Ludovic Marcotte
2017-01-30 22:36:15 UTC
The Inverse team is pleased to announce the immediate availability of
PacketFence v6.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:https://packetfence.org/about.html
Changes Since Previous Release
*New Features*
* Twilio support as authentication source (PR#1951)
* New Redis driven cache for NTLM (Active Directory) 802.1X
authentications (PR#1885)
*
New Firewall SSO for WatchGuard (PR#1851)
* Syslog based SSO support for Palo Alto firewalls (PR#1859)
*
Ubiquiti EdgeSwitch support (PR#1816)
* New syslog receiver to update the iplog from Infoblox and ISC DHCP
syslog lines (PR#1868)
* Can now specify specific ports for passthroughs (#1078/PR#1926)
*Enhancements*
* Added a RADIUS filter scope for VoIP devices (PR#1807)
* Ability to customize the OU in which the machine account will be
created (#1927)
* Added new routes service to manage static routes (PR#1891)
* Added an authentication source that prompts for the password of a
predefined user (PR#1810)
* Added Aruba webauth documentation (PR#1949)
* Eduroam authentication sources can now match rule (PR#1940)
* Maintenance patching can now use git in order to ignore files that
shouldnât be patched via the maintenance script (#807/PR#1931)
* Can now print multiple guest passes per page without the AUP in the
administration interface (#1409/PR#1930)
* Allow to whitelist unregistered devices from violations (#1278/PR#1929)
* Changed password.valid_from default value to "0000-00-00 00:00:00"
so its value is valid across the whole application (#1920/PR#1922)
* Added Percona xtrabackup restore procedure documentation (#1646/PR#1919)
* Added a way to track if files backups and database backup succeeded
(PR#1904)
* pfmon will not register and start a process for disabled task (PR#1899)
* Added a way to define two different ports for disconnect and CoA
(PR#1894)
* Configurator database step now takes care of
mysql_secure_installation (PR#1878)
* Improved clustering guide for MariaDB and systemd (PR#1875)
* Added a portal module action to skip other actions (PR#1869)
* Reduced p0f CPU usage (PR#1867)
* Updated collectd in order to have new graphs (PR#1863)
* Do not "match" a rule if "requested" action if not configured in it
(#1858/PR#1861)
* Improved monit checks accuracy (PR#1849)
* Rate limited the DHCP listener processes to prevent specific devices
from performing a denial of service on the DHCP listening processes
(#1722/PR#1845)
* Improved performance of radacct database table cleanup (PR#1839)
* Email templates can now be specified on a per-portal basis
(#1322/PR#1823)
* Added CLI login support for HP Procurve switches (#1710)
*
Added support for Ruckus SmartZone using web auth enforcement
* Revamped default colours of the captive portal to a more
neutral/grayish theme
* Revamped default captive portal CSS stylesheet
*Bug Fixes*
* Fixed iplog rotation retention configuration not always using the
right param (#1896)
* Reworked and "simplified" the logic of filtering authentication
source for a realm (PR#1943)
* Ability to customize the OU in which the machine account will be
created (#1927/PR#1928)
* Now limiting dates to 2038-01-18 in admin interface (#1126/PR#1923)
* Remove unused configfile database table (PR#1902)
* Enable haproxy on portal interface (PR#1893)
* Prevent logging failure from making a process die (#1734/PR#1862)
* pfmon should run on every server in active-active (#1852/PR#1853)
* Removed the use of pf::cache::cached (#695/PR#1820)
* Removed error when we receive a RADIUS request to test the RADIUS
status (PR#1803)
* Refactored pf::node::node_register to add return code and status
code/message (#1797/PR#1798)
* Removed unused traplog database table (#367/PR#1785)
* RADIUS disconnect doesnât work on the Ruckus switch module
(#1971/PR#1988)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-6.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-6.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:https://packetfence.org/download.html
Documentation about the installation and configuration of PacketFence is
also available:https://packetfence.org/support/index.html#/documentation
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
PacketFence v6.5.0. This is a major release with new features,
enhancements and important bug fixes. This release is considered ready
for production use and upgrading from previous versions is strongly advised.
What is PacketFence?
PacketFence is a fully supported, trusted, Free and Open Source Network
Access Control (NAC) solution. Boasting an impressive feature set,
PacketFence can be used to effectively secure small to very large
heterogeneous networks.
Among the features provided by PacketFence, there are:
* powerful BYOD (Bring Your Own Device) capabilities
* state-of-the art devices fingerprinting with Fingerbank
* multiple enforcement methods including Role-Based Access Control
(RBAC) and hotspot-style
* compliance checks for endpoints present on your network
* integration with various vulnerability scanners, intrusion detection
solutions, security agents and firewalls
* bandwidth accounting for all devices
A complete overview of the solution is available from the official
website:https://packetfence.org/about.html
Changes Since Previous Release
*New Features*
* Twilio support as authentication source (PR#1951)
* New Redis driven cache for NTLM (Active Directory) 802.1X
authentications (PR#1885)
*
New Firewall SSO for WatchGuard (PR#1851)
* Syslog based SSO support for Palo Alto firewalls (PR#1859)
*
Ubiquiti EdgeSwitch support (PR#1816)
* New syslog receiver to update the iplog from Infoblox and ISC DHCP
syslog lines (PR#1868)
* Can now specify specific ports for passthroughs (#1078/PR#1926)
*Enhancements*
* Added a RADIUS filter scope for VoIP devices (PR#1807)
* Ability to customize the OU in which the machine account will be
created (#1927)
* Added new routes service to manage static routes (PR#1891)
* Added an authentication source that prompts for the password of a
predefined user (PR#1810)
* Added Aruba webauth documentation (PR#1949)
* Eduroam authentication sources can now match rule (PR#1940)
* Maintenance patching can now use git in order to ignore files that
shouldnât be patched via the maintenance script (#807/PR#1931)
* Can now print multiple guest passes per page without the AUP in the
administration interface (#1409/PR#1930)
* Allow to whitelist unregistered devices from violations (#1278/PR#1929)
* Changed password.valid_from default value to "0000-00-00 00:00:00"
so its value is valid across the whole application (#1920/PR#1922)
* Added Percona xtrabackup restore procedure documentation (#1646/PR#1919)
* Added a way to track if files backups and database backup succeeded
(PR#1904)
* pfmon will not register and start a process for disabled task (PR#1899)
* Added a way to define two different ports for disconnect and CoA
(PR#1894)
* Configurator database step now takes care of
mysql_secure_installation (PR#1878)
* Improved clustering guide for MariaDB and systemd (PR#1875)
* Added a portal module action to skip other actions (PR#1869)
* Reduced p0f CPU usage (PR#1867)
* Updated collectd in order to have new graphs (PR#1863)
* Do not "match" a rule if "requested" action if not configured in it
(#1858/PR#1861)
* Improved monit checks accuracy (PR#1849)
* Rate limited the DHCP listener processes to prevent specific devices
from performing a denial of service on the DHCP listening processes
(#1722/PR#1845)
* Improved performance of radacct database table cleanup (PR#1839)
* Email templates can now be specified on a per-portal basis
(#1322/PR#1823)
* Added CLI login support for HP Procurve switches (#1710)
*
Added support for Ruckus SmartZone using web auth enforcement
* Revamped default colours of the captive portal to a more
neutral/grayish theme
* Revamped default captive portal CSS stylesheet
*Bug Fixes*
* Fixed iplog rotation retention configuration not always using the
right param (#1896)
* Reworked and "simplified" the logic of filtering authentication
source for a realm (PR#1943)
* Ability to customize the OU in which the machine account will be
created (#1927/PR#1928)
* Now limiting dates to 2038-01-18 in admin interface (#1126/PR#1923)
* Remove unused configfile database table (PR#1902)
* Enable haproxy on portal interface (PR#1893)
* Prevent logging failure from making a process die (#1734/PR#1862)
* pfmon should run on every server in active-active (#1852/PR#1853)
* Removed the use of pf::cache::cached (#695/PR#1820)
* Removed error when we receive a RADIUS request to test the RADIUS
status (PR#1803)
* Refactored pf::node::node_register to add return code and status
code/message (#1797/PR#1798)
* Removed unused traplog database table (#367/PR#1785)
* RADIUS disconnect doesnât work on the Ruckus switch module
(#1971/PR#1988)
Seehttps://github.com/inverse-inc/packetfence/commits/packetfence-6.5.0for
the complete change log.
See the UPGRADE file for notes about
upgrading:https://github.com/inverse-inc/packetfence/tree/packetfence-6.5.0/UPGRADE.asciidoc
Getting PacketFence
PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release or by getting the sources:https://packetfence.org/download.html
Documentation about the installation and configuration of PacketFence is
also available:https://packetfence.org/support/index.html#/documentation
How Can I Help?
PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:
* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
*
Participate in the discussion on mailing lists
(https://packetfence.org/support/index.html#/community)
* Patches for bugs or enhancements
* Provide new translations of remediation pages
Getting Support
For any questions, do not hesitate to contact us by writing
***@inverse.ca <mailto:***@inverse.ca>
You can also fill our online form (https://inverse.ca/#contact) and a
representative from Inverse will contact you.
Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.
--
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) and Fingerbank (http://fingerbank.org)
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) and Fingerbank (http://fingerbank.org)