Software update: PacketFence 7.4.0

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. The developers have released version 7.4.0 with the following changes:

New Features

• New database access layer (DAL) for upcoming multi-tenancy support
• New portal module to permanently set roles (PR #2490)
• Added portal module for selecting a role for the device being registered on the portal (PR #2471)
• Added support for Allied Telesis GS950 switches (PR #1866)
• Added ability to update the firewall SSO on RADIUS accounting packets (PR #2662)
• Added a way to define a VLAN by role as a VLAN pool using a VLAN range (PR #2675)

Enhancements

• Added cloning capability in connection profiles (PR #2814) (#2809)
• Read and write timeouts for LDAP connections can now be set (#2613) (PR #2614)
• Keepalive can be configured to detect its peers via unicast instead of multicast (PR #2794)
• Suggest violation identifier when adding a new violation (#2804) (PR #2807)
• Create a priority queue
• Move ReAssignVlan and desAssociate API calls to the priority queue
• Added connection profile SSID filter suggestions based on all the previous SSIDs that have been seen in the locationlog (#2758) (PR #2771)
• Added a description to the switches in the nodes side navigation (#2791) (PR #2795)
• Improved configuration of the captive portal timer bar (via the captive_portal section of pf.conf) (#383) (PR #2762)
• (AD Powershell scripts) Enforce use of TLS in the powershell scripts which is required with the last versions of PacketFence (PR #2788)
• (AD Powershell scripts) Cycle through all the possible Active Directory usernames formats in PacketFence (PR #2788)
• Removed old authentication code sources (#2610)
• Added rule description in listing (#2619)
• Improved documentation (PR #2774) (#2773)
• Set a timeout for database queries for the admin to avoid long running queries slowing the system (#2630) (PR #2659)
• Documentation improvement about MySQL advanced parameters (#266)
• Enhanced localization support in violation module (PR #2759)
• Improved the haproxy HTTP process monitoring
• Improved cluster maintenance script to perform necessary system changes to have the node in maintenance

Bug Fixes

• Moved add and delete buttons to the left to avoid the being cutoff (#2678)
• Fixed “Admin: Multiple ‘Device Type’ options in Nodes tab” (#2789) (PR #2793)
• Configurator: when using a different database name, the fingerbank.conf MySQL section is not updated (#2665) (PR #2787)
• rlm_perl modules are now using syslog instead writing directly to the file (PR #2609#2609, feature/logger-pipe)
• Prevent a valid PID from being overwritten at the end of the portal registration if the new PID is default (#2825)
• Auth log is not set to completed after email registration (#2648) (PR #2649)
• Fixed redirects when previewing profiles that use OAuth source (#2882) (PR #2908)