PacketFence v10 released

April 16, 2020

The Inverse team is pleased to announce the immediate availability of PacketFence v10. This is a major release with new features, enhancements and bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes included in this release:

New Features

• Added support for network anomaly detection through Fingerbank
• New, fully integrated PacketFence PKI service
• New service for automatic clustering issue resolution
• New GUI for all filtering engines and switch templates
• New API and Vue.js based step-by-step configurator
• Added VMware Airwatch support

Enhancements

• Added suppport to run integration tests using Cumulus Linux and libvirt
• Added the ability to autoregister and assign a role to a device authorized in a provisioner
• Added the ability to control whether or not a provisioner should be enforcing (i.e. ensuring all devices matching it are authorized with it)
• Added the ability to sync the PID of devices authorized in a provisioner (only for Airwatch and JAMF)
• Add single sign-on support for Cisco ISE-PIC
• Support for MySQL as DHCP pool backend and provide active/active DHCP support
• Support Aruba switches using Aruba OS 16.10
• Added a new Meru controller module that supports RADIUS RFC3576 (RADIUS Disconnect)
• CLI login to Juniper switches
• Allow to configure VoIP RADIUS attributes in switch templates
• All configuration files have a copyright without year to avoid useless rpmnew or dpkg-dist files each yearly upgrade
• Improved Unifi deauthentication using HTTP
• Set TTL to 5 seconds when the host match with a captive portal detection host
• Enable tracking configuration service by default
• Better captive portal detection for Samsung devices
• Faster captive portal detection for Apple devices
• Routes are now managed by the keepalived service
• Parking security event can now be triggered without limitation
• Added a way to change the SQL table used by pfconfig
• Showing the configurator is now configurable (#5121)
• Node deletion in consistent between the the API and pf::node::node_delete (#5088)
• Allow VLAN number greater than 1023 for floating devices
• Improved captive-portal health checks in monit (#5185)
• Added RADIUS disconnect for wired port on Aruba AP (#5016)
• Switch templates can now use SNMP up/down to perform access reevaluation (#5197)
• HAProxy now serves the admin gui, httpd.admin disabled by default
• Reports are now tenant-aware
• Security events can be triggered when running node maintenance task (#4948)
• Added parameter to prevent external portal requests from updating the ip4log (#5336)
• Added new WMI examples

Bug Fixes

• Fixed logic to move MAC address to another port (Avaya)
• Fix serialization of the switch when calling ReAssignVlan/desAssociate
• Prevent double restart when setting the port admin status of an EX2300 Juniper switch
• Sponsor field is missing on sponsored users when using forced sponsor (#5171)
• Some DHCP info triggers use outdated Fingerbank data (#5106)
• Issue with the timezone in the admin not being honored on the system (#5205)
• Issue with chrome who don’t show the portal on self signed certificate (#5233)
• Issue with RADIUS CLI access and ldap authentication source where the cache is enabled (#5018)
• Distribute pfsnmp trap jobs between queues based off switch id (#5004)
• Deleting a portal profile doesn’t cleanup its templates (#793)
• pfacct doesn’t report metrics to dashboard (#5267)

See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.