Roadmap

Continuous improvement of PacketFence is important in order to provide the best Open Source NAC solution. The following items are part of our short term roadmap:

  • Add support for more switches, access points and wireless controllers
  • Provide Debian and Ubuntu packages (almost there!)
  • Improve Web GUI access control:
    • Fetch roles from LDAP instead of relying on a local file
    • Hide menus or options that are unavailable to users
    • Add the ability to edit access rights through the Web interface
  • Improve the OS/devices recognition when fingerprints are identical. For example: Xbox 360 and Wii (#1060 [External]: pfdhcplistener DHCP Vendor support)
  • Handle proxied Internet access when updating DHCP fingerprints and IEEE OUI's mechanism (#1048 [External]: Proxy-support for pfcmd update <fingerprint|oui>)
  • Improve Aruba integration:
    • Leverage blacklist feature instead of returning -1 VLAN for node banning
    • Leverage the logon role (HTTP traffic redirector) making it easier to integrate captive portal for network administrators familiar with Aruba hardware (now possible with custom role handling)
    • Rogue wireless devices isolation
  • Add the ability to extend core components (node.pm, node/custom.pm)
  • Improve the performance of pfcmd (will impact both CLI and Web Admin performance)
  • Integration with VPN
  • nmap integration as a scanning engine

Long Term

  • Initial configuration Web-based instead of through command line (in progress)
  • Rewrite the Web Admin GUI (started)
  • Active - Active clustering support
  • Use DBIx::Class
  • Migrate core object model to Moose

Research

  • Create or integrate a dissolvable or persistent security agent
  • Add IF-MAP support (protocol used to store, correlate, and retrieve identity, access control, and security posture information about users and devices on a network)
  • Support more NAC specifications (TCG's TNCC, IF-IMC, IF-T, IF-TNCCS)
  • Integration with OpenDPI (http://opendpi.org/ [External])
  • Support more authentication scheme on the Captive Portal
    • OpenID (challenging due to lack of Internet access on registration)
    • SAML
    • YubiKey
    • YubiHSM

Your feedback is always welcome! If you would like to discuss this roadmap, please send your ideas or questions to the PacketFence development mailing list [External] or directly to support(at)inverse.ca.