v10.3.0

New Features

• Static routes management via admin gui
• Aruba CX support
• Aruba 2930M Web Authentication and Dynamic ACL support (#6158)
• Meraki DPSK support
• Ruckus DPSK support
• Support for Ruckus SmartZone MAC authentication in non-proxy modes (#6201)
• Bluesocket support (#5878)
• Support for SCEP in pfpki (#6213)

Enhancements

• Improved the failover mechanisms when an Active Directory or LDAP server is detected as dead
• Expiration of the local accounts created on the portal can now be set on the source level
• pfacct and radiusd-acct can now both be enabled together (radiusd-acct proxies to pfacct)
• Added CoA support to Aerohive module
• Added role based enforcement (Filter-Id) support to Extreme module
• Use Called-Station-SSID attribute as the SSID when possible
• Added CLI login support to Huawei switch template
• Added detectionBypass in DNS resolver (#6028)
• Improve support of Android Agent for EAP-TLS and EAP-PEAP
• Improve CLI login support on HP and Aruba switches
• Use the "Authorization" header when performing API calls to Github in the OAuth context
• Replace xsltproc/fop by asciidoctor-pdf (#5968)
• FortiGate Role Based Enforcement (#5645)
• Add support for roles (RBAC) for Ruckus WLAN controllers (#2530)
• Upgrade to go version 1.15 (#6044)
• Build ready-to-use Vagrant images for integration tests and send them to Vagrant cloud (#6099)
• Documentation to configure Security Onion 2.3.10
• Added integration tests for 802.1X wireless and wireless MAC authentication (#6114)
• Restrict create, update, and delete operations to the default and global tenant users (#6075)
• Remove pftest MySQL tuner (#6130)
• Allow Netflow address to be configured (#6139)
• Deprecated fencing whitelist
• Description field for L2 and routed networks (#5829)
• Updated Stripe integration to use Stripe Elements (API v3) (#6121)
• Added Cisco WLC 9800 configuration documentation
• Inheritance on parent role on Role and Web Auth
• Enhance CLI login on SG300 switches
• Enable/disable the natting traffic for inline networks
• Remove unused table userlog (#6170)
• Clarifications on Ruckus Role-by-Role capabilities (#6201)
• DNS/IP attributes in pfpki certificates (#6213)
• Additional template attributes in certificate profile (#6213)
• Remove unused table inline_accounting (#6171)
• Make pfdhcplistener tenant aware (#6204)
• Upgrade to MariaDB 10.2.37 (#6149)

Bug Fixes

• Switch defined by MAC address are not processed by pfacct in cluster mode (#5969)
• Restart switchport return TRUE if MAC address is not found in locationlog for bouncePortCoA (#6013)
• Switch template: CLI authorize attributes ignored (#6009)
• ubiquiti_ap_mac_to_ip task doesn't update expires_at column in chi_cache table (#6004)
• A switch can't override switch group values using default switch group values (#5998)
• web admin: timer_expire and ocsp_timeout are not displayed correctly (#5961)
• web admin: Realm can't be selected as a filter on a connection profile (#5959)
• API: remove a source doesn't remove rules from authentication.conf (#5958)
• web admin: high-availability setting is not display correctly when editing an interface (#5963)
• SSIDs are not hidden by default when creating a provisioner (#5952)
• with_aup is correctly displayed on GUI (#5954)
• web admin: sender is wrong when you use Preview feature (#6023)
• sponsor guest registration: unexpected strings in email subject (#3669)
• Use the proper attribute name for Mikrotik in returnRadiusAccessAccept (#6051)
• Audit log: profile has an empty value when doing Ethernet/Wireless-NoEAP (#5977)
• pfacct stores 00:00:00:00:00:00 MAC in DB when Calling-Station-ID is XXXX-XXXX-XXXX (#6109)
• Update the location log when the Called-Station-Id changes (#6045)
• Only enable NetFlow in iptables if NetFlow is enabled (#6080)
• Firewall SSO: take username from accounting data if available in place of database (#6148)