Ludovic Marcotte
2015-02-05 15:03:10 UTC
The Inverse team is pleased to announce the immediate availability of
PacketFence 4.6.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.5.1 is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) capabilities
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for endpoints present on your network
* Integration with various vulnerability scanners, intrusion detection
solutions and firewalls
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* Added support for MAC authentication on the AeroHIVE Branch Router 100
* Added support for MAC authentication floating devices on Juniper EX
series, and on the Cisco Catalyst series
* Added a hybrid 802.1x + web authentication mode for Cisco Catalyst 2960
* Added a web notification when network access is granted
* Added the ability to tag functions that are allowed to be exposed
through the web API
*
Added WiFi autoconfiguration for Windows through
packetfence-windows-agent
*
Added a "Chained" authentication source where a user must first
login in order to register by SMS, Email or SponsorEmail
* Added call to the web API from the VLAN filters
* Added a way to retrieve user information after the first registration
* Added the ability to filter profiles by connection type
* Profiles can be matched by all or any of its filters
* Can optionally cache the results of LDAP rule matching for a user
* New portal profile parameter to set a retry limit for SMS-based
activation
* The information available from an OAuth source (first name, last
name, ...) are now added to the person when registering
* Allow limiting the user login attempts
* Added Check Point firewall integration for Single Sign-On
*Enhancements*
* Added httpd.aaa service as a new API service for the exclusive use
of RADIUS
* More precisely define which DHCP message types we are listening for
* Removed dead code referring to 'external' interface type which was
no longer supported
* Added VLAN filter in getNodeInfoForAutoReg and update/create person
even if the device has been autoreg
* Refactored the VLAN filter code to reduce code duplication
* Added IMG path configuration parameter in admin
* Added the ability to restrict the roles, access levels and access
durations for admin users based on their role/access level
* Reduced deadlocks caused by the cleaning of the iplog table
* Reduced deadlocks caused by the cleaning of the locationlog table
* Reorganized the portal profile configuration page
* Added checkup on Apache filters and VLAN filters
* Created a single LDAP connection when matching against multiple rules
* Reduced the numbers of entries in iplog table (update end_time
instead of closing and inserting a new line)
* Now matching on language and not only language/country combination
for violation templates (See UPGRADE guide)
*
PacketFence FreeRADIUS will return reject on "NAS-Prompt-User"
Service-Type requests (Console login using RADIUS as backend)
*
PacketFence now allows limiting the number of times a user can
request an sms message
*Bug Fixes*
* Fixed old MAC addresses being left on port-security enabled ports in
a RADIUS + port-security environment
* Fixed firewall rule that allows httpd.portal to be reached on
management IP when pre-registration enabled
* Fixed creating a new file from the Portal Profile GUI in a subdirectory
* Improved log rotation handling
* Fixed previewing templates in the admin GUI
* Fixed bulk applying of roles and violations in the admin GUI
* Fixed importing of nodes when no pid is given
* Added a cleanup of trailing and leading spaces of the posted
username during the login
* Fixed wrong regex to detect ifindex in Cisco switches
* Honor order of profiles when matching profile filters
* Fixed URI based portal profiles
* Fixed XSS vulnerabilities in the portal
* Refresh node page after updating a node
* Fixed multiple pfdhcplistener spawning
* Fixed double display of the user page
* Fixed displaying of rules description after updating source
* Removed executable bit on some files which do not require it
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.6.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.6.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
PacketFence 4.6.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from 4.5.1 is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* Powerful BYOD (Bring Your Own Device) capabilities
* Simple and efficient guests management
* Multiple enforcement methods with Role-Based Access Control (RBAC)
* Compliance checks for endpoints present on your network
* Integration with various vulnerability scanners, intrusion detection
solutions and firewalls
* Bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* Added support for MAC authentication on the AeroHIVE Branch Router 100
* Added support for MAC authentication floating devices on Juniper EX
series, and on the Cisco Catalyst series
* Added a hybrid 802.1x + web authentication mode for Cisco Catalyst 2960
* Added a web notification when network access is granted
* Added the ability to tag functions that are allowed to be exposed
through the web API
*
Added WiFi autoconfiguration for Windows through
packetfence-windows-agent
*
Added a "Chained" authentication source where a user must first
login in order to register by SMS, Email or SponsorEmail
* Added call to the web API from the VLAN filters
* Added a way to retrieve user information after the first registration
* Added the ability to filter profiles by connection type
* Profiles can be matched by all or any of its filters
* Can optionally cache the results of LDAP rule matching for a user
* New portal profile parameter to set a retry limit for SMS-based
activation
* The information available from an OAuth source (first name, last
name, ...) are now added to the person when registering
* Allow limiting the user login attempts
* Added Check Point firewall integration for Single Sign-On
*Enhancements*
* Added httpd.aaa service as a new API service for the exclusive use
of RADIUS
* More precisely define which DHCP message types we are listening for
* Removed dead code referring to 'external' interface type which was
no longer supported
* Added VLAN filter in getNodeInfoForAutoReg and update/create person
even if the device has been autoreg
* Refactored the VLAN filter code to reduce code duplication
* Added IMG path configuration parameter in admin
* Added the ability to restrict the roles, access levels and access
durations for admin users based on their role/access level
* Reduced deadlocks caused by the cleaning of the iplog table
* Reduced deadlocks caused by the cleaning of the locationlog table
* Reorganized the portal profile configuration page
* Added checkup on Apache filters and VLAN filters
* Created a single LDAP connection when matching against multiple rules
* Reduced the numbers of entries in iplog table (update end_time
instead of closing and inserting a new line)
* Now matching on language and not only language/country combination
for violation templates (See UPGRADE guide)
*
PacketFence FreeRADIUS will return reject on "NAS-Prompt-User"
Service-Type requests (Console login using RADIUS as backend)
*
PacketFence now allows limiting the number of times a user can
request an sms message
*Bug Fixes*
* Fixed old MAC addresses being left on port-security enabled ports in
a RADIUS + port-security environment
* Fixed firewall rule that allows httpd.portal to be reached on
management IP when pre-registration enabled
* Fixed creating a new file from the Portal Profile GUI in a subdirectory
* Improved log rotation handling
* Fixed previewing templates in the admin GUI
* Fixed bulk applying of roles and violations in the admin GUI
* Fixed importing of nodes when no pid is given
* Added a cleanup of trailing and leading spaces of the posted
username during the login
* Fixed wrong regex to detect ifindex in Cisco switches
* Honor order of profiles when matching profile filters
* Fixed URI based portal profiles
* Fixed XSS vulnerabilities in the portal
* Refresh node page after updating a node
* Fixed multiple pfdhcplistener spawning
* Fixed double display of the user page
* Fixed displaying of rules description after updating source
* Removed executable bit on some files which do not require it
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-4.6.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-4.6.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)