefire module (#2048/PR#2019)
* Avoid opening a double entry with wrong accounting values (PR#2113)
* Added the ability to "format" the CN when using PKI (#2116/PR#2119)
* pfdhcplistener doesn't work on a monitor interface (#1377)
* pfqueue stats: Outstanding Task Counters isn't accurate (#1726)
* pfdhcplistener: Segfaulting when keepalived transitions quickly from
backup/master/backup (#1737)
* pfdhcplistener takes a minute to die (#1791)
* captive-portal: i18n labels for dynamic fields (#1911)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-7.0.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-7.0.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:https://packetfence.org/download.html
Documentation about the installation and configuration of PacketFence is
also available:https://packetfence.org/support/index.html#/documentation
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
PacketFence v7.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:https://packetfence.org/about.html
Changes Since Previous Release
*New Features*
*
Added provisioning support for SentinelOne (PR#1294)
*
Added MariaDB Galera cluster support
(PR#2002/PR#2023/PR#2039/PR#2040/PR#2041/PR#2043/PR#2044/PR#2070/PR#2076/PR#2079/PR#2080/PR#2082/PR#2090)
* All services are now handled by systemd (PR#2010)
*
IPv6 network stack in PacketFence (PR#2024)
* New Golang-based HTTP dispatcher (#1301/PR#2029/PR#2067)
* New Golang-based pfsso service to handle the firewall SSO requests
(#1144/PR#2037/PR#2062)
* Revamped Web administration interface (PR#2108)
*Enhancements*
* SNMP traps are now handled in pfqueue (PR#1656)
* Added the ability to grant CLI write access for Extreme Networks
switches (PR#1699)
* Added a distributed cache for the accounting information to safely
disable the SQL accounting records in active/active clusters (PR#1715)
* Reduced the number of ipset calls when adding ports for Active
Directory (PR#1886)
* pfmon tasks have their own configuration file (PR#1918)
* new command "pfcmd pfmon" - for running pfmon tasks via pfcmd (PR#1918)
* CentOS repositories (packetfence and packetfence-devel) packages are
now signed (PR#1946)
* Added way to unregister devices that were inactive for a certain
amount of time (maintenance.node_unreg_window) (PR#1948)
* Added a new last_seen column to nodes table to track their last
activity (Authentication, HTTP portal, DHCP) (PR#1948)
* Delete nodes based on the new last_seen column instead of looking at
the last DHCP packet (PR#1948)
* iplog: Floored lease time for "tolerance" (#1965/PR#1968)
* Can now restart the switchport where a node is connected from the
administration interface (PR#2006)
* Added interface description to location entries (PR#2007)
* New pffilter filtering engine (PR#2032)
* Ability to manage multiple "active" endpoints behind a single
switchport (PR#2034)
* pfdhcplistner now runs as a master-worker style service (PR#2036)
*
Added a winbindd wrapper for the PacketFence managed winbindd
processes (#2065/PR#2038/PR#2069)
* Added a caddy middleware for rate limiting the concurrent
connections (PR#2055)
*
Updated the Ruckus SmartZone module to use the most recent webauth
technique available (PR#2059/PR#2088)
*
Added vsys support for PaloAlto firewall SSO modules (PR#2061)
* Portal Profile has been renamed to Connection Profile (PR#2066)
* Moved common flows / process of DHCP processors in base class (PR#2086)
*
Removed PacketFence-Authorization-Status attribute from the RADIUS
replies to prevent RADIUS replies from being discarded due to an
unknown attribute (#2085/PR#2087)
* Added option to fetch users one by one in the NTLM cache instead of
all together (PR#2093)
* New parallel testing infrastructure (PR#2094)
* Roles are now stored in a configuration file for easier backup and
management (PR#2097)
* Tightened up HAproxy's SSL termination security (#893/#410/#411/#412)
* Tightened up Apache's encryption security by requiring TLS v1.2
support only and restricted cipher suites (#893/#410/#411/#412)
* Clickjacking attack prevention enforcement for recent browsers (PR#2111)
* Cross-site scripting (XSS) filtering is now requested from your
browser (PR#2114)
* Dell N2000 series support (#675/PR#2115)
* All logging is now done through syslog (PR#2124)
*
IP forwarding is now activated by default per PacketFence package
installation (#2145/PR#2146/PR#2148/PR#2149)
* Added more fine grain stats for the captive portal (#1962/PR#2173)
* Many documentation improvements (PR#2136/PR#2214)
*Bug Fixes*
* Fixed addition of an UDP SRV record port as a TCP port (PR#1886)
* Restored pf::api compatibility to Sourcefire module (#2048/PR#2019)
* Avoid opening a double entry with wrong accounting values (PR#2113)
* Added the ability to "format" the CN when using PKI (#2116/PR#2119)
* pfdhcplistener doesn't work on a monitor interface (#1377)
* pfqueue stats: Outstanding Task Counters isn't accurate (#1726)
* pfdhcplistener: Segfaulting when keepalived transitions quickly from
backup/master/backup (#1737)
* pfdhcplistener takes a minute to die (#1791)
* captive-portal: i18n labels for dynamic fields (#1911)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-7.0.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-7.0.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:https://packetfence.org/download.html
Documentation about the installation and configuration of PacketFence is
also available:https://packetfence.org/support/index.html#/documentation
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) and Fingerbank (http://fingerbank.org)
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) and Fingerbank (http://fingerbank.org)