Voor het beveiligen van een netwerkomgeving kan onder andere een nac -systeem worden ingezet. Hiermee kunnen, op basis van vooraf ingestelde policies, automatisch netwerkapparaten worden geblokkeerd als zich een ongewenste situatie voordoet. Denk daarbij aan onbekende netwerkapparaten van bezoekers, een worm die zich probeert te verspreiden, of een geautoriseerd apparaat dat via een bootflop of live-cd van een ander besturingssysteem is voorzien. PacketFence is zo'n nac-systeem, met ondersteuning voor 802.1x, Fingerbank en vlan isolation, waarmee een netwerkapparaat na analyse in het juiste vlan kan worden geplaatst. De ontwikkelaars hebben versie 10.1.0 uitgebracht.

New Features Live log viewer from admin interface

Fully tenant-aware admin interface

Support for MS-CHAP authentication for CLI/VPN access

New pfcertmanager service that generates certificate files from configuration Enhancements EAP configuration template - add a way to define multiples EAP profiles in FreeRADIUS

New action for AD/LDAP sources to set role when user is not found

Provide an advanced LDAP condition to allow custom LDAP queries

The captive portal can now feed HTTP client hints to the Fingerbank collector

Added ability to enable/disable a network anomaly detection policy (#5403)

Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement

Individual source rules can be disabled

Support for Dell N1500 starting from 6.6.0.10

CoA support for Ubiquiti Unifi AP

Added a way to define the Unifi AP by IP or IP range

Use the value of an LDAP attribute as a role

Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter

The /api/v1/radius_attributes endpoint is now searchable

Proxy the captive portal detection URL when the device is registered

Choose which EAP profile to use based on the realm

LDAP's basedn can be defined in the authentication sources rules

New hooks for the RADIUS filter engine in eduroam virtual server

Redefined "restart" in the service manager to allow "PartOf" in systemd scripts

Set role from source authentication rule option (needs #5459)

Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)

RADIUS request attributes / username are part of the common attributes

Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file

Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules

Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules

Added a way to extend the LDAP filter for searchattributes configuration

Documentation for EAP profile selection

Documentation for regex realm

Documentation for new action/condition in LDAP authentication

Moved the VLAN filters example as default disabled VLAN filter

Use PUT for node reevaluate_access to fix issue with admin_role actions mapping

OpenID pid mapping is now configurable

Can map OpenID attributes to a person attributes

Allow to create authentication rules based on OpenID attributes Bug Fixes Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)

Barracuda NG firewall SSO SSH fails (#4828)

Impossible to set multiple access level in administration rule (#5440)

Fixed pf-maint.pl when its running behind a proxy (#3425 )

Fix vendor attributes not being sent from Switch Template (#5453)

Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to '0000-00-00 00:00:00'