Ludovic Marcotte
2015-11-23 18:47:53 UTC
The Inverse team is pleased to announce the immediate availability of
PacketFence 5.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* New device detection through TCP fingerprinting
* New DHCPv6 fingerprinting through Fingerbank
* New RADIUS filter engine to return custom attributes based on rules
* Security Onion integration
* Paypal payment is now supported in the captive portal
* Stripe payment and subscriptions are now supported in the captive portal
*Enhancements*
* New pfqueue service based on Redis to manage asynchronous tasks
* Memcached has been replaced by Redis for all caching
* pfdetect can now be configured through the administration interface
* Added ability to detect hostname changes using the information in
the DHCP packets
* Added the ability to create not equal conditions in LDAP sources
* DoS mitigation on the captive portal through mod_evasive
* Load balancing in an active/active process now uses a dedicated process
* Authentication and accounting are now in two different RADIUS processes
* Reworked violation triggers creation in the administration interface
so itâs more user friendly
* Added the ability to create combined violation triggers which allow
to trigger a violation based off multiple attributes of a node
* Suricata alerts can now trigger a violation based on the alert
category or description instead of only the ID of the alert
* Added ability to e-mail device owner as a violation action
*
The PacketFence syslog parser (pfdetect) has been reworked to allow
multiple logs to be parsed concurrently
* New ntlm_auth wrapper will log authentication latency to StatsD
automatically
* Handle Microsoft Windows based captive-portal detection mechanisms
* Manage pfdhcplistener status with keepalived and run pfdhcplistener
on all clusterâs members
* New portal profile filter (sub connection type)
* Added switch IP and description in the available columns in the node
list view
* Use SNMP to determine the ifIndex based on the NAS-Port-Id
* Improved metrics now track SQL queries, LDAP queries, and more
granular metrics in RADIUS AAA
* Added support for Nessus 6 scan engine
* Added documentation for the Cisco iOS XE switches
* Reworked existing billing providers to be PCI compliant
* Billing providers are now part of the authentication sources
* Billing tiers are now stored in the configuration instead of the
source code files
* Billing sources can now be used with other authentication sources on
the same portal profile
* DHCP packet processing is now fully done asynchronously to allow
more PPS in the pfdhcplistener
*Bug Fixes (bug Id is denoted with #id)*
* Fixed log rotation issue with the carbon daemons
* Fixed LLDP phone detection if only telephone capability is enabled
(#964)
* Fixed keepalived and iptables configuration for portal interfaces
* Fixed improper httpd status code being set
* Removed the node delete button
* Fixed detection if the device asks for a portal per URI
* Fixed 3Com switches ifIndex calculation in stack mode using SNMP
* Not-found users will now be cached when using the caching in an LDAP
source (#978)
* Updating a node puts an invalid entry in the voip field
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
PacketFence 5.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence ?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:http://www.packetfence.org/about/overview.html
Changes Since Previous Release
*New Features*
* New device detection through TCP fingerprinting
* New DHCPv6 fingerprinting through Fingerbank
* New RADIUS filter engine to return custom attributes based on rules
* Security Onion integration
* Paypal payment is now supported in the captive portal
* Stripe payment and subscriptions are now supported in the captive portal
*Enhancements*
* New pfqueue service based on Redis to manage asynchronous tasks
* Memcached has been replaced by Redis for all caching
* pfdetect can now be configured through the administration interface
* Added ability to detect hostname changes using the information in
the DHCP packets
* Added the ability to create not equal conditions in LDAP sources
* DoS mitigation on the captive portal through mod_evasive
* Load balancing in an active/active process now uses a dedicated process
* Authentication and accounting are now in two different RADIUS processes
* Reworked violation triggers creation in the administration interface
so itâs more user friendly
* Added the ability to create combined violation triggers which allow
to trigger a violation based off multiple attributes of a node
* Suricata alerts can now trigger a violation based on the alert
category or description instead of only the ID of the alert
* Added ability to e-mail device owner as a violation action
*
The PacketFence syslog parser (pfdetect) has been reworked to allow
multiple logs to be parsed concurrently
* New ntlm_auth wrapper will log authentication latency to StatsD
automatically
* Handle Microsoft Windows based captive-portal detection mechanisms
* Manage pfdhcplistener status with keepalived and run pfdhcplistener
on all clusterâs members
* New portal profile filter (sub connection type)
* Added switch IP and description in the available columns in the node
list view
* Use SNMP to determine the ifIndex based on the NAS-Port-Id
* Improved metrics now track SQL queries, LDAP queries, and more
granular metrics in RADIUS AAA
* Added support for Nessus 6 scan engine
* Added documentation for the Cisco iOS XE switches
* Reworked existing billing providers to be PCI compliant
* Billing providers are now part of the authentication sources
* Billing tiers are now stored in the configuration instead of the
source code files
* Billing sources can now be used with other authentication sources on
the same portal profile
* DHCP packet processing is now fully done asynchronously to allow
more PPS in the pfdhcplistener
*Bug Fixes (bug Id is denoted with #id)*
* Fixed log rotation issue with the carbon daemons
* Fixed LLDP phone detection if only telephone capability is enabled
(#964)
* Fixed keepalived and iptables configuration for portal interfaces
* Fixed improper httpd status code being set
* Removed the node delete button
* Fixed detection if the device asks for a portal per URI
* Fixed 3Com switches ifIndex calculation in stack mode using SNMP
* Not-found users will now be cached when using the caching in an LDAP
source (#978)
* Updating a node puts an invalid entry in the voip field
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-5.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-5.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the
sources:http://www.packetfence.org/development/sourcecode.html
Documentation about the installation and configuration of PacketFence is
also available:http://www.packetfence.org/documentation/
How Can I Help ?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (http://www.inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)