PacketFence 3.0发布

On 2011年09月23日, in soft, by netoearth

开源网络访问控制系统PacketFence发布了3.0版屏幕截图)。 主要新特性包括:重新设计强制网络门户(captive portal),更具弹性的客户端处理(临时密码、自注册、预注册,扩展API),引入in-line 支持,用RADIUS记账跟踪节点网络带宽使用,Web管理界面可直接浏览日志,支持RedHat Enterprise Linux 6/CentOS 6,支持Snort 2.9.x,等等。

PacketFence is a fully supported, trusted, Free and Open Source network
access control (NAC) system. Boosting an impressive feature set including:

 * Registration and remediation through a captive portal
 * Detection of abnormal network activities using Snort IDS
 * Proactive vulnerability scans using Nessus
 * Isolation of problematic devices
 * 802.1X for wired and wireless networks
 * Wireless integration for all provided features
 * Supports complex and heterogeneous environments
 * VoIP / IP Telephony support and more!

A set of screenshots is available from
http://www.packetfence.org/tour/screenshots.html and a set of videos is
available from http://www.packetfence.org/tour/videos.html

=== Important upgrade notice ===

 * BACKUP YOUR /usr/local/pf/ BEFORE UPGRADING. Several paths have
changed with this release and an RPM upgrade will REMOVE your templates
and remediation pages. See UPGRADE for more information.
 * Removed the central concept of mode (ARP, DHCP or VLAN). PacketFence
can now operate in multiple modes simultaneously. This new concept is
called enforcement and is specified per interface in pf.conf. This
affects the default configuration for all installation. Reading the
UPGRADE file is recommended.
 * Removed support for Apache prior to version 2.2.0 (#828)
 * Removed support for jpgraph 1.x, 2.x which bumps our dependency to
PHP 5.1

=== Changes Since Previous Release ===

In a nutshell, we have a redesigned captive portal, complete guest
management including self-registration of devices by email activation or
SMS and pre-registered guest creation by administrators. Also added a
new feature to allow PacketFence to secure network access on
unmanageable (consumer) devices (so-called inline enforcement).
Bandwidth tracking with RADIUS accounting, RedHat Enterprise Linux
(RHEL) / CentOS 6 support and several usability improvements are in
there as well. Finally we took the big three-point-ohh opportunity to
fix several things that annoyed us but that were breaking changes.

Here are the gory details:

New Hardware Support
 * Avaya/Nortel switches now support the floating network device feature
 * Avaya Wireless Controller support
 * Dlink DWL Access-Point support
 * LG-Ericsson iPecs 4500 support for port-security and MAC
Authentication/802.1X
 * Netgear FGS Series support for port-security

New features
 * Major update to the captive portal look and feel! More modern and
professional. Cleaner XHTML/CSS makes customization a lot easier than
before. Also, all user-visible URLs are now clean and short (no more
cgi-bin/... clutter). (#980, #982, #1114)
 * Flexible guest handling (covering temporary passwords,
self-registration, pre-registration, extension API, etc.)
 * Introduced in-line support: firewall based access control with
captive portal. Use this complementary technique when you cannot use
VLAN enforcement. (#1227)
 * Ability to view log files from the Web Administration interface (#1080)
 * PacketFence now takes care of the local firewall configuration on the
server
 * Captive portal authentication modules are versioned, validated on
startup and have customizable names
 * New default_auth parameter will be the default authentication module
selected if you have multiple authentication back-end enabled in auth
 * Simplification of the captive portal translation (#822, #1114)
 * RADIUS Accounting for tracking node bandwidth usage
 * RedHat Enterprise Linux 6 / CentOS 6 support (#1244)
 * Snort 2.9.x support

Enhancements
 * Captive portal usability improvements for both users and administrators
 * pfcmd and web administration performance improvements by avoiding
duplicate loading of some configuration files
 * Configuration simplification (#1051, #1182)
 * FreeRADIUS package now does the certificate boostrapping process (#1226)
 * Named isolation and registration zones now automatically generated on
startup based on networks.conf's DNS entry (#1105)
 * Simplified Apache configuration
 * Improved installer.pl and configurator.pl
 * Included the jpgraph PHP library. Simplifies installation from source.
 * More start-up validation in `pfcmd checkup` (#1031, #1191, #1252)
 * Improved error-handling, reduced number of Perl warnings, added tests
(#1266)
 * Improved Filesystem Hierarchy Standard (FHS) compliance (#762)
 * Improves PHP 5.3.x support, relates to distro portability too (#1211,
#1244, #1251: Thanks to Philipp Snizek)
 * Migrated bin/flip.pl into a bin/pfcmd_vlan subcommand
 * Added ldap port option to Web Admin LDAP (AD) authentication
 * New controllerIp network device parameter will make it simpler to
support wireless hardware working in bridged mode
 * New DHCP fingerprints for Mac OS X Lion, Fedora 14, Polycom, Aastra,
LifeSize, Nortel, Polycom and Snom Conferencing and VoIP, Ubuntu 11.04,
Belkin Wireless Router, HP ProCurve switches, Androids, Zebra, Kyocera,
HP and Xerox printers, NEC Projectors, Polycom Video Conferencing and
Paradox Card Access module
 * Developer documentation to add Floating Network Devices support to
switches
 * Minor usability improvements

Bug fixes
 * Fixed issues with several switches if node MAC address falls into an
Hex to ASCII printable range (#1098)
 * Renaming Nortel ERS modules (#1238)
 * Fixed Avaya/Nortel switches problems on ERS2500 / ERS4500 (at least)
 * Fixed OS violations regression introduced in 2.2.0
 * Fixed nessus scans don't work with bin/pfcmd as a setuid/setgid (#1087)
 * Fixed custom VLAN assignments relying on connection_type failing on
"unknown" nodes (#1231)
 * Fixed problematic default grace period for System scan violation
 * Fixed configurator.pl does not show interfaces without IP address (#1221)
 * Fixed issue to detect the shell prompt MeruOS 4.1 or greater (#1232)
 * Fixed issues with wireless hardware not sending a NAS-Port parameter
(#1229)
 * Fixed Apache configuration problems on non RHEL / CentOS platforms
 * Fixed other cases of warnings from our FreeRADIUS module
 * jpgraph version bump to 3.0.7. Fixes RHEL 6 issues. (#1244)
 * Fixed silent failure when deleting a person with associated nodes (#1265)
 * Fixed encoding issues in the captive portal (#1115)
 * Fixed redirect loop on the captive portal if VLAN reassignment failed
(#1260)
 * Fixes issues with accentuated characters and single quotes in some
captive portal strings
 * Fixed accidental stop/restart of services because administrative
where done in GET instead of POST (#1119)
 * Fixed help not visible in the Web Admin when using Internet Explorer
(#1256)
 * Fixed missing exportation icon in the Web Admin when using Internet
Explorer (#1255)
 * Cisco C3560 now heritates the Cisco C2960 code
 * Fixed distro portability problems (#1185, #1187, #1248)
 * Fixed snort pidpath (#1258)
 * Additional fixes to nessus scans
 * Interim fixes (#1239, #1240, #1263, #1268, #1269)
 * Missing "named" in the pfcmd help

Translations
 * Updated Spanish (es) translation (Thanks to Juan Camilo Valencia)

... and more. See the ChangeLog file for the complete list of changes
and the UPGRADE file for notes about upgrading. Both files are in the
PacketFence distribution.

=== Getting PacketFence ===

PacketFence is free software and is distributed under the GNU GPL. As
such, you are free to download and try it by either getting the new
release from:

http://www.packetfence.org/download/releases.html

or by getting the sources from the official monotone server using the
instructions at
http://www.packetfence.org/development/source_code_reposi...

Documentation about the installation and configuration of PacketFence is
available from:

http://www.packetfence.org/documentation/

=== How Can I Help ? ===

PacketFence is a collaborative effort in order to create the best Free
and Open Source NAC solution. There are multiple ways you can contribute
to the project:

 * Documentation reviews, enhancements and translations
 * Feature requests or by sharing your ideas
 * Participate in the discussion on mailing lists
(http://www.packetfence.org/support/community.html)
 * Patches for bugs or enhancements
 * Provide new translations of remediation pages

=== Getting Support ===

For any questions, do not hesitate to contact us by writing to
support@inverse.ca

You can also fill our online form
(http://www.inverse.ca/about/contact.html) and a representative from
Inverse will contact you.

Inverse offers professional services to organizations willing to secure
their wired and wireless networks with the PacketFence solution.

We told you our next release was going to be big! Have fun with this one
and let us know how it goes!
-- 
Olivier Bilodeau
obilodeau@inverse.ca  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
Tagged with:  

Comments are closed.