New Features
- New device detection through TCP fingerprinting
- New DHCPv6 fingerprinting through Fingerbank
- New RADIUS filter engine to return custom attributes based on rules
- Security Onion integration
- Paypal payment is now supported in the captive portal
- Stripe payment and subscriptions are now supported in the captive portal
Enhancements
- New pfqueue service based on Redis to manage asynchronous tasks
- Memcached has been replaced by Redis for all caching
- pfdetect can now be configured through the administration interface
- Added ability to detect hostname changes using the information in the DHCP packets
- Added the ability to create 'not equal' conditions in LDAP sources
- DoS mitigation on the captive portal through mod_evasive
- Load balancing in an active/active process now uses a dedicated process
- Authentication and accounting are now in two different RADIUS processes
- Reworked violation triggers creation in the administration interface so it's more user friendly
- Added the ability to create combined violation triggers which allow to trigger a violation based off multiple attributes of a node
- Suricata alerts can now trigger a violation based on the alert category or description instead of only the ID of the alert
- Added ability to e-mail device owner as a violation action
- The PacketFence syslog parser (pfdetect) has been reworked to allow multiple logs to be parsed concurently
- New ntlm_auth wrapper will log authentication latency to StatsD automatically
- Handle Microsoft Windows based captive-portal detection mecanisms
- Manage pfdhcplistener status with keepalived and run pfdhcplistener on all cluster's members
- New portal profile filter (sub connection type)
- Added switch IP and description in the available columns in the node list view
- Use SNMP to determine the ifindex based on the Nas-Port-Id
- Improved metrics now track SQL queries, LDAP queries, and more granular metrics in RADIUS AAA
- Added support for Nessus 6 scan engine
- Added documentation for the Cisco iOS XE switches
- Reworked existing billing providers to be PCI compliant
- Billing providers are now part of the authentication sources
- Billing tiers are now stored in the configuration instead of the source code files
- Billing sources can now be used with other authentication sources on the same portal profile
- DHCP packet processing is now fully done asynchronously to allow more PPS in the pfdhcplistener
Bug Fixes (bug Id is denoted with #id)
- Fixed log rotation issue with the carbon daemons
- Fixed LLDP phone detection if only telephone capability is enabled (#964)
- Fixed keepalived and iptables configuration for portal interfaces
- Fixed improper httpd status code being set
- Removed the node delete button
- Fixed detection if the device asks for a portal per URI
- Fixed 3Com switches ifIndex calculation in stack mode using SNMP
- Not-found users will now be cached when using the caching in an LDAP source (#978)
- Updating a node puts an invalid entry in the voip field