Voor het beveiligen van een netwerkomgeving kan onder andere een nac-systeem worden ingezet. Hiermee kunnen, op basis van vooraf ingestelde policies, automatisch netwerkapparaten worden geblokkeerd als zich een ongewenste situatie voordoet. Denk daarbij aan onbekende netwerkapparaten van bezoekers, een worm die zich probeert te verspreiden of een geautoriseerd apparaat dat via een bootflop of live-cd van een ander besturingssysteem is voorzien. PacketFence is zo'n nac-systeem, met ondersteuning voor 802.1x en vlan isolation, waarmee een netwerkapparaat na analyse in het juiste vlan kan worden geplaatst. De ontwikkelaars hebben versie 8.0.1 uitgebracht, met de volgende veranderingen:
Version 8.0.1
EnhancementsBug Fixes
- Update the computername (hostname) of a node using the Fingerbank Collector data
- Detect uplinks based on CDP flag instead of a string
- Put etcd in its own directory
Version 8.0.0
- Fixed issue with device profiling not being performed when an endpoint connects for the first time
- Fixed missing timeout when performing RADIUS SSO (FortiGate, CheckPoint, WatchGuard)
- Fixed issue with API frontend when initially configuring the webservices username and password
- packetfence-haproxy-portal and packetfence-tc systemd service in a wrong target
- Custom routing with inline enforcement fails silently (#3215)
- Nessus 6 scanner
- haproxy-db only listens on IPv6 interface (Debian) (#3208)
- Fixed packetfence-local-auth
- Fixed DNS passthrough for normal domains (was considered as a wildcard)
- Winbind fails to start because of a permission issues on /var/run/samba/winbindd in the chroots
- Update from 7.4 to 8.0 audit log file not there (#3216)
- Fixed unreg on RADIUS accounting stop (#3220)
- Allow nodes without roles to be modified when restricting allowed role (#3217)
- Fixed speed issues with node search in the admin
- Fixed missing timeout for RADIUS sources tests in pfstats
New FeaturesEnhancements
- Replaced the ISC DHCP server with a new Golang-based DHCP server (PR #2911)
- Now supporting inline enforcement in active/active clusters (PR #2911)
- Replaced pfdns with a new Golang-based DNS server (PR #2911)
- Allow an inline network to be split by the roles in PacketFence allowing to put specific devices in a distinct broadcast network (PR #2911)
- DNS routing (PR #2911)
- Dashboard metrics are now based on Netdata (PR #2935)
- Traffic shaping support for inline enforcement (PR #2803)
- Added a configuration parameter to allow to unregister a device on an accounting stop (PR #2685)
- Added CLI support on Aruba 5400 switches (PR #2965)
- Username stripping (removing the realm) is now configurable via the realms instead of the sources
- PacketFence integration with JAMF API for Apple computers and mobile devices management (PR #2797)
- Added an HTTP JSON API
Bug Fixes
- Distribute pfdhcplistener tasks among cluster members (PR #2887) (#2858)
- Removed pfsetvlan
- Now allowing to use the RADIUS accounting cache when in cluster mode
- Guest Portal validate_phone_number check not work (#2783)
- A management user can override an account that was not created by him (#2883)
:strip_exif()/i/1330029972.png?f=thumbmedium)