PacketFence 12.2 released

March 8, 2023

The Inverse team is pleased to announce the immediate availability of PacketFence 12.2 - a minor release bringing interesting improvements!

ContentKeeper firewall SSO support

We are excited to announce that PacketFence is able to send SSO requests to ContentKeeper and update it in order to apply policies to end devices for internet access.

Added support for Unifi OS controllers

We are also proud to annouce that PacketFence now supports Unifi OS controllers by adjusting the port and adding a prefix path.

Added support for downloadable ACLs on Cisco and Dell switches

PacketFence is now able to send Downloadable ACLs to Cisco and Dell switches. When the ACLs exceed the size of the RADIUS reply, PacketFence can trigger the downloadable ACLs and send a chuck of ACLs through multiples access-challenges.

Here’s the complete list of changes included in this release:

New Features

• Added ContentKeeper firewall SSO support
• Added support for Unifi OS controllers (#7368)
• Added support for downloadable ACLs on Cisco and Dell switches

Enhancements

• Allow ProxySQL to be configured to connect to a single external database
• Allow image files to be uploaded to a connection profile
• Added System Service and Systemd buttons in Admin UI
• Online/offline no longer relies on bandwidth accounting
• Pending Security Events added to network threats visualization
• Expose the fingerbank_info variable to all HTML portal templates (#7460)
• VLAN filter actions can now be done synchronously (#7351)
• Support for wired connections on Ruckus SmartZone
• Improve support of WebAuth on Aruba AP (#7470)
• Allow configurability of using the connector during firewall SSO
• New api call /api/v1/config/role/{role_id}/bulk_reevaluate_access
• Add warnings/errors when updating ACLs for roles and switches
• Azure SAML integration documentation
• Change log-levels of Perl services using environment variable (#7487)
• Containerize pfacct service
• Add not_before to PKI certificates (#7454)

Bug Fixes

• Force the destination IP for UDP packets going through the pfconnector (#7323)
• Clear the active dynamic reverses that exist when a pfconnector reconnects
• OpenID Authentication Source - Duplicated Username (#7399)
• Unable to upgrade to Debian 11.6 with PF 11.X and 12.X (#7438)
• Trust server certificates when provisioning Apple devices for EAP-TLS (#7428)
• Use WPA2 in place of WPA when provisioning Apple devices (#7428)
• Creating/modifying/deleting a syslog forwarder prompts to restart rsyslog in the admin (#6532)
• Fixed UTF-8 encoding in email body (#7422)
• Escape quotes in LDAP passwords (AD source: complex passwords prevent RADIUS to start #3976)
• Use the proper file extensions when uploading SAML config files. (ZEN 12.1 - XML file renamed on upload #7439)
• Return immediately after an async job is complete (Rework pfqueue results polling #7175)
• Fixed issue with Aruba dACL, only the first ACL was shown in the port
• ZEN 12.1 installations will generate a new RADIUS key after a reboot (#7568)
• Disable DNS lookup in sudo to prevent API timeouts and interfaces not detected (#7403)
• RADIUS source+pfconnector is not working in admin context (#7550)

See the complete list of changes and the upgrade guide file for notes about upgrading.

This release is considered ready for production use and upgrading from previous versions is strongly advised.