Download PacketFence 10.1.0

An NAC system can be used to secure a network environment. This allows network devices to be automatically blocked, based on pre-set policies, if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread, or an authorized device that is loaded with another operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x, finger bank and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. The developers have released version 10.1.0.

New Features

• Live log viewer from admin interface
• Fully tenant-aware admin interface
• Support for MS-CHAP authentication for CLI/VPN access
• New pfcertmanager service that generates certificate files from configuration

Enhancements

• EAP configuration template – add a way to define multiples EAP profiles in FreeRADIUS
• New action for AD/LDAP sources to set role when user is not found
• Provide an advanced LDAP condition to allow custom LDAP queries
• The captive portal can now feed HTTP client hints to the Fingerbank collector
• Added ability to enable/disable a network anomaly detection policy (#5403)
• Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement
• Individual source rules can be disabled
• Support for Dell N1500 starting from 6.6.0.10
• CoA support for Ubiquiti Unifi AP
• Added a way to define the Unifi AP by IP or IP range
• Use the value of an LDAP attribute as a role
• Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
• The /api/v1/radius_attributes endpoint is now searchable
• Proxy the captive portal detection URL when the device is registered
• Choose which EAP profile to use based on the realm
• LDAPs basedn can be defined in the authentication sources rules
• New hooks for the RADIUS filter engine in eduroam virtual server
• Redefined “restart” in the service manager to allow “PartOf” in systemd scripts
• Set role from source authentication rule option (needs #5459)
• Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)
• RADIUS request attributes / username are part of the common attributes
• Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file
• Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules
• Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules
• Added a way to extend the LDAP filter for searchattributes configuration
• Documentation for EAP profile selection
• Documentation for regex realm
• Documentation for new action/condition in LDAP authentication
• Moved the VLAN filters example as default disabled VLAN filter
• Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
• OpenID pid mapping is now configurable
• Can map OpenID attributes to a person attributes
• Allow to create authentication rules based on OpenID attributes

Bug Fixes

• Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
• Barracuda NG firewall SSO SSH fails (#4828)
• Impossible to set multiple access level in administration rule (#5440)
• Fixed pf-maint.pl when its running behind a proxy (#3425 )
• Fix vendor attributes not being sent from Switch Template (#5453)
• Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to ‘0000-00-00 00:00:00’