PacketFence v4.3.0 - Free and Open Source network access control (NAC) solution | KitPloit - PenTest Tools for your Security Arsenal!



Thursday, July 17, 2014

on
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks. 

Here are the changes in 4.3.0:
New Features
  • Added MAC authentication support for Edge-corE 4510
  • Added support for Ruckus External Captive Portal
  • Support for Huawei S2700, S3700, S5700, S6700, S7700, S9700 switches
  • Added support for LinkedIn and Windows Live as authentication sources
  • Support for 802.1X on Juniper EX2200 and EX4200 switches
  • Added support for the Netgear M series switches
  • Added support to define SNAT interface to use for passthrough
  • Added Nessus scan policy based on a DHCP fingerprint
  • Added support to unregister a node if the username is locked or deleted in Active Directory
  • Fortinet FortiGate and PaloAlto firewalls integration
  • New configuration parameters in switches.conf to use mapping by VLAN and/or mapping by role
Enhancements
  • When validating an email confirmation code, use the same portal profile initially used by to register the device
  • Removed old iptables code (ipset is now always used for inline enforcement)
  • MariaDB support
  • Updated WebAPI method
  • Use Webservices parameters from PacketFence configuration
  • Use WebAPI notify from pfdhcplistener (faster)
  • Improved Apache SSL configuration forbids SSLv2 use and prioritzes better ciphers
  • Removed CGI-based captive portal files
  • For device registration use the source used to authenticate for calculating the role and unregdate (bugid:1805)
  • For device registration, we set the "NOTES" field of the node with the selected type of device (if defined)
  • On status page check the portal associated to the user and authenticate on the sources included in the portal profile
  • Merge pf::email_activation and pf::sms_activation to pf::activation
  • Removed unused table switchlocation
  • Deauthentication and firewall enforcement can now be done throught the web API
  • Added support to configure high-availability from within the configurator/webadmin
  • Changed the way we’re handling DNS blackholing when unregistered in inline enforcement mode (using DNAT rather than REDIRECT)
  • Now handling rogue DHCP servers based both on the server IP and server MAC address
Bug Fixes
  • Fixed pfdetectd not starting because of stale pid file
  • Fixed SQL join with iplog in advanced search of nodes
  • Fixed unreg date calculation in Catalyst captive portal
  • Fixed allowed_device_types array in device registration page (bugid:1809)
  • Fixed VLAN format to comply with RFC 2868
  • Fixed possible double submission of the form on the billing page
  • Fixed db upgrade script to avoid duplicate changes to locationlog table
See the ChangeLog file for the complete list of changes.
See the UPGRADE file for notes about upgrading.




Subscribe via e-mail for updates!