diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 98729602fb2b..2fa86010d8e5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,14 +25,15 @@ stages:
 ################################################################################
 variables:
   # synced with Pipeline timeout in GitLab UI
-  PIPELINE_TIMEOUT: 170m
+  PIPELINE_TIMEOUT_SCRIPT: 160m
+  PIPELINE_TIMEOUT_AFTER_SCRIPT: 10m
   BUILD_PFAPPSERVER_VUE: "yes"
   PFBUILD_CENTOS_8_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-centos-8
   PFBUILD_DEB_BULLSEYE_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-debian-bullseye
   KANIKO_DEBUG_IMG: gcr.io/kaniko-project/executor:debug
+  KANIKOBUILD_IMG: ghcr.io/inverse-inc/packetfence/kaniko-build
   KNK_REGISTRY: ghcr.io
   KNK_REGISTRY_URL: ${KNK_REGISTRY}/inverse-inc/packetfence
-  KNK_CACHE: "true"
   PFBUILD_DEFAULT_DEV_TAG: latest
   CIDIR: ci
   CILIBDIR: ci/lib
@@ -274,11 +275,38 @@ variables:
 .build_img_docker_job:
   stage: build_img
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${PACKERDIR} build_img_docker_pfbuild
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${PACKERDIR} build_img_docker_pfbuild
   tags:
     - shell
 
-.build_img_container_job:
+.build_img_container_job_dev:
+  stage: build_img_container
+  dependencies: []
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  script:
+    - /bin/kanikobuild
+  tags:
+    - docker
+
+.build_img_container_job_br_maint:
+  stage: build_img_container
+  dependencies: []
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  script:
+    - /bin/kanikobuild
+  tags:
+    - docker
+
+.build_img_container_job_rel:
+  stage: build_img_container
+  dependencies: []
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_TAG}
+  script:
+    - /bin/kanikobuild
+  tags:
+    - docker
+
+.build_img_container_kanikobuild_job:
   stage: build_img_container
   dependencies: []
   image:
@@ -295,9 +323,9 @@ variables:
     RESULT_DIR: /var/local/gitlab-runner/vagrant_img
     BOX_DESC: ${CI_PIPELINE_URL}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} clean
   tags:
     - shell
     - inverse.ca
@@ -443,6 +471,7 @@ variables:
   script:
     - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-release
     - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-export
+    - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-ci-lib
   tags:
     - shell
 
@@ -465,8 +494,7 @@ variables:
     name: sourceforge
     url: ${SF_ZEN_REPO_URL}/${CI_COMMIT_REF_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} clean
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} clean_cache
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${ZENDIR} clean_all
   dependencies: []
   tags:
     - shell
@@ -476,7 +504,7 @@ variables:
   environment:
     name: sourceforge
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${ISODIR} clean
   dependencies: []
   tags:
     - shell
@@ -487,9 +515,9 @@ variables:
     RESULT_DIR: /var/local/gitlab-runner/vagrant_img
     BOX_DESC: ${CI_PIPELINE_URL}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} clean
   dependencies: []
   tags:
     - inverse.ca
@@ -507,9 +535,9 @@ variables:
   variables:
     VAGRANT_COMMON_DOTFILE_PATH: /var/local/gitlab-runner/vagrant/vagrant-common-${CI_COMMIT_REF_SLUG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${TESTDIR} MAKE_TARGET=run ${CI_JOB_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${TESTDIR} MAKE_TARGET=run ${CI_JOB_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} ${TESTCIDIR}/clean-test-environment.sh
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} ${TESTCIDIR}/clean-test-environment.sh
 
 ################################################################################
 # JOBS
@@ -528,17 +556,26 @@ run_pipeline_if_necessary:
 # BUILD_IMG_CONTAINER JOBS
 ########################################
 # devel
+kaniko_dev:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .build_img_container_devel_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
+
 pfdeb_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
+  needs: ["kaniko_dev"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
 
 pfdeb_based_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["pfdeb_dev"]
   variables:
@@ -568,8 +605,9 @@ pfdeb_based_dev:
 
 img_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
+  needs: ["kaniko_dev"]
   variables:
     IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
   parallel:
@@ -579,7 +617,7 @@ img_dev:
 
 rad_based_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["pfdeb_based_dev"]
   variables:
@@ -594,17 +632,26 @@ rad_based_dev:
           - "radiusd-eduroam"
 
 # branches and maintenance
+kaniko_br_maint:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .build_img_container_branches_and_maintenance_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
+
 pfdeb_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
+  needs: ["kaniko_br_maint"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
 
 pfdeb_based_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["pfdeb_br_maint"]
   variables:
@@ -634,8 +681,9 @@ pfdeb_based_br_maint:
 
 img_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
+  needs: ["kaniko_br_maint"]
   variables:
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
   parallel:
@@ -645,7 +693,7 @@ img_br_maint:
 
 rad_based_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["pfdeb_based_br_maint"]
   variables:
@@ -660,17 +708,26 @@ rad_based_br_maint:
           - "radiusd-eduroam"
 
 # release
+kaniko_rel:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .release_only_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: ${CI_COMMIT_TAG}
+
 pfdeb_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
+  needs: ["kaniko_rel"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: ${CI_COMMIT_TAG}
 
 pfdeb_based_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["pfdeb_rel"]
   variables:
@@ -698,19 +755,20 @@ pfdeb_based_rel:
           - "proxysql"
 
 img_rel:
- extends:
-   - .build_img_container_job
-   - .release_only_rules
- variables:
+  extends:
+    - .build_img_container_job_rel
+    - .release_only_rules
+  needs: ["kaniko_rel"]
+  variables:
    IMAGE_TAGS: ${CI_COMMIT_TAG}
- parallel:
-   matrix:
-     - IMAGE_NAME:
+  parallel:
+    matrix:
+      - IMAGE_NAME:
           - "fingerbank-db"
 
 rad_based_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["pfdeb_based_rel"]
   variables:
@@ -1419,13 +1477,13 @@ build_pf_img_zen_devel_branches_and_maintenance:
     - .build_pf_img_zen_job
     - .build_pf_img_zen_devel_branches_and_maintenance_rules
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} zen-deb11
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ZENDIR} zen-deb11
 
 build_pf_img_zen_release:
   extends:
     - .build_pf_img_zen_job
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} zen-deb11
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ZENDIR} zen-deb11
   # workaround for https://forum.gitlab.com/t/specify-when-at-job-level-with-a-job-that-has-rules/4769
   rules:
     - if: '$CI_COMMIT_TAG'
@@ -1440,7 +1498,7 @@ build_pf_img_iso_devel_branches_and_maintenance:
   environment:
     url: ${SF_ISO_REPO_URL}/${CI_COMMIT_REF_SLUG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} iso
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ISODIR} iso
 
 build_pf_img_iso_release:
   extends:
@@ -1450,7 +1508,7 @@ build_pf_img_iso_release:
   environment:
     url: ${SF_ISO_REPO_URL}/${CI_COMMIT_TAG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} iso
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ISODIR} iso
   # workaround for https://forum.gitlab.com/t/specify-when-at-job-level-with-a-job-that-has-rules/4769
   rules:
     - if: '$CI_COMMIT_TAG'
diff --git a/Makefile b/Makefile
index 06895265bddd..f4a0c1c5fc56 100644
--- a/Makefile
+++ b/Makefile
@@ -321,6 +321,20 @@ pfconnector_remote_install:
 	make -C $(SRC_GODIR) pfconnector
 	install -v -m 0755 $(SRC_GODIR)/pfconnector $(DESTDIR)$(PFCONNECTOR_BINDIR)/pfconnector
 
+# install -D will automatically create target directories
+# SRC_RELATIVE_CILIBDIR is used to only get relative paths from PF source tree
+# $$file in destination of install command contain relative path
+.PHONY: ci_lib_install
+ci_lib_install:
+	@echo "create directories under $(DESTDIR)$(CIDIR)"
+	install -d -m0755 $(DESTDIR)$(CIDIR)
+	install -d -m0755 $(DESTDIR)$(CILIBDIR)
+
+	@echo "install $(SRC_RELATIVE_CILIBDIR) files"
+	for file in $(shell find $(SRC_RELATIVE_CILIBDIR) -type f); do \
+            install -v -m 0644 $$file -D $(DESTDIR)$(PF_PREFIX)/$$file ; \
+	done
+
 # packetfence-export package
 .PHONY: distclean-packetfence-export
 distclean-packetfence-export:
@@ -358,3 +372,8 @@ material: DESTDIR=result
 material:
 	mkdir -p $(CURDIR)/$(DESTDIR)
 	perl $(SRC_ADDONSDIR)/dev-helpers/bin/switch_options_table.pl > $(CURDIR)/$(DESTDIR)/material.html
+
+html/captive-portal/profile-templates/default/logo.png:
+	mkdir -p html/captive-portal/profile-templates/default
+	cp html/common/packetfence-cp.png /usr/local/pf/html/captive-portal/profile-templates/default/logo.png
+
diff --git a/NEWS.asciidoc b/NEWS.asciidoc
index 5dd5388b401d..c29b3b9b7a0c 100644
--- a/NEWS.asciidoc
+++ b/NEWS.asciidoc
@@ -29,8 +29,14 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 
 === Enhancements
 
+ * Allow proxysql to be configure to connect to a single external database.
+ * Allow image files to be uploaded in a connection profile.
+
 === Bug Fixes
 
+ * Force the destination IP for UDP packets going through the pfconnector (#7323)
+ * Clear the active dynamic reverses that exist when a pfconnector reconnects
+
 == Version 12.1.0 released on 2022-11-22
 
 === New Features
diff --git a/addons/vagrant/requirements.yml b/addons/vagrant/requirements.yml
index 9d8946bce434..c3d444d3fe66 100644
--- a/addons/vagrant/requirements.yml
+++ b/addons/vagrant/requirements.yml
@@ -2,7 +2,7 @@
 # versions in roles should be equals to tags
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.2
+    version: v1.3.5
 
 # For roles, to test locally with Vagrant (due to --force option)
 # Ansible will create an export, not a symlink to git repository
@@ -21,7 +21,7 @@ collections:
   - name: inverse_inc.cumulus
     version: 1.1.1
   - name: inverse_inc.utils
-    version: 1.1.1
+    version: 1.1.2
   - name: inverse_inc.wireless
     version: 0.2.2
 
diff --git a/ci/lib/upload/deploy-artifacts.sh b/ci/lib/upload/deploy-artifacts.sh
index ccd93849f975..7de21223d43a 100755
--- a/ci/lib/upload/deploy-artifacts.sh
+++ b/ci/lib/upload/deploy-artifacts.sh
@@ -149,6 +149,22 @@ packetfence_export_deploy() {
     done
 }
 
+packetfence_ci_lib_deploy() {
+    # Deb (only)
+    for release_name in $(ls $DEB_RESULT_DIR); do
+        src_dir="$DEB_RESULT_DIR/${release_name}"
+        dst_repo="$DEB_BASE_DIR/debian"
+        dst_dir="$DEPLOY_USER@$DEPLOY_HOST:$dst_repo"
+        pf_ci_lib_deb_file=$(basename $(ls $src_dir/packetfence-ci-lib*))
+        pf_ci_lib_deb_dest_name=${PF_CI_LIB_DEB_DEST_NAME:-"packetfence-ci-lib_${PF_MINOR_RELEASE}.deb"}
+        declare -p src_dir dst_dir pf_ci_lib_deb_file pf_ci_lib_deb_dest_name
+
+        echo "scp: ${src_dir}/${pf_ci_lib_deb_file} -> ${dst_dir}/${pf_ci_lib_deb_dest_name}"
+        scp "${src_dir}/${pf_ci_lib_deb_file}" "${dst_dir}/${pf_ci_lib_deb_dest_name}" \
+            || die "scp failed"
+    done
+}
+
 ppa_deploy() {
     # warning: slashs at end of dirs are significant for rsync
     src_dir="$PUBLIC_DIR/"
@@ -185,6 +201,7 @@ case $1 in
     deb) deb_deploy ;;
     packetfence-release) packetfence_release_deploy ;;
     packetfence-export) packetfence_export_deploy ;;
+    packetfence-ci-lib) packetfence_ci_lib_deploy ;;
     ppa) ppa_deploy ;;
     website) website_deploy ;;
     *)   die "Wrong argument"
diff --git a/ci/packer/provisionners_pfbuild/requirements.yml b/ci/packer/provisionners_pfbuild/requirements.yml
index 04e9ec18f807..edf3b21a9117 100644
--- a/ci/packer/provisionners_pfbuild/requirements.yml
+++ b/ci/packer/provisionners_pfbuild/requirements.yml
@@ -1,3 +1,4 @@
 ---
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
+    version: v1.3.5
diff --git a/ci/packer/vagrant_img/provisioners/requirements.yml b/ci/packer/vagrant_img/provisioners/requirements.yml
index ea5dc9dd6401..ad3e23153c09 100644
--- a/ci/packer/vagrant_img/provisioners/requirements.yml
+++ b/ci/packer/vagrant_img/provisioners/requirements.yml
@@ -1,6 +1,7 @@
 ---
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
+    version: v1.3.5
   - src: geerlingguy.nodejs
     version: 6.0.0
 
diff --git a/ci/packer/zen/Makefile b/ci/packer/zen/Makefile
index b288fe1c2889..80b3da8c9381 100644
--- a/ci/packer/zen/Makefile
+++ b/ci/packer/zen/Makefile
@@ -32,6 +32,9 @@ zen:
 	VM_NAME=$(VM_NAME) \
 	./build-and-upload.sh
 
+.PHONY: clean_all
+clean_all: clean clean_cache
+
 .PHONY: clean
 clean:
 	rm -rf $(RESULT_DIR)
diff --git a/conf/documentation.conf b/conf/documentation.conf
index 83586f919981..18346b9b38e3 100644
--- a/conf/documentation.conf
+++ b/conf/documentation.conf
@@ -1012,6 +1012,17 @@ Comma delimited IPv4 address of other member mysql members - note that this is o
 the database.
 EOT
 
+[database_proxysql.status]
+type=toggle
+options=enabled|disabled
+
+[database_proxysql.cacert]
+type=path
+ext=crt
+
+[database_proxysql.backend]
+type=text
+
 [database.unix_socket]
 type=text
 description=<<EOT
@@ -1841,6 +1852,19 @@ description=<<EOT
 Process bandwidth accounting.
 EOT
 
+[radius_configuration.pfacct_workers]
+type=numeric
+options=enabled|disabled
+description=<<EOT
+The number of workers proccessing accounting packets.
+EOT
+
+[radius_configuration.pfacct_work_queue_size]
+type=numeric
+description=<<EOT
+The size of the queue for each worker.
+EOT
+
 [dns_configuration.record_dns_in_sql]
 type=toggle
 options=enabled|disabled
diff --git a/conf/httpd.conf.d/httpd.portal.tt.example b/conf/httpd.conf.d/httpd.portal.tt.example
index d6167d6988a7..5f1fc92858f9 100644
--- a/conf/httpd.conf.d/httpd.portal.tt.example
+++ b/conf/httpd.conf.d/httpd.portal.tt.example
@@ -150,7 +150,7 @@ Listen [% vhost %]:80
      [% IF captive_portal.secure_redirect %]
      RewriteEngine On
      RewriteCond %{REQUEST_URI} !^/access.* [NC]
-     RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+     RewriteCond %{HTTP:X-Forwarded-Proto} !https
      RewriteCond %{HTTP:X-Forwarded-For-PacketFence} =""
      RewriteCond %{HTTPS} !=on
      RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults
index b24aead8e3f3..34b285eb6a38 100644
--- a/conf/pf.conf.defaults
+++ b/conf/pf.conf.defaults
@@ -302,6 +302,23 @@ pass=[% ENV.env_or_default("PF_MYSQL_PASS", "packet") %]
 # Path to the database UNIX socket
 unix_socket=[% ENV.env_or_default("PF_MYSQL_UNIX_SOCKET", "/var/lib/mysql/mysql.sock") %]
 
+[database_proxysql]
+#
+# database_proxysql.status
+#
+#
+status=disabled
+#
+# database_proxysql.cacert
+#
+#
+cacert=
+#
+# database_proxysql.backend
+#
+#
+backend=
+
 [database_advanced]
 #
 # database_advanced.key_buffer_size
@@ -1367,6 +1384,14 @@ local_auth=disabled
 #
 # Process bandwidth accounting.
 process_bandwidth_accounting = disabled
+# radius_configuration.pfacct_workers
+#
+# The number of workers proccessing accounting packets.
+pfacct_workers = 5
+# radius_configuration.pfacct_work_queue_size
+#
+# The size of the queue for each worker.
+pfacct_work_queue_size = 1000
 
 [dns_configuration]
 #
diff --git a/conf/pfcron.conf.defaults b/conf/pfcron.conf.defaults
index 2697f19e3634..ce189aef30b8 100644
--- a/conf/pfcron.conf.defaults
+++ b/conf/pfcron.conf.defaults
@@ -827,7 +827,7 @@ schedule=@every 1m
 # batch
 #
 # How many bandwidth_accounting entries to clean up in one run
-batch=100
+batch=1000
 #
 # timeout
 #
diff --git a/conf/profiles.conf.defaults b/conf/profiles.conf.defaults
index e6c69573884b..c02aa5ab6a67 100644
--- a/conf/profiles.conf.defaults
+++ b/conf/profiles.conf.defaults
@@ -8,7 +8,7 @@
 
 [default]
 description=Default Profile
-logo=/common/packetfence-cp.png
+logo=/profile-templates/default/logo.png
 redirecturl=http://www.packetfence.org/
 always_use_redirecturl=disabled
 locale=en_US
diff --git a/conf/proxysql.conf.example b/conf/proxysql.conf.example
index 2aabd302c465..47475fc27be1 100644
--- a/conf/proxysql.conf.example
+++ b/conf/proxysql.conf.example
@@ -66,6 +66,8 @@ mysql_variables=
     commands_stats=true
     sessions_sort=true
 
+[% mysql_ssl_p2s_capath %]
+
 [% monitor %]
 
     monitor_galera_healthcheck_interval=2000
diff --git a/config.mk b/config.mk
index 633cd683b088..6dbae0c13393 100644
--- a/config.mk
+++ b/config.mk
@@ -12,6 +12,8 @@ PFCONNECTOR_PREFIX = $(PREFIX)/pfconnector-remote
 BINDIR = $(PF_PREFIX)/bin
 SBINDIR = $(PF_PREFIX)/sbin
 TESTDIR = $(PF_PREFIX)/t
+CIDIR = $(PF_PREFIX)/ci
+CILIBDIR = $(CIDIR)/lib
 
 # PF connector
 PFCONNECTOR_BINDIR = $(PFCONNECTOR_PREFIX)/bin
@@ -32,6 +34,7 @@ SRC_CI_TESTDIR = $(SRC_CIDIR)/lib/test
 SRC_GODIR = $(SRC_ROOT_DIR)/go
 SRC_TESTDIR= $(SRC_ROOT_DIR)/t
 SRC_RELATIVE_TESTDIR = t
+SRC_RELATIVE_CILIBDIR = ci/lib
 SRC_ADDONSDIR = $(SRC_ROOT_DIR)/addons
 SRC_FULL_IMPORTDIR = $(SRC_ADDONSDIR)/full-import
 SRC_FULL_UPGRADEDIR = $(SRC_ADDONSDIR)/full-upgrade
diff --git a/containers/Makefile b/containers/Makefile
index b2e7e8d7dc4d..1e7313b2de71 100644
--- a/containers/Makefile
+++ b/containers/Makefile
@@ -22,8 +22,8 @@ endif
 .PHONY: run_kaniko
 
 run_kaniko:
-	docker pull gcr.io/kaniko-project/executor:debug
-	docker container run --entrypoint '/busybox/sh' --rm --name "kaniko" --volume="$(SRC_ROOT_DIR)":/workspace -it gcr.io/kaniko-project/executor:debug
+	docker pull ghcr.io/inverse-inc/packetfence/kaniko-build:devel
+	docker container run --entrypoint '/busybox/sh' --rm --name "kaniko" --volume="$(SRC_ROOT_DIR)":/workspace -it ghcr.io/inverse-inc/packetfence/kaniko-build:devel
 
 ### Targets for localdev
 DOCKERFILE_DIRS = $(shell find -type f -name "Dockerfile" -printf "%P\n")
@@ -43,4 +43,4 @@ $(CONTAINER_IMAGES):
 			-e "KNK_REGISTRY_URL=$(KNK_REGISTRY_URL)" \
 			-e "KNK_REGISTRY_USER" -e "KNK_REGISTRY_PASSWORD" \
 			--volume="$(SRC_ROOT_DIR)":/workspace \
-			-it gcr.io/kaniko-project/executor:debug
+			-it ghcr.io/inverse-inc/packetfence/kaniko-build:devel
diff --git a/containers/kaniko-build/Dockerfile b/containers/kaniko-build/Dockerfile
new file mode 100644
index 000000000000..01425635e0f9
--- /dev/null
+++ b/containers/kaniko-build/Dockerfile
@@ -0,0 +1,6 @@
+FROM gcr.io/kaniko-project/executor:debug
+
+COPY containers/kanikobuild /bin/kanikobuild
+RUN chmod +x /bin/kanikobuild
+
+ENTRYPOINT /bin/kanikobuild
diff --git a/containers/kaniko_vars b/containers/kaniko_vars
new file mode 100644
index 000000000000..4d8027db8b43
--- /dev/null
+++ b/containers/kaniko_vars
@@ -0,0 +1,10 @@
+### collect variables needed inside Dockerfile
+
+# returns X.Y
+export PF_VERSION=$(egrep -o '[0-9]+\.[0-9]+' $CI_PROJECT_DIR/conf/pf-release)
+
+# only used for pfdebian build
+export PKGS_TO_EXCLUDE="packetfence|freeradius"
+
+# variables to pass during build
+DOCKFILE_VARS='PF_VERSION KNK_REGISTRY_URL IMAGE_TAG FINGERBANK_BUILD_API_KEY BUILD_PFAPPSERVER_VUE PKGS_TO_EXCLUDE'
\ No newline at end of file
diff --git a/containers/kanikobuild b/containers/kanikobuild
index 64e6c1cf36f7..921e2e8b0a02 100755
--- a/containers/kanikobuild
+++ b/containers/kanikobuild
@@ -6,22 +6,22 @@ set -o nounset -o pipefail -o errexit
 # CI_PROJECT_DIR must be equal to root of PF source tree (full path)
 
 setup_vars() {
-    DOCKFILE_PATH=$CI_PROJECT_DIR/containers/$IMAGE_NAME/Dockerfile
+    # all specific variables need to be defined in kaniko_vars
+    if [ -f "$CI_PROJECT_DIR/containers/kaniko_vars" ]; then
+	source $CI_PROJECT_DIR/containers/kaniko_vars
+    else
+	echo "No specific variables added to build"
+    fi
 
-    ### collect variables needed inside Dockerfile
-    # returns X.Y
-    export PF_VERSION=$(egrep -o '[0-9]+\.[0-9]+' $CI_PROJECT_DIR/conf/pf-release)
+    # necessary if variables are not defined in kaniko_vars or in environment
+    DOCKFILE_PATH=${DOCKFILE_PATH:-"$CI_PROJECT_DIR/containers/$IMAGE_NAME/Dockerfile"}
+    DOCKFILE_VARS=${DOCKFILE_VARS:-}
+    KNK_CACHE=${KNK_CACHE:-true}
 
     # IMAGE_TAG is used inside DockerFile to reference other image
     # only one tag can be used in Dockerfile
     export IMAGE_TAG=$(echo $IMAGE_TAGS | cut -d ',' -f 1)
 
-    # only used for pfdebian build
-    export PKGS_TO_EXCLUDE="packetfence|freeradius"
-
-    # variables to pass during build
-    DOCKFILE_VARS='PF_VERSION KNK_REGISTRY_URL IMAGE_TAG FINGERBANK_BUILD_API_KEY BUILD_PFAPPSERVER_VUE PKGS_TO_EXCLUDE'
-
     echo "Building ${IMAGE_NAME} using ${DOCKFILE_PATH}"
 }
 
@@ -35,15 +35,17 @@ generate_knk_config() {
 # already in the environment
 generate_build_args() {
     local build_args=''
-    for var in ${DOCKFILE_VARS}; do
-      # just to handle case of first iteration
-      if [ -z "$build_args" ]; then 
-        build_args="--build-arg ${var}"
-      else
-        build_args="$build_args --build-arg ${var}"
-      fi
-    done
-    echo "$build_args"
+    if [ -n "${DOCKFILE_VARS}" ]; then
+        for var in ${DOCKFILE_VARS}; do
+          # just to handle case of first iteration
+          if [ -z "$build_args" ]; then
+            build_args="--build-arg ${var}"
+          else
+            build_args="$build_args --build-arg ${var}"
+          fi
+        done
+        echo "$build_args"
+    fi
 }
 
 detect_multi_tags() {
diff --git a/containers/manage-images.sh b/containers/manage-images.sh
index 8264da632a7b..84fdc850e61e 100755
--- a/containers/manage-images.sh
+++ b/containers/manage-images.sh
@@ -24,6 +24,7 @@ configure_and_check() {
                            -not -path "*/pfdebian/*" \
                            -not -path "*/radiusd/*" \
                            -not -path "*/pfconnector-*/*" \
+                           -not -path "*/kaniko-build/*" \
                            -printf "%P\n")
 
     for file in ${DOCKERFILE_DIRS}; do
diff --git a/debian/control b/debian/control
index 26bb66ab437f..82df109919f8 100644
--- a/debian/control
+++ b/debian/control
@@ -202,6 +202,11 @@ Depends: fingerbank-collector-remote (>= 1.4.1)
 Description: PacketFence Connector
  PacketFence Connector files. This package contains all files related to PacketFence Connector.
 
+Package: packetfence-ci-lib
+Architecture: all
+Description: CI librairies used by PacketFence
+ PacketFence CI librairies. This package contains all files related to PacketFence CI librairies.
+
 Package: packetfence-pfcmd-suid
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}
diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst
index c88ee86c6548..8c3de82e9cf2 100644
--- a/debian/packetfence.postinst
+++ b/debian/packetfence.postinst
@@ -54,11 +54,15 @@ case "$1" in
         VERSIONSQL=$(ls pf-schema-* |sort --version-sort -r | head -1)
         ln -f -s $VERSIONSQL ./pf-schema.sql
 
-        #Make ssl certificate
         cd /usr/local/pf
+
+        #Make ssl certificate
         make conf/ssl/server.pem
         chown pf $PACKETFENCE/conf/ssl/server.key
 
+        #Make configurable logo in default profile templates
+        make html/captive-portal/profile-templates/default/logo.png
+
         # Stop packetfence-config during upgrade process to ensure
         # it is started with latest code
         if [ "$(/bin/systemctl show -p ActiveState packetfence-config | awk -F '=' '{print $2}')" = "active" ]; then
@@ -98,6 +102,9 @@ case "$1" in
             echo "pf.conf already exists, won't touch it!"
         fi
 
+        mkdir -p /usr/local/pf/html/captive-portal/profile-templates/default
+        cp /usr/local/pf/html/common/packetfence-cp.png /usr/local/pf/html/captive-portal/profile-templates/default/logo.png
+
         # managing services
         set +e
         for service in apache2 snmptrapfmt freeradius apparmor haproxy keepalived redis-server smbd samba winbind nmbd mysql snmpd netdata collectd proxysql; do
diff --git a/debian/rules b/debian/rules
index e2223d37c591..434c4c98a8ee 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,11 +53,11 @@ install: build
 	# Install all except debian and t directory
 	# dir* to exclude directory itself
 	for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 'docs/*' ! -path 'docs' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig*' \
-	-not -path "addons/full-upgrade*" -not -path "html/common*" -not -path "html/parking*" -type d`; do \
+	-not -path "addons/full-upgrade*" -not -path "html/parking*" -type d`; do \
 		install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \
 	done
 	for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 'docs/*' ! -path 'docs' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig*' \
-	-not -path "addons/full-upgrade/*" -not -path "html/common/*" -not -path "html/parking/*" ! -path 'conf/pfconfig.conf*' ! -path 'conf/redis_cache.conf*' ! -type d`; do \
+	-not -path "addons/full-upgrade/*" -not -path "html/parking/*" ! -path 'conf/pfconfig.conf*' ! -path 'conf/redis_cache.conf*' ! -type d`; do \
 		$(INSTALL) $$i $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \
 	done
 
@@ -77,6 +77,9 @@ install: build
 	# packetfence-pfconnector-remote package
 	make DESTDIR=$(CURDIR)/debian/packetfence-pfconnector-remote pfconnector_remote_install
 
+	# packetfence-ci-lib package
+	make DESTDIR=$(CURDIR)/debian/packetfence-ci-lib ci_lib_install
+
 	# packetfence-config package
 	for i in `find * -path 'lib/pfconfig*' -type d`; do \
 		install -d -m0700 $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/$$i; \
@@ -347,6 +350,14 @@ binary-arch: build install
 
 	# Addon Stress-tester
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/stress-tester/dhcp_test
+
+	# packetfence-ci-lib
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/build/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/check/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/common/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/release/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/test/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/upload/*.sh
 	# packetfence pkg
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.pl
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.sh
diff --git a/docs/PacketFence_Upgrade_Guide.asciidoc b/docs/PacketFence_Upgrade_Guide.asciidoc
index 2724cf48a24a..db628af8a113 100644
--- a/docs/PacketFence_Upgrade_Guide.asciidoc
+++ b/docs/PacketFence_Upgrade_Guide.asciidoc
@@ -83,6 +83,13 @@ For all PacketFence versions prior to 11.0.0, follow the steps described in the
 
 == Apply maintenance patches
 
+=== Important note for cluster environments
+
+In cluster environments, you need to perform following steps on **one server
+at a time**. To avoid multiple moves of the virtual IP addresses, you can start with
+nodes which don't own any virtual IP addresses first. You must ensure all
+services have been restarted correctly before moving to the next node.
+
 === Disable monit alerts (only if monit is installed)
 
 If `monit` is installed and running, shut it down with:
@@ -113,6 +120,10 @@ include::common/upgrade_packages.asciidoc[]
 
 include::common/new_config_files.asciidoc[]
 
+=== Rebooting after services have been stopped (optional)
+
+include::common/reboot.asciidoc[]
+
 === Restart PacketFence services
 
 include::common/restart.asciidoc[]
diff --git a/docs/common/reboot.asciidoc b/docs/common/reboot.asciidoc
new file mode 100644
index 000000000000..40fe7e35906b
--- /dev/null
+++ b/docs/common/reboot.asciidoc
@@ -0,0 +1,24 @@
+If you need to reboot a standalone server or a server from a cluster after services
+have been stopped, make sure you set the systemd target to `multi-user.target`
+before rebooting:
+
+[source,bash]
+----
+systemctl set-default multi-user.target
+----
+
+This will make sure your services don't start up after the reboot. It's also the case for `packetfence-mariadb` service.
+
+Set it back to previous target after it boots up:
+
+.Cluster
+[source,bash]
+----
+systemctl set-default packetfence-cluster.target
+----
+
+.Standalone
+[source,bash]
+----
+systemctl set-default packetfence.target
+----
diff --git a/docs/developer/customizing_packetfence.asciidoc b/docs/developer/customizing_packetfence.asciidoc
index a92474e19aaf..7141a44de05d 100644
--- a/docs/developer/customizing_packetfence.asciidoc
+++ b/docs/developer/customizing_packetfence.asciidoc
@@ -44,35 +44,13 @@ Note that you cannot use the full locale in the template name (i.e. `aup_text.en
 
 ===== Logo
 
-WARNING: If you perform an upgrade from a 11.X version, these steps have been handled by an upgrade script.
+In order to customize the default logo that is shown on the captive portal, go in _Configuration->Policies And Access Control->Connection Profiles->default->Files_. Next, upload your logo at the root of the files. Once it has been uploaded, go in the _Captive Portal_ section of the connection profile and change the 'Logo' field value to `/profile-templates/default/filename-of-your-logo.png`.
 
-In order to display your own logo on captive portal, you need to follow these
-steps on your PacketFence server (or on first node of your cluster):
+Alternatively, you could also delete the existing `logo.png` in the files, then upload your logo and rename it to `logo.png`. Doing so will not require to alter the value of 'Logo' in the connection profile.
 
-. Upload your logo through SSH in [filename]`/tmp/my_logo.png`
-. Run following commands:
+You can also have a different logo per connection profile. In order to do so, upload your logo in the appropriate connection profile, then edit it's 'Logo' value to be `/profile-templates/CONNECTION_PROFILE_ID/filename-of-your-logo.png`.
 
-.Standalone and clusters
-[source,bash]
-----
-mkdir /usr/local/pf/html/captive-portal/profile-templates/default
-cp /tmp/my_logo.png /usr/local/pf/html/captive-portal/profile-templates/default/my_logo.png
-----
-
-.Clusters only
-[source,bash]
-----
-cat >> /usr/local/pf/conf/cluster-files.txt << EOF
-/usr/local/pf/conf/cluster-files.txt
-/usr/local/pf/html/captive-portal/profile-templates/default/my_logo.png
-EOF
-/usr/local/pf/bin/cluster/sync --as-master
-----
-
-Once done, connect to PacketFence web admin and configure `default` connection
-profile (_Configuration -> Policies and Access control -> Connection profiles_) like this:
-
-* Logo: [filename]`/profile-templates/default/logo.png`
+For the best results, your logo size should be approximately 330x75 pixels.
 
 ===== CSS
 
diff --git a/docs/installation/linode/linode.asciidoc b/docs/installation/linode/linode.asciidoc
index 3cfdaa42d46f..4a1480a994cc 100644
--- a/docs/installation/linode/linode.asciidoc
+++ b/docs/installation/linode/linode.asciidoc
@@ -135,7 +135,7 @@ PacketFence Connector released with PacketFence 12.0.0 was not packaged.
 In order to upgrade your PacketFence Connector to a packaged version, you need
 to run following commands:
 
-[source,bash]
+[source,bash,subs="attributes"]
 ----
 echo 'deb http://inverse.ca/downloads/PacketFence/debian/{release_minor} bullseye bullseye' > \
 /etc/apt/sources.list.d/packetfence-pfconnector-remote.list
@@ -157,7 +157,7 @@ systemctl restart packetfence-pfconnector-remote
 
 In order to upgrade PacketFence Connector, you need to run following commands:
 
-[source,bash]
+[source,bash,subs="attributes"]
 ----
 echo 'deb http://inverse.ca/downloads/PacketFence/debian/{release_minor} bullseye bullseye' > \
 /etc/apt/sources.list.d/packetfence-pfconnector-remote.list
diff --git a/go/chisel/main.go b/go/chisel/main.go
index 808b688e9eef..2d866cc2ef9e 100644
--- a/go/chisel/main.go
+++ b/go/chisel/main.go
@@ -412,7 +412,7 @@ func client(args []string) {
 	flags.StringVar(&config.SrcIP, "src-ip", "", "")
 	hostname := flags.String("hostname", "", "")
 	pid := flags.Bool("pid", false, "")
-	verbose := flags.Bool("v", false, "")
+	verbose := flags.Bool("v", (strings.ToLower(os.Getenv("LOG_LEVEL")) == "debug"), "")
 	flags.Usage = func() {
 		fmt.Print(clientHelp)
 		os.Exit(0)
diff --git a/go/chisel/server/server_handler.go b/go/chisel/server/server_handler.go
index d940d18b3294..a2f0d90ae89e 100644
--- a/go/chisel/server/server_handler.go
+++ b/go/chisel/server/server_handler.go
@@ -197,6 +197,8 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
 		return tunnel.BindRemotes(ctx, serverInbound)
 	})
 	if user != nil {
+		l.Infof("Connector %s has just connected to this server", user.Name)
+		settings.ClearActiveDynReverseConnector(ctx, user.Name)
 		activeTunnels.Store(user.Name, tunnel)
 		res := s.redis.Set(fmt.Sprintf("%s%s", s.redisTunnelsNamespace, user.Name), fmt.Sprintf("%s://%s", s.listenProto, req.Context().Value(http.LocalAddrContextKey).(net.Addr).String()), 0)
 		if res.Err() != nil {
diff --git a/go/chisel/share/settings/active_dyn_reverse.go b/go/chisel/share/settings/active_dyn_reverse.go
index c5ff0233a1c9..18f3c7b184ee 100644
--- a/go/chisel/share/settings/active_dyn_reverse.go
+++ b/go/chisel/share/settings/active_dyn_reverse.go
@@ -1,7 +1,12 @@
 package settings
 
 import (
+	"context"
+	"fmt"
+	"strings"
 	"sync"
+
+	"github.com/inverse-inc/go-utils/log"
 )
 
 var ActiveDynReverse = sync.Map{}
@@ -19,3 +24,14 @@ func ClearFromActiveDynReverse(r *Remote) bool {
 	})
 	return cleared
 }
+
+func ClearActiveDynReverseConnector(ctx context.Context, id string) {
+	ActiveDynReverse.Range(func(kInt, v interface{}) bool {
+		k := kInt.(string)
+		if strings.HasPrefix(k, id) {
+			log.LoggerWContext(ctx).Debug(fmt.Sprintf("Clearing %s from ActiveDynReverse", k))
+			ActiveDynReverse.Delete(k)
+		}
+		return true
+	})
+}
diff --git a/go/cmd/pfacct/pfacct.go b/go/cmd/pfacct/pfacct.go
index a9f9c87d6c0f..891dc3f93501 100644
--- a/go/cmd/pfacct/pfacct.go
+++ b/go/cmd/pfacct/pfacct.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"fmt"
 	"net"
+	"strconv"
 	"time"
 
 	cache "github.com/fdurand/go-cache"
@@ -22,6 +23,8 @@ import (
 )
 
 const DefaultTimeDuration = 5 * time.Minute
+const DefaultRadiusWorkers = 5
+const DefaultRadiusWorkQueueSize = 1000
 
 type radiusRequest struct {
 	w          radius.ResponseWriter
@@ -29,7 +32,6 @@ type radiusRequest struct {
 	switchInfo *SwitchInfo
 	status     rfc2866.AcctStatusType
 	mac        mac.Mac
-	done       chan struct{}
 }
 
 type PfAcct struct {
@@ -56,6 +58,8 @@ type PfAcct struct {
 	radiusdAcctEnabled   bool
 	AllNetworks          bool
 	ProcessBandwidthAcct bool
+	RadiusWorkers        int
+	RadiusWorkQueueSize  int
 }
 
 func NewPfAcct() *PfAcct {
@@ -75,7 +79,12 @@ func NewPfAcct() *PfAcct {
 		err = Database.Ping()
 	}
 
-	pfAcct := &PfAcct{Db: Database, TimeDuration: DefaultTimeDuration}
+	pfAcct := &PfAcct{
+		Db:                  Database,
+		TimeDuration:        DefaultTimeDuration,
+		RadiusWorkers:       DefaultRadiusWorkers,
+		RadiusWorkQueueSize: DefaultRadiusWorkQueueSize,
+	}
 	pfAcct.SwitchInfoCache = cache.New(5*time.Minute, 10*time.Minute)
 	pfAcct.NodeSessionCache = cache.New(cache.NoExpiration, cache.NoExpiration)
 	pfAcct.AcctSessionCache = cache.New(5*time.Minute, 10*time.Minute)
@@ -83,7 +92,7 @@ func NewPfAcct() *PfAcct {
 	pfAcct.RadiusStatements.Setup(pfAcct.Db)
 
 	pfAcct.SetupConfig(ctx)
-	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, 5, 10)
+	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, pfAcct.RadiusWorkers, pfAcct.RadiusWorkQueueSize)
 	pfAcct.AAAClient = jsonrpc2.NewAAAClientFromConfig(ctx)
 	//pfAcct.Dispatcher = NewDispatcher(16, 128)
 	pfAcct.runPing()
@@ -154,10 +163,23 @@ func (pfAcct *PfAcct) SetupConfig(ctx context.Context) {
 	var RadiusConfiguration pfconfigdriver.PfConfRadiusConfiguration
 	pfconfigdriver.FetchDecodeSocket(ctx, &RadiusConfiguration)
 	pfAcct.ProcessBandwidthAcct = sharedutils.IsEnabled(RadiusConfiguration.ProcessBandwidthAccounting)
+
 	if !pfAcct.ProcessBandwidthAcct {
 		logInfo(ctx, "Not processing bandwidth accounting records. To enable set radius_configuration.process_bandwidth_accounting = enabled")
 	}
 
+	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorkers, 10, 64); err != nil {
+		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_worker defaulting to '%d'", RadiusConfiguration.PfacctWorkers, pfAcct.RadiusWorkers))
+	} else {
+		pfAcct.RadiusWorkers = int(i)
+	}
+
+	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorkQueueSize, 10, 64); err != nil {
+		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_work_queue_size defaulting to '%d'", RadiusConfiguration.PfacctWorkQueueSize, pfAcct.RadiusWorkQueueSize))
+	} else {
+		pfAcct.RadiusWorkQueueSize = int(i)
+	}
+
 	localSecret := pfconfigdriver.LocalSecret{}
 	pfconfigdriver.FetchDecodeSocket(ctx, &localSecret)
 	pfAcct.localSecret = localSecret.Element
diff --git a/go/cmd/pfacct/radius.go b/go/cmd/pfacct/radius.go
index aebe6fe2d1f8..cee18a8604c0 100644
--- a/go/cmd/pfacct/radius.go
+++ b/go/cmd/pfacct/radius.go
@@ -12,7 +12,9 @@ import (
 	"time"
 
 	"github.com/OneOfOne/xxhash"
+	"github.com/VividCortex/mysqlerr"
 	cache "github.com/fdurand/go-cache"
+	"github.com/go-sql-driver/mysql"
 
 	"github.com/inverse-inc/go-radius"
 	"github.com/inverse-inc/go-radius/dictionary"
@@ -91,15 +93,16 @@ func (h *PfAcct) HandleAccounting(w radius.ResponseWriter, r *radius.Request) {
 	callingStation := rfc2865.CallingStationID_GetString(r.Packet)
 	mac, _ := mac.NewFromString(callingStation)
 	rr := radiusRequest{
-		w:          w,
 		r:          r,
 		status:     status,
 		switchInfo: switchInfo,
 		mac:        mac,
-		done:       make(chan struct{}),
 	}
 
 	h.sendRadiusRequestToQueue(rr)
+	outPacket := r.Response(radius.CodeAccountingResponse)
+	rfc2865.ReplyMessage_SetString(outPacket, "Accounting OK")
+	w.Write(h.AddProxyState(outPacket, r))
 	// h.handleAccountingRequest(w, r, switchInfo, mac)
 	// h.Dispatcher.SubmitJob(Work(func() { h.handleAccountingRequest(r, switchInfo) }))
 }
@@ -107,18 +110,11 @@ func (h *PfAcct) HandleAccounting(w radius.ResponseWriter, r *radius.Request) {
 func (h *PfAcct) sendRadiusRequestToQueue(rr radiusRequest) {
 	queueIndex := djb2Hash(rr.mac[:]) % uint64(len(h.radiusRequests))
 	h.radiusRequests[queueIndex] <- rr
-	<-rr.done
 }
 
 func (h *PfAcct) handleAccountingRequest(rr radiusRequest) {
-	r, w, switchInfo, mac, status := rr.r, rr.w, rr.switchInfo, rr.mac, rr.status
+	r, switchInfo, mac, status := rr.r, rr.switchInfo, rr.mac, rr.status
 	defer h.NewTiming().Send("pfacct.accounting." + rr.status.String())
-	outPacket := r.Response(radius.CodeAccountingResponse)
-	rfc2865.ReplyMessage_SetString(outPacket, "Accounting OK")
-	defer func() {
-		w.Write(h.AddProxyState(outPacket, r))
-		rr.done <- struct{}{}
-	}()
 	ctx := r.Context()
 	in_bytes := int64(rfc2866.AcctInputOctets_Get(r.Packet))
 	out_bytes := int64(rfc2866.AcctOutputOctets_Get(r.Packet))
@@ -586,6 +582,38 @@ func setupStmt(db *sql.DB, stmt **sql.Stmt, sql string) {
 	}
 }
 
+func isErrorRetryable(err error) bool {
+	driverErr, ok := err.(*mysql.MySQLError)
+	if !ok {
+		return false
+	}
+
+	return driverErr.Number == mysqlerr.ER_LOCK_DEADLOCK || driverErr.Number == mysqlerr.ER_LOCK_WAIT_TIMEOUT
+}
+
+func tryExecute(retry int, pause time.Duration, stmt *sql.Stmt, args ...interface{}) (sql.Result, error) {
+	var err error
+	var res sql.Result
+	for retry >= 0 {
+		retry--
+		res, err = stmt.Exec(args...)
+		if err == nil {
+			break
+		}
+
+		if isErrorRetryable(err) {
+			if pause != 0 {
+				time.Sleep(pause)
+			}
+			continue
+		}
+
+		break
+	}
+
+	return res, err
+}
+
 func (rs *RadiusStatements) Setup(db *sql.DB) {
 	setupStmt(db, &rs.switchLookup, `
 		SELECT nasname, secret, unique_session_attributes
@@ -776,7 +804,10 @@ func (h *PfAcct) InsertBandwidthAccounting(status rfc2866.AcctStatusType, node_i
 	var err error
 	if status == rfc2866.AcctStatusType_Value_Start {
 		h.SetAcctSession(node_id, unique_session, &AcctSession{in_bytes: in_bytes, out_bytes: out_bytes})
-		_, err = h.insertBandwidthAccountingStart.Exec(
+		_, err = tryExecute(
+			3,
+			time.Millisecond*10,
+			h.insertBandwidthAccountingStart,
 			node_id,
 			mac,
 			unique_session,
@@ -794,7 +825,10 @@ func (h *PfAcct) InsertBandwidthAccounting(status rfc2866.AcctStatusType, node_i
 		}
 
 		h.SetAcctSession(node_id, unique_session, &AcctSession{in_bytes: in_bytes, out_bytes: out_bytes})
-		_, err = h.insertBandwidthAccountingUpdate.Exec(
+		_, err = tryExecute(
+			3,
+			time.Millisecond*10,
+			h.insertBandwidthAccountingUpdate,
 			node_id,
 			mac,
 			unique_session,
diff --git a/go/cmd/pfdhcp/main.go b/go/cmd/pfdhcp/main.go
index f189c5af3515..24373e186be9 100644
--- a/go/cmd/pfdhcp/main.go
+++ b/go/cmd/pfdhcp/main.go
@@ -222,7 +222,7 @@ func main() {
 	http.Handle("/", httpauth.SimpleBasicAuth(webservices.User, webservices.Pass)(router))
 
 	srv := &http.Server{
-		Addr:        "127.0.0.1:22222",
+		Addr:        ":22222",
 		IdleTimeout: 5 * time.Second,
 		Handler:     router,
 	}
diff --git a/go/go.mod b/go/go.mod
index e6b67d0d0d19..ad756b1d61fd 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -114,6 +114,7 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.0 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
+	github.com/VividCortex/mysqlerr v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bifurcation/mint v0.0.0-20180715133206-93c51c6ce115 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go/go.sum b/go/go.sum
index be73e7fcfec1..17ee679bf4f1 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -84,6 +84,8 @@ github.com/Sereal/Sereal v0.0.0-20200729022450-08708a3c86f3/go.mod h1:D0JMgToj/W
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
+github.com/VividCortex/mysqlerr v1.0.0 h1:5pZ2TZA+YnzPgzBfiUWGqWmKDVNBdrkf9g+DNe1Tiq8=
+github.com/VividCortex/mysqlerr v1.0.0/go.mod h1:xERx8E4tBhLvpjzdUyQiSfUxeMcATEQrflDAfXsqcAE=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
diff --git a/go/httpdportalpreview/httpdportalpreview.go b/go/httpdportalpreview/httpdportalpreview.go
index 9eefb14cc2a9..059116acc6dd 100644
--- a/go/httpdportalpreview/httpdportalpreview.go
+++ b/go/httpdportalpreview/httpdportalpreview.go
@@ -6,10 +6,12 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"mime"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"path/filepath"
 	"regexp"
 	"strings"
 	"time"
@@ -114,10 +116,21 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (p *Proxy) ServeStatic(r *http.Response) error {
 	apiClient := unifiedapiclient.NewFromConfig(context.Background())
 	params, _ := getParams(`/config/profile/(?P<Profile>.*)/preview/(?P<File>.*)`, p.Uri)
+	file := params["File"]
+	buffer, _ := apiClient.CallSimpleHtml(p.Ctx, "GET", "/api/v1/config/connection_profile/"+params["Profile"]+"/preview/"+file, "")
+	ext := filepath.Ext(file)
+	if strings.HasSuffix(file, ".html") {
+		return p.RewriteAnswer(r, buffer)
+	}
 
-	buffer, _ := apiClient.CallSimpleHtml(p.Ctx, "GET", "/api/v1/config/connection_profile/"+params["Profile"]+"/preview/"+params["File"], "")
+	mimeType := mime.TypeByExtension(ext)
+	if mimeType != "" {
+		r.Header["Content-Type"] = []string{mimeType}
+	}
 
-	p.RewriteAnswer(r, buffer)
+	boeuf := bytes.NewBuffer(buffer)
+	r.Body = ioutil.NopCloser(boeuf)
+	r.Header["Content-Length"] = []string{fmt.Sprint(boeuf.Len())}
 	return nil
 }
 
diff --git a/go/pfconfigdriver/structs.go b/go/pfconfigdriver/structs.go
index 1e9141dc9ba4..0ced6374fa99 100644
--- a/go/pfconfigdriver/structs.go
+++ b/go/pfconfigdriver/structs.go
@@ -719,6 +719,8 @@ type PfConfRadiusConfiguration struct {
 	UsernameAttributes                 []string `json:"username_attributes"`
 	ForwardKeyBalanced                 string   `json:"forward_key_balanced"`
 	ProcessBandwidthAccounting         string   `json:"process_bandwidth_accounting"`
+	PfacctWorkers                      string   `json:"pfacct_workers"`
+	PfacctWorkQueueSize                string   `json:"pfacct_work_queue_size"`
 }
 
 type Certificate struct {
diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
index 0d5541aa0b07..c0d76b315d7b 100644
--- a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
+++ b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
@@ -43,6 +43,7 @@ sub field_list {
     my $list = [];
     my $section = $self->section;
     return [] if !defined $section;
+    push @$list, id => { id => 'id', type => 'Text'};
     my $default_pf_config = pf::IniFiles->new(-file => $pf_default_file, -allowempty => 1);
     my @section_fields = $default_pf_config->Parameters($section);
     foreach my $name (@section_fields) {
@@ -249,7 +250,20 @@ sub field_list {
                 $field->{element_attr} = {'data-placeholder' => 'No selection'};
                 my @options = ({value => '', label => 'None' }, map { { value => $_, label => $_ } } get_sms_source_ids());
                 $field->{options} = \@options;
-            }
+            };
+            $type eq 'path' && do {
+                my $old_name = $name;
+                $field->{type} = 'Path';
+                push(@$list, $name => $field);
+                $name .= "_upload";
+                $field = {
+                    id => $name,
+                    type => 'PathUpload',
+                    accessor => $old_name,
+                    config_prefix => $doc_section->{ext},
+                    upload_namespace => $name,
+                };
+            };
         }
         if ($field->{type} eq 'Text') {
             if (exists $doc_section->{minimum_length}) {
diff --git a/html/pfappserver/root/package.json b/html/pfappserver/root/package.json
index 5e1746656a47..883db77e4657 100644
--- a/html/pfappserver/root/package.json
+++ b/html/pfappserver/root/package.json
@@ -1,6 +1,6 @@
 {
   "name": "packetfence-admin",
-  "version": "12.1.0",
+  "version": "12.2.0",
   "private": true,
   "scripts": {
     "serve": "vue-cli-service serve",
diff --git a/html/pfappserver/root/src/components/new/BaseButtonUpload.vue b/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
index 277a9b25318a..b8a97fdef672 100644
--- a/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
+++ b/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
@@ -1,13 +1,18 @@
 <template>
-  <div class="base-button-upload" v-b-tooltip.hover.top.d300 :title="title" :class="`btn-${size}`">
+  <div class="base-button-upload d-flex flex-grow-1"
+    :title="title" :class="`btn-${size}`"
+    v-b-tooltip.hover.top.d300
+  >
     <label class="base-button-upload-label mb-0">
       <b-form ref="formRef" @submit.prevent>
         <!-- MUTLIPLE UPLOAD -->
         <input v-if="multiple"
+          @click.stop
           type="file" @change="doUpload" :accept="accept" title=" " multiple
           :disabled="disabled" />
         <!-- SINGLE UPLOAD -->
         <input v-else
+          @click.stop
           ref="inputRef"
           type="file" @change="doUpload" :accept="accept" title=" "
           :disabled="disabled" />
@@ -61,6 +66,10 @@ export const props = {
     type: Function,
     default: input => input
   },
+  encoding: {
+    type: String,
+    default: 'utf-8'
+  },
   size: {
     type: String,
     default: 'md',
@@ -81,6 +90,7 @@ const setup = (props, context) => {
     readAsText,
     multiple,
     encode,
+    encoding,
   } = toRefs(props)
 
   const { emit, refs, root: { $store } = {} } = context
@@ -92,7 +102,9 @@ const setup = (props, context) => {
 
   watch($files, files => {
     const filesMapped = files.map(file => ({ ...file, storeName: storeNameFromFile(file), close: () => { doClose(file) } }))
-    emit('files', filesMapped)
+    if (!readAsText.value || filesMapped.filter(file => !file.end).length === 0) {
+      emit('files', filesMapped)
+    }
     if (!multiple.value && readAsText.value && filesMapped[0] && filesMapped[0].result)
       emit('input', encode.value(filesMapped[0].result))
     if (files.length)
@@ -150,7 +162,7 @@ const setup = (props, context) => {
         if (isAccept(file)) { // contentType accepted
           const storeName = storeNameFromFile(file)
           if (!$store.state[storeName]) { // register store module only once
-            const fileStore = new FileStore(file, accept.value)
+            const fileStore = new FileStore(file, encoding.value)
             $store.registerModule(storeName, fileStore.module())
           }
           if (readAsText.value)
diff --git a/html/pfappserver/root/src/globals/pfField.js b/html/pfappserver/root/src/globals/pfField.js
index ceddf6b193c5..551f78c9eccb 100644
--- a/html/pfappserver/root/src/globals/pfField.js
+++ b/html/pfappserver/root/src/globals/pfField.js
@@ -345,7 +345,8 @@ import {
   BaseInputGroupMultiplier,
   BaseInputNumber,
   BaseInputChosenMultiple,
-  BaseInputChosenOne
+  BaseInputChosenOne,
+  BaseInputToggle,
 } from '@/components/new'
 
 export const useField = (field) => {
@@ -392,6 +393,10 @@ export const useField = (field) => {
           return { is: BaseInputNumber, ...props }
           // break
 
+        case pfComponentType.TOGGLE:
+          return { is: BaseInputToggle, ...props }
+          // break
+
         case pfComponentType.HIDDEN:
         case pfComponentType.NONE:
           return undefined
diff --git a/html/pfappserver/root/src/globals/pfFormatters.js b/html/pfappserver/root/src/globals/pfFormatters.js
index 7f3ecfe08b30..c58f165c50ed 100644
--- a/html/pfappserver/root/src/globals/pfFormatters.js
+++ b/html/pfappserver/root/src/globals/pfFormatters.js
@@ -94,5 +94,5 @@ export const pfFormatters = {
   },
   shortDateTime: (value) => {
     return filters.shortDateTime(parseInt(value) * 1000)
-  },
+  }
 }
diff --git a/html/pfappserver/root/src/main.js b/html/pfappserver/root/src/main.js
index 2eea1071c382..680acb9daec5 100644
--- a/html/pfappserver/root/src/main.js
+++ b/html/pfappserver/root/src/main.js
@@ -58,6 +58,7 @@ import 'vue-awesome/icons/file'
 import 'vue-awesome/icons/file-csv'
 import 'vue-awesome/icons/file-excel'
 import 'vue-awesome/icons/file-export'
+import 'vue-awesome/icons/file-image'
 import 'vue-awesome/icons/font'
 import 'vue-awesome/icons/regular/file'
 import 'vue-awesome/icons/fingerprint'
diff --git a/html/pfappserver/root/src/store/base/file.js b/html/pfappserver/root/src/store/base/file.js
index c6aaa3f93375..4b6bbcdf7be5 100644
--- a/html/pfappserver/root/src/store/base/file.js
+++ b/html/pfappserver/root/src/store/base/file.js
@@ -1,7 +1,7 @@
 import { types } from '@/store'
 
 export default class FileStore {
-  constructor (blob, encoding) {
+  constructor(blob, encoding) {
     this.blob = blob
     this.encoding = encoding
   }
@@ -30,6 +30,7 @@ export default class FileStore {
           encoding: this.encoding || 'utf-8', // user defined character encoding
           percent: 0, // FileReader onprogress percent
           result: null, // FileReader onload result
+          end: false, // FileReader onloadend
           error: null // FileReader onerror error
         }
       }
@@ -63,7 +64,10 @@ export default class FileStore {
               const start = state.offsets[lineIndex]
               const end = state.offsets[lineIndex + 1] - state.newLine.length
               dispatch('readSlice', { start, end }).then(result => {
-                const decoded = new TextDecoder(state.file.encoding).decode(result)
+                let decoded = result
+                  try {
+                    decoded = new TextDecoder(state.file.encoding).decode(result)
+                  } catch (e) {/* noop */ }
                 resolve(decoded)
               }).catch(err => {
                 reject(err)
@@ -93,6 +97,24 @@ export default class FileStore {
           reader.readAsArrayBuffer(slice)
         })
       },
+      readAsDataURL: ({ commit, state }) => {
+        return new Promise((resolve, reject) => {
+          const reader = new FileReader()
+          reader.onerror = (event) => {
+            const { target: { error } = {} } = event
+            commit('SET_ERROR', error)
+            reader.abort()
+            reject(error)
+          }
+          reader.onload = (event) => {
+            const { target: { result } = {} } = event
+            // eslint-disable-next-line no-unused-vars
+            const [ dataString, base64 ] = result.split(',', 2)
+            resolve(base64)
+          }
+          reader.readAsDataURL(state.blob)
+        })
+      },
       buildOffset: ({ commit, state, dispatch }, lineIndex) => {
         return new Promise((resolve, reject) => {
           const scan = async (index, start) => {
@@ -154,6 +176,9 @@ export default class FileStore {
         const { target: { result } = {} } = event
         state.file.result = result
       },
+      READER_LOADEND: (state) => {
+        state.file.end = true
+      },
       READER_ERROR: (state, event) => {
         state.status = types.ERROR
         const { target: { error: { code, message, name } = {} } = {} } = event
@@ -171,6 +196,9 @@ export default class FileStore {
         reader.onload = (event) => {
           commit('READER_LOAD', event)
         }
+        reader.onloadend = (event) => {
+          commit('READER_LOADEND', event)
+        }
         reader.onerror = (event) => {
           commit('READER_ERROR', event)
         }
diff --git a/html/pfappserver/root/src/store/modules/cluster.js b/html/pfappserver/root/src/store/modules/cluster.js
index cc5f9366cf93..9839049161b3 100644
--- a/html/pfappserver/root/src/store/modules/cluster.js
+++ b/html/pfappserver/root/src/store/modules/cluster.js
@@ -568,6 +568,7 @@ const mutations = {
   SERVICE_SUCCESS: (state, { server, id, service }) => {
     service.pid = parseInt(service.pid)
     state.status = types.SUCCESS
+    state.message = ''
     Vue.set(state.servers[server].services, id, { ...state.servers[server].services[id], ...service, status: types.SUCCESS })
   },
   SERVICE_DISABLING: (state, { server, id }) => {
diff --git a/html/pfappserver/root/src/utils/regex.js b/html/pfappserver/root/src/utils/regex.js
index 424de383af10..c4cf1db35b4f 100644
--- a/html/pfappserver/root/src/utils/regex.js
+++ b/html/pfappserver/root/src/utils/regex.js
@@ -19,4 +19,7 @@ export const reMac = value => /^([0-9a-fA-F]{2}[-:]?){5,}([0-9a-fA-F]){2}$/.test
 export const reNumeric = value => /^-?[0-9]*$/.test(value)
 
 // eslint-disable-next-line no-useless-escape
-export const reStaticRoute = value => /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}\/?(\d+)?\s+?(via\s+(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s+?)?dev\s+[a-z,0-9\.]+$/i.test(value)
\ No newline at end of file
+export const reStaticRoute = value => /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}\/?(\d+)?\s+?(via\s+(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s+?)?dev\s+[a-z,0-9\.]+$/i.test(value)
+
+// eslint-disable-next-line no-control-regex
+export const reAscii = value => /^([\x20-\x7E]+)$/.test(value)
\ No newline at end of file
diff --git a/html/pfappserver/root/src/utils/yup.js b/html/pfappserver/root/src/utils/yup.js
index 9876f64170df..ce5b451554a6 100644
--- a/html/pfappserver/root/src/utils/yup.js
+++ b/html/pfappserver/root/src/utils/yup.js
@@ -1,5 +1,6 @@
 import * as yup from 'yup'
 import { parse, format, isValid, compareAsc } from 'date-fns'
+import mime from 'mime-types'
 import i18n from './locale'
 import {
   reAlphaNumeric,
@@ -187,7 +188,7 @@ yup.addMethod(yup.string, 'isCommonNameOrFQDNOrMAC', function (message) {
   return this.test({
     name: 'isCommonNameOrFQDNOrMAC',
     message: message || i18n.t('Invalid common name.'),
-    test: (value) => (isCommonName(value) || isFQDN(value) || value.toLowerCase().replace(/[^0-9a-f]/g, '').length === 12)
+    test: (value) => (isCommonName(value) || isFQDN(value) || `${value}`.toLowerCase().replace(/[^0-9a-f]/g, '').length === 12)
   })
 })
 
@@ -293,12 +294,33 @@ yup.addMethod(yup.string, 'isFilenameWithExtension', function (extensions, messa
     name: 'isFilenameWithExtension',
     message: message || i18n.t('Invalid extension. Must be one of: {extensions}.', { extensions: extensions.join(', ') }),
     test: value => {
-      const re = RegExp('^[a-zA-Z0-9_]+[a-zA-Z0-9_\\-\\.]*\\.(' + extensions.join('|') + ')$')
+      const re = RegExp('^[0-9a-z\xC0-\xff_]+[0-9a-z\xC0-\xff_\\-\\.]*\\.(' + extensions.join('|') + ')$', 'gi')
       return !value || re.test(value)
     }
   })
 })
 
+yup.addMethod(yup.string, 'isFilenameWithContentType', function (contentTypes, message) {
+  return this.test({
+    name: 'isFilenameWithContentType',
+    message: message || i18n.t('Invalid content-type. Must be one of: {contentTypes}.', { contentTypes: contentTypes.join(', ') }),
+    test: value => {
+      const contentType = mime.lookup(value)
+      if (!contentType)
+        return false
+      const [ contentTypeMs, contentTypeLs ] = contentType.split('/')
+      return contentTypes.reduce((valid, allowed) => {
+        if (allowed === '*/*')
+          return true
+        const [ allowedMs, allowedLs ] = allowed.split('/')
+        if (contentTypeMs === allowedMs && (allowedLs === '*' || contentTypeLs === allowedLs))
+          return true
+        return valid
+      }, false)
+    }
+  })
+})
+
 export const isFQDN = value => {
   if (['', null, undefined].includes(value))
     return true
@@ -458,7 +480,7 @@ yup.addMethod(yup.string, 'mysql', function(columnSchema) {
           break
 
         case (type === MysqlMac):
-          if (value.toLowerCase().replace(/[^0-9a-f]/g, '').length !== 12)
+          if (`${value}`.toLowerCase().replace(/[^0-9a-f]/g, '').length !== 12)
             return this.createError({ message: i18n.t('Invalid MAC.') })
           break
       }
diff --git a/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue b/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
index a6c57821612b..6c6cacb520d1 100644
--- a/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
+++ b/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
@@ -15,6 +15,7 @@
 <script>
 import DatabaseGeneralView from '../database/general/_components/TheView'
 import DatabaseAdvancedView from '../database/advanced/_components/TheView'
+import DatabaseProxySQLView from '../database/proxysql/_components/TheView'
 
 const tabs = {
   database_general: {
@@ -24,6 +25,10 @@ const tabs = {
   database_advanced: {
     title: 'Advanced Configuration', // i18n defer
     component: DatabaseAdvancedView
+  },
+  database_proxysql: {
+    title: 'ProxySQL Configuration', // i18n defer
+    component: DatabaseProxySQLView
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/bases/_store.js b/html/pfappserver/root/src/views/Configuration/bases/_store.js
index f14c2e321944..42f383f893d8 100644
--- a/html/pfappserver/root/src/views/Configuration/bases/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/bases/_store.js
@@ -286,6 +286,40 @@ const actions = {
       throw err
     })
   },
+  getDatabaseProxySQL: ({ state, commit }) => {
+    if (state.cache['database_proxysql']) {
+      return Promise.resolve(state.cache['database_proxysql']).then(cache => JSON.parse(JSON.stringify(cache)))
+    }
+    commit('ITEM_REQUEST')
+    return api.base('database_proxysql').then(item => {
+      commit('ITEM_REPLACED', item)
+      return JSON.parse(JSON.stringify(item))
+    }).catch((err) => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
+  optionsDatabaseProxySQL: ({ commit }) => {
+    commit('ITEM_REQUEST')
+    return api.baseOptions('database_proxysql').then(response => {
+      commit('ITEM_SUCCESS')
+      return response
+    }).catch((err) => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
+  updateDatabaseProxySQL: ({ commit }, data) => {
+    commit('ITEM_REQUEST')
+    data.id = 'database_proxysql'
+    return api.updateBase(data).then(response => {
+      commit('ITEM_REPLACED', data)
+      return response
+    }).catch(err => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
   getDatabaseEncryption: ({ state, commit }) => {
     if (state.cache['database_encryption']) {
       return Promise.resolve(state.cache['database_encryption']).then(cache => JSON.parse(JSON.stringify(cache)))
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
index af0b39aa3546..08ffe41ed87f 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
@@ -51,22 +51,24 @@ export default {
     })
   },
   file: params => {
-    const get = params.quiet ? 'getQuiet' : 'get'
-    return apiCall[get](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { nocache: true }).then(response => {
+    return apiCall.getQuiet(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { ...params, nocache: true }).then(response => {
       return response.data
     })
   },
   createFile: params => {
-    return apiCall.put(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
+    const method = params.quiet ? 'putQuiet' : 'put'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
       return response.data
     })
   },
   updateFile: params => {
-    return apiCall.patch(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
+    const method = params.quiet ? 'patchQuiet' : 'patch'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
       return response.data
     })
   },
   deleteFile: params => {
-    return apiCall.delete(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')])
+    const method = params.quiet ? 'deleteQuiet' : 'delete'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')])
   }
 }
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
new file mode 100644
index 000000000000..fc606c6091ee
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -0,0 +1,153 @@
+<template>
+  <div @click.stop class="d-flex flex-grow-1">
+    <template v-if="!rename">
+      <span style="cursor: text;" @click.stop="onShow"
+        v-b-tooltip.hover.top.d300 :title="$i18n.t('Click to rename')"
+      >{{ item.name }}</span>
+    </template>
+    <template v-else>
+      <b-form @submit.prevent="onRename" ref="formRef"
+        class="d-flex w-100">
+        <base-form
+          class="p-0 my-1 w-100"
+          :form="form"
+          :schema="schema"
+          :isLoading="isLoading || isRenaming"
+        >
+          <input-name namespace="name" ref="inputRef"
+            class="w-100" :placeholder="item.name"
+            @click.stop.prevent
+          />
+        </base-form>
+        <b-button :disabled="isLoading || isRenaming || !canRename"
+          size="sm" variant="primary" class="ml-1 my-1 py-0" @click="onRename">
+            <template v-if="!isRenaming"
+              >{{ $i18n.t('Rename') }}</template>
+            <icon v-else
+              name="circle-notch" spin />
+        </b-button>
+        <b-button :disabled="isLoading || isRenaming"
+          size="sm" variant="danger" class="ml-1 my-1" @click.stop="onCancel">{{ $i18n.t('Cancel') }}</b-button>
+      </b-form>
+    </template>
+  </div>
+</template>
+<script>
+import {
+  BaseForm,
+  BaseInput,
+} from '@/components/new/'
+
+const components = {
+  BaseForm,
+  InputName: BaseInput,
+}
+
+const props = {
+  id: {
+    type: String
+  },
+  item: {
+    type: Object
+  },
+  entries: {
+    type: Array
+  },
+}
+
+import { computed, nextTick, ref, toRefs, watch } from '@vue/composition-api'
+import { useDebouncedWatchHandler } from '@/composables/useDebounce'
+import i18n from '@/utils/locale'
+import mime from 'mime-types'
+import { yup } from '../schema'
+
+const setup = (props, context) => {
+
+  const { root: { $store } = {} } = context
+
+  const {
+    id,
+    item,
+    entries,
+  } = toRefs(props)
+
+
+  const contentType = computed(() => {
+    const { name } = item.value
+    return mime.lookup(name)
+  })
+
+  const schema = computed(() => yup.object({
+    name: yup.string()
+      .required(i18n.t('Filename required.'))
+      .isFilenameWithContentType([contentType.value])
+      .fileNotExists(entries.value, item.value.path, i18n.t('File exists.'), item.value.name)
+  }))
+
+  const form = ref()
+  watch(item, () => {
+    form.value = { ...item.value } // dereferenced
+  }, { immediate: true })
+
+  const formRef = ref(null)
+  const inputRef = ref(null)
+
+  const rename = ref(false)
+
+  const onShow = () => {
+    rename.value = true
+    nextTick(() => { // after DOM update
+      const { $refs: { input: { focus = () => {} } = {} } = {} } = inputRef.value || {}
+      focus() // focus input element
+    })
+  }
+
+  const onCancel = () => {
+    form.value = { ...item.value } // dereferenced
+    rename.value = false
+  }
+
+  const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+  const isRenaming = ref(false)
+  const onRename = () => {
+    if (isValid.value) {
+      isRenaming.value = true
+      const { path } = item.value
+      return $store.dispatch(`$_connection_profiles/renameFile`, {
+        from: { id: id.value, filename: `${path}/${item.value.name}`.replace('//', '/') },
+        to: { id: id.value, filename: `${path}/${form.value.name}`.replace('//', '/')  },
+        quiet: true
+      })
+        .then(onCancel)
+        .finally(() => isRenaming.value = false)
+    }
+  }
+
+  const isValid = useDebouncedWatchHandler([form, entries], () => (!formRef.value || formRef.value.querySelectorAll('.is-invalid').length === 0), { immediate: false })
+  const isModified = computed(() => form.value.name !== item.value.name)
+  const canRename = computed(() => isValid.value && isModified.value)
+
+  return {
+    form,
+    formRef,
+    inputRef,
+    schema,
+
+    isLoading,
+    isRenaming,
+    rename,
+    onShow,
+    onCancel,
+    onRename,
+
+    canRename
+  }
+}
+
+export default {
+  name: 'inline-name',
+  components,
+  props,
+  setup
+}
+</script>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
index 2497e26f9541..89b15cec3073 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
@@ -80,7 +80,7 @@ const setup = (props, context) => {
     name: yup.string()
       .required(i18n.t('A new directory name is required.'))
       .isFilename(i18n.t('Invalid directory name.'))
-      .pathNotExists(entries, path, i18n.t('Directory name exists.'))
+      .fileNotExists(entries.value, path.value, i18n.t('Directory exists.'))
   }))
 
   const form = ref(defaults())
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
similarity index 93%
rename from html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
rename to html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
index e8f3d53e29a7..b3e10c148370 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
@@ -74,7 +74,10 @@
         reverse
         @click="onDelete"
       >{{ $t('Revert') }}</button-revert>
-      <b-button class="mr-1" variant="secondary" @click="onHide">{{ $t('Cancel') }}</b-button>
+      <b-button v-if="isNew"
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Cancel') }}</b-button>
+      <b-button v-else
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Close') }}</b-button>
     </template>
   </b-modal>
 </template>
@@ -117,6 +120,7 @@ import { createDebouncer } from 'promised-debounce'
 import { useDebouncedWatchHandler } from '@/composables/useDebounce'
 import useEventJail from '@/composables/useEventJail'
 import i18n from '@/utils/locale'
+import { acceptTextMimes } from '../config'
 import { yup } from '../schema'
 
 const defaults = () => ({
@@ -134,12 +138,12 @@ const setup = (props, context) => {
     value,
   } = toRefs(props)
 
-  const schema = yup.object({
+  const schema = computed(() => yup.object({
     name: yup.string()
       .required(i18n.t('File name required.'))
-      .isFilenameWithExtension(['html', 'mjml'])
-      .pathNotExists(entries, path, i18n.t('Filename exists.'))
-  })
+      .isFilenameWithContentType(acceptTextMimes)
+      .fileNotExists(entries.value, path.value, i18n.t('File exists.'))
+  }))
 
   const form = ref(defaults())
   const formRef = ref(null)
@@ -185,8 +189,8 @@ const setup = (props, context) => {
     }
     else {
       $store.dispatch('$_connection_profiles/getFile', { id: id.value, filename: path.value }).then(response => {
-        const { content, meta: { not_deletable, not_revertible } = {} } = response
-        editorContent.value = content
+        const { content: { message }, meta: { not_deletable, not_revertible } = {} } = response
+        editorContent.value = atob(message)
         isDeletable.value = !not_deletable
         isRevertible.value = !not_revertible
       })
@@ -206,7 +210,7 @@ const setup = (props, context) => {
     let params = {
       id: id.value,
       filename: path.value.split('/').filter(u => u).join('/'),
-      content: editorContent.value
+      content: btoa(editorContent.value)
     }
     if (isNew.value)
       params.filename += `/${form.value.name}`
@@ -331,7 +335,7 @@ const setup = (props, context) => {
 }
 
 export default {
-  name: 'modal-file',
+  name: 'modal-edit',
   components,
   props,
   setup
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
new file mode 100644
index 000000000000..614daf3f36ca
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
@@ -0,0 +1,122 @@
+<template>
+  <b-modal v-model="show"
+    size="xl" body-class="d-flex justify-content-md-center p-3"
+  >
+    <template v-slot:modal-title>
+      {{ $i18n.t('View File') }} <code>{{ path }}</code>
+    </template>
+    <template v-slot:default>
+      <img :src="previewUrl" class="align-self-center" />
+    </template>
+    <template v-slot:modal-footer>
+      <button-delete v-if="isDeletable"
+        variant="danger" class="mr-1"
+        :disabled="isLoading"
+        :confirm="$t('Delete file?')"
+        reverse
+        @click="onDelete"
+      >{{ $t('Delete') }}</button-delete>
+      <b-button
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Close') }}</b-button>
+    </template>
+  </b-modal>
+</template>
+<script>
+import {
+  BaseButtonConfirm,
+} from '@/components/new/'
+
+const components = {
+  ButtonDelete: BaseButtonConfirm,
+}
+
+const props = {
+  entries: {
+    type: Array
+  },
+  id: {
+    type: String
+  },
+  path: {
+    type: String,
+    default: ''
+  },
+  value: { // v-model: show/hide
+    type: Boolean
+  }
+}
+
+import { computed, customRef, ref, toRefs, watch } from '@vue/composition-api'
+
+const setup = (props, context) => {
+
+  const { root: { $store } = {}, emit } = context
+
+  const {
+    entries,
+    id,
+    path,
+    value,
+  } = toRefs(props)
+
+  const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+
+  const isDeletable = ref(false)
+  const isRevertible = ref(false)
+  watch([path, entries], () => {
+    $store.dispatch('$_connection_profiles/getFile', { id: id.value, filename: path.value }).then(response => {
+      const { meta: { not_deletable, not_revertible } = {} } = response
+      isDeletable.value = !not_deletable
+      isRevertible.value = !not_revertible
+    })
+  }, { deep: true })
+
+  const previewUrl = computed(() => {
+    let url = ['/config/profile', id.value, 'preview']
+    if (path.value)
+      url.push(...path.value.split('/').filter(u => u))
+    return url.join('/')
+  })
+
+  const onDelete = () => {
+    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: path.value }).then(() => {
+      emit('delete', path.value)
+    })
+  }
+
+  const show = customRef((track, trigger) => ({ // use v-model
+    get() {
+      track()
+      return value.value
+    },
+    set(newValue) {
+      emit('input', newValue)
+      trigger()
+    }
+  }))
+
+  const onHide = () => {
+    show.value = false
+  }
+
+  return {
+    isLoading,
+    isDeletable,
+    isRevertible,
+    onDelete,
+
+    // modal
+    show,
+    onHide,
+
+    previewUrl
+  }
+}
+
+export default {
+  name: 'modal-view',
+  components,
+  props,
+  setup
+}
+</script>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index 5b309dca14e0..39b315159564 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -11,7 +11,7 @@
     />
     <b-table :items="tableItems" :fields="tableFields" :sort-by="sortBy" :sort-desc="sortDesc"
       class="the-files-list"
-      small hover striped show-empty no-local-sorting no-select-on-click borderless
+      small hover responsive striped show-empty no-local-sorting no-select-on-click borderless
       @sort-changed="onSortChanged($event)"
       @row-clicked="onRowClicked($event)"
     >
@@ -22,7 +22,7 @@
           :disabled="false"
         >
           <icon v-for="(name, n) in item.icons" :key="n"
-            :name="name" class="nav-icon"/>
+            :name="name" class="nav-icon" />
 
           <icon v-if="item.expand"
             name="regular/folder-open"/>
@@ -32,13 +32,18 @@
         <div v-else
           class="d-flex align-items-center"
           variant="link"
+          :class="{ 'text-primary': !item.not_revertible || !item.not_deletable }"
         >
           <icon v-for="(name, n) in item.icons" :key="n"
-            :name="name" class="nav-icon"/>
+            :name="name" class="nav-icon" />
 
-          <icon name="file" v-if="!item.not_revertible || !item.not_deletable"/>
-          <icon name="regular/file" v-else/>
-          {{ item.name }}
+          <icon :name="(item.isImage) ? 'file-image' : 'file'" />
+
+          <inline-name v-if="!item.not_revertible || !item.not_deletable"
+            :key="`${item.path}/${item.name}`"
+            :id="id" :item="item" :entries="entries" />
+          <span v-else
+            >{{ item.name }}</span>
         </div>
       </template>
       <template v-slot:cell(buttons)="{ item }">
@@ -69,10 +74,21 @@
         <div v-else-if="item.type === 'dir'"
           class="text-right text-nowrap">
 
-          <b-dropdown :text="$i18n.t('Create')"
-            size="sm" variant="outline-primary" class="my-1" right>
-            <b-dropdown-item @click="onToggleDirectory(item)">New Sub Directory</b-dropdown-item>
-            <b-dropdown-item @click="onToggleFile(item)">New File</b-dropdown-item>
+          <b-dropdown size="sm" variant="outline-primary" class="my-1" right>
+            <template #button-content>
+              <icon name="plus-circle" />
+            </template>
+            <b-dropdown-header>{{ `${item.path}/${item.name}`.replace('//', '/') }}</b-dropdown-header>
+            <b-dropdown-divider />
+            <b-dropdown-item @click="onToggleDirectory(item)">{{ $i18n.t('Create New Sub Directory') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleEdit(item)">{{ $i18n.t('Create New File') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleUpload(item)">
+              <base-button-upload
+                @files="onUploadFiles(item, $event)"
+                :accept="acceptMimes.join(',')"
+                multiple
+              >{{ $i18n.t('Upload File(s)') }}</base-button-upload>
+            </b-dropdown-item>
           </b-dropdown>
 
         </div>
@@ -88,15 +104,24 @@
       @hidden="onToggleDirectory"
     />
 
-    <modal-file
-      v-model="isShowFileModal"
+    <modal-edit
+      v-model="isShowEditModal"
       :entries="entries"
       :id="id"
       :path="lastPath"
       @create="onCreateFile($event)"
       @update="onUpdateFile($event)"
       @delete="onDeleteFile($event)"
-      @hidden="onToggleFile"
+      @hidden="onToggleEdit"
+    />
+
+    <modal-view
+      v-model="isShowViewModal"
+      :entries="entries"
+      :id="id"
+      :path="lastPath"
+      @delete="onDeleteFile($event)"
+      @hidden="onToggleView"
     />
 
   </div>
@@ -104,18 +129,24 @@
 <script>
 import {
   BaseButtonConfirm,
+  BaseButtonUpload,
   BaseFormGroupToggle
 } from '@/components/new/'
 import {
+  InlineName,
   ModalDirectory,
-  ModalFile
+  ModalEdit,
+  ModalView,
 } from './'
 
 const components = {
   BaseButtonConfirm,
+  BaseButtonUpload,
+  InlineName,
   InputToggle: BaseFormGroupToggle,
   ModalDirectory,
-  ModalFile
+  ModalEdit,
+  ModalView,
 }
 
 const props = {
@@ -160,6 +191,11 @@ const tableFields = [
 ]
 
 import { computed, ref, toRefs, watch } from '@vue/composition-api'
+import mime from 'mime-types'
+import i18n from '@/utils/locale'
+import { reAscii } from '@/utils/regex'
+import { acceptMimes } from '../config'
+import { fileNotExists } from '../schema'
 
 const setup = (props, context) => {
 
@@ -171,7 +207,6 @@ const setup = (props, context) => {
 
   const sortBy = ref(undefined)
   const sortDesc = ref(false)
-  const entries = ref([])
 
   const expandPaths = ref(['/'])
   const expandPath = (path) => {
@@ -187,6 +222,15 @@ const setup = (props, context) => {
 
   const tableItems = ref([])
   const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+  //const entries = ref([])
+  const entries = computed(() => {
+    const { [id.value]: { entries = [] } = {} } = $store.state.$_connection_profiles.files.cache
+    return [{
+      name: '/',
+      type: 'dir',
+      entries: JSON.parse(JSON.stringify(entries))
+    }]
+  })
 
   const _getFiles = () => {
     let sort = ['type']
@@ -196,13 +240,7 @@ const setup = (props, context) => {
     }
     else
       sort.push('name')
-    $store.dispatch('$_connection_profiles/files', { id: id.value, sort }).then(response => {
-      entries.value = [{
-        name: '/',
-        type: 'dir',
-        entries: JSON.parse(JSON.stringify(response.entries))
-      }]
-    })
+    $store.dispatch('$_connection_profiles/files', { id: id.value, sort })
   }
 
   watch([sortBy, sortDesc], () => _getFiles(), { immediate: true })
@@ -221,6 +259,8 @@ const setup = (props, context) => {
           let { entries: childEntries = [], ...rest } = entry || {}
           const { type, name } = rest || {}
           const fullPath = `${path}/${name}`.replace('//', '/')
+          const contentType = mime.lookup(name)
+          const isImage = /^image\//.test(contentType)
           switch(type) {
             case 'dir':
               childEntries = childEntries.filter(visibleFilter)
@@ -237,7 +277,7 @@ const setup = (props, context) => {
               }
               break
             case 'file':
-              reduced.push({ ...rest, path, icons })
+              reduced.push({ ...rest, path, icons, isImage })
               break
           }
           return reduced
@@ -255,6 +295,8 @@ const setup = (props, context) => {
           const { entries: childEntries = [], ...rest } = entry || {}
           const { type, name } = rest || {}
           const fullPath = `${path}/${name}`.replace('//', '/')
+          const contentType = mime.lookup(name)
+          const isImage = /^image\//.test(contentType)
           switch(type) {
             case 'dir':
               if (expandPaths.value.includes(fullPath)) {
@@ -268,7 +310,7 @@ const setup = (props, context) => {
                 reduced.push({ ...rest, path, expand: false, icons })
               break
             case 'file':
-              reduced.push({ ...rest, path, icons })
+              reduced.push({ ...rest, path, icons, isImage })
               break
           }
           return reduced
@@ -293,19 +335,17 @@ const setup = (props, context) => {
         expandPath(fullPath)
     }
     else if (type === 'file') {
-      onToggleFile(row)
+      const contentType = mime.lookup(name)
+      if (/^image\//.test(contentType))
+        onToggleView(row)
+      else
+        onToggleEdit(row)
     }
   }
 
   const onDelete = (item) => {
     const { path, name } = item
-    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: `${path}/${name}`.replace('//', '/') }).then(response => {
-      entries.value = entries.value = [{
-        name: '/',
-        type: 'dir',
-        entries: JSON.parse(JSON.stringify(response.entries))
-      }]
-    })
+    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: `${path}/${name}`.replace('//', '/') })
   }
 
   const previewUrl = (item) => {
@@ -324,11 +364,25 @@ const setup = (props, context) => {
     isShowDirectoryModal.value = !isShowDirectoryModal.value
   }
 
-  const isShowFileModal = ref(false)
-  const onToggleFile = (item) => {
+  const isShowEditModal = ref(false)
+  const onToggleEdit = (item) => {
+    const { path = '', name = '' } = item || {}
+    lastPath.value = `${path}/${name}`.replace('//', '/')
+    isShowEditModal.value = !isShowEditModal.value
+  }
+
+  const isShowViewModal = ref(false)
+  const onToggleView = (item) => {
     const { path = '', name = '' } = item || {}
     lastPath.value = `${path}/${name}`.replace('//', '/')
-    isShowFileModal.value = !isShowFileModal.value
+    isShowViewModal.value = !isShowViewModal.value
+  }
+
+  const isShowUploadModal = ref(false)
+  const onToggleUpload = (item) => {
+    const { path = '', name = '' } = item || {}
+    lastPath.value = `${path}/${name}`.replace('//', '/')
+    isShowUploadModal.value = !isShowUploadModal.value
   }
 
   const onCreateDirectory = (name) => {
@@ -358,10 +412,47 @@ const setup = (props, context) => {
   const onUpdateFile = () => _getFiles()
 
   const onDeleteFile = () => {
-    isShowFileModal.value = false
+    isShowEditModal.value = false
+    isShowViewModal.value = false
     _getFiles()
   }
 
+  const onUploadFiles = (item, files) => {
+    const { path, name } = item
+    const pathname = `${path}/${name}`.replace('//', '/')
+    files.forEach(file => {
+      const filename = file.name.trim()
+      if(!reAscii(filename)) {
+        return $store.dispatch('notification/danger', {
+          icon: 'exclamation-triangle',
+          url: filename,
+          message: i18n.t('Upload skipped. {filename} contains non-ASCII characters and is not a valid filename.', { filename: `<code>${filename}</code>` })
+        })
+      }
+      const exists = !fileNotExists(entries.value, pathname, filename)
+      let method = 'createFile'
+      let message = i18n.t('{file} uploaded.', { file: `<code>${pathname}/${filename}</code>` })
+      if (exists) {
+        method = 'updateFile'
+        message = i18n.t('{file} replaced.', { file: `<code>${pathname}/${filename}</code>` })
+      }
+      $store.dispatch(`${file.storeName}/readAsDataURL`).then(content => {
+        $store.dispatch(`$_connection_profiles/${method}`, {
+          id: id.value,
+          filename: `${pathname}/${filename}`.replace('//', '/'),
+          content,
+          quiet: true
+        }).then(() => {
+          $store.dispatch('notification/info', { url: filename, message })
+        }).catch(error => {
+          const { response: { data: { message = '' } = {} } = {} } = error
+          $store.dispatch('notification/danger', { icon: 'exclamation-triangle', url: filename, message })
+          throw error
+        }).finally(_getFiles)
+      })
+    })
+  }
+
   return {
     sortBy,
     sortDesc,
@@ -379,14 +470,23 @@ const setup = (props, context) => {
     onCreateDirectory,
     onToggleDirectory,
 
-    isShowFileModal,
+    isShowEditModal,
     onCreateFile,
     onUpdateFile,
     onDeleteFile,
-    onToggleFile,
+    onToggleEdit,
+
+    isShowViewModal,
+    onToggleView,
+
+    isShowUploadModal,
+    onToggleUpload,
 
     lastPath,
-    hideDefaultFiles
+    hideDefaultFiles,
+
+    onUploadFiles,
+    acceptMimes,
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
index 6654a172b598..c0fe90bf528b 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
@@ -15,8 +15,10 @@ import BaseFormGroupProvisioners from './BaseFormGroupProvisioners'
 import BaseFormGroupScanners from './BaseFormGroupScanners'
 import BaseFormGroupSources from './BaseFormGroupSources'
 import ButtonPreviewPortal from './ButtonPreviewPortal'
+import InlineName from './InlineName'
 import ModalDirectory from './ModalDirectory'
-import ModalFile from './ModalFile'
+import ModalEdit from './ModalEdit'
+import ModalView from './ModalView'
 import TheFilesList from './TheFilesList'
 import TheForm from './TheForm'
 import TheView from './TheView'
@@ -64,8 +66,10 @@ export {
   BaseFormGroupLocales                as FormGroupLocale,
 
   ButtonPreviewPortal,
+  InlineName,
   ModalDirectory,
-  ModalFile,
+  ModalEdit,
+  ModalView,
   TheFilesList,
   TheForm,
   TheView,
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
index 8ca7c6a6bab3..468c7844c237 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
@@ -233,6 +233,24 @@ const actions = {
       commit('FILE_ERROR', err.response)
       throw err
     })
+  },
+  renameFile: ({ commit, dispatch }, params) => {
+    const { to, from, ...options } = params
+    commit('FILE_REQUEST')
+    return api.file(from).then(response => {
+      const { message: content = '' } = response
+      return api.createFile({ ...to, ...options, content }).then(() => {
+        return api.deleteFile({ ...from, ...options }).then(() => {
+          return dispatch('files', { id: from.id })
+        }).catch(err => {
+          commit('FILE_ERROR', err.response)
+          throw err
+        })
+      }).catch(err => {
+        commit('FILE_ERROR', err.response)
+        throw err
+      })
+    })
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
index 41567e3036f1..a8dac2cc0850 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
@@ -86,3 +86,19 @@ export const filters = {
     types: [pfFieldType.SUBSTRING]
   }
 }
+
+export const acceptMediaMimes = [
+  'font/*',
+  'image/*'
+]
+
+export const acceptTextMimes = [
+  'text/*',
+  'application/json',
+  'application/javascript'
+]
+
+export const acceptMimes = [
+  ...acceptMediaMimes,
+  ...acceptTextMimes
+]
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
index 22d7569cc2ab..e6e5ed8da251 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
@@ -18,34 +18,34 @@ yup.addMethod(yup.string, 'connectionProfileIdNotExistsExcept', function (except
   })
 })
 
-yup.addMethod(yup.string, 'pathNotExists', function (entries, path, message) {
+const fileNotExists = (entries, path, filename, except) => {
+  // traverse tree using path parts
+  let parts = ['/', ...path.split('/').filter(p => p)]
+  while (parts.length > 0) {
+    for (let e = 0; e < entries.length; e++) {
+      const { name, entries: childEntries = [] } = entries[e]
+      if (name === parts[0]) {
+        // update pointer
+        entries = childEntries
+        break
+      }
+    }
+    parts = parts.slice(1)
+  }
+  for (let e = 0; e < entries.length; e++) {
+    const { name } = entries[e]
+    if (name === filename.trim())
+      return (name === except)
+  }
+  return true
+}
+
+yup.addMethod(yup.string, 'fileNotExists', function (entries, path, message, except) {
   return this.test({
-    name: 'pathNotExists',
+    name: 'fileNotExists',
     message: message || i18n.t('File exists.'),
     test: (value) => {
-      if (!value)
-        return true
-      // point @ primitive
-      let ptrEntries = entries.value
-      // traverse tree using path parts
-      let parts = ['/', ...path.value.split('/').filter(p => p)]
-      while (parts.length > 0) {
-        for (let e = 0; e < ptrEntries.length; e++) {
-          const { name, entries: childEntries = [] } = ptrEntries[e]
-          if (name === parts[0]) {
-            // update pointer
-            ptrEntries = childEntries
-            break
-          }
-        }
-        parts = parts.slice(1)
-      }
-      for (let e = 0; e < ptrEntries.length; e++) {
-        const { name } = ptrEntries[e]
-        if (name === value.trim())
-          return false
-      }
-      return true
+      return !value || fileNotExists(entries, path, value, except)
     }
   })
 })
@@ -107,4 +107,7 @@ export default (props) => {
   })
 }
 
-export { yup }
+export {
+  yup,
+  fileNotExists
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/_router.js b/html/pfappserver/root/src/views/Configuration/database/_router.js
index 85d8fbd8108c..77d27eb52de2 100644
--- a/html/pfappserver/root/src/views/Configuration/database/_router.js
+++ b/html/pfappserver/root/src/views/Configuration/database/_router.js
@@ -24,5 +24,12 @@ export default [
     component: TheTabs,
     props: () => ({ tab: 'database_advanced' }),
     beforeEnter
+  },
+  {
+    path: 'database_proxysql',
+    name: 'database_proxysql',
+    component: TheTabs,
+    props: () => ({ tab: 'database_proxysql' }),
+    beforeEnter
   }
 ]
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue
new file mode 100644
index 000000000000..fc8669824cbc
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue
@@ -0,0 +1,76 @@
+<template>
+  <base-form
+    :form="form"
+    :meta="meta"
+    :schema="schema"
+    :isLoading="isLoading"
+  >
+    <form-group-status namespace="status"
+      :column-label="$i18n.t('Enable')"
+      :text="$i18n.t('Enable an external server for proxysql.')"
+    />
+
+    <form-group-cacert namespace="cacert"
+      :column-label="$i18n.t('CA Certificate')"
+      :text="$i18n.t('CA Certificate')"
+    />
+
+    <form-group-backend namespace="backend"
+      :column-label="$i18n.t('Backend')"
+      :text="$i18n.t('Backend Host')"
+    />
+
+  </base-form>
+</template>
+<script>
+import { computed } from '@vue/composition-api'
+import {
+  BaseForm
+} from '@/components/new/'
+import schemaFn from '../schema'
+import {
+  FormGroupCacert,
+  FormGroupBackend,
+  FormGroupStatus
+} from './'
+
+const components = {
+  BaseForm,
+
+  FormGroupCacert,
+  FormGroupBackend,
+  FormGroupStatus,
+}
+
+export const props = {
+  form: {
+    type: Object
+  },
+  meta: {
+    type: Object
+  },
+  isLoading: {
+    type: Boolean,
+    default: false
+  }
+}
+
+export const setup = (props) => {
+
+  const schema = computed(() => schemaFn(props))
+
+  return {
+    schema
+  }
+}
+
+// @vue/component
+export default {
+  name: 'the-form',
+  inheritAttrs: false,
+  components,
+  props,
+  setup
+}
+</script>
+
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js
new file mode 100644
index 000000000000..e6080896ae92
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js
@@ -0,0 +1,26 @@
+import {
+  BaseView,
+
+  FormButtonBar,
+  TheForm
+} from './'
+
+const components = {
+  FormButtonBar,
+  TheForm
+}
+
+import { useViewResource, useViewResourceProps as props } from '../../../_composables/useViewResource'
+
+import * as resource from '../_composables/useResource'
+const setup = (props, context) => useViewResource(resource, props, context)
+
+// @vue/component
+export default {
+  name: 'the-view',
+  extends: BaseView,
+  inheritAttrs: false,
+  components,
+  props,
+  setup
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js
new file mode 100644
index 000000000000..2b5b90518063
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js
@@ -0,0 +1,20 @@
+import { BaseViewResource } from '../../../_components/new/'
+import {
+  BaseFormButtonBar,
+  BaseFormGroupInput,
+  BaseFormGroupToggleDisabledEnabled,
+  BaseFormGroupFileUpload
+} from '@/components/new/'
+import TheForm from './TheForm'
+import TheView from './TheView'
+
+export {
+  BaseFormButtonBar                   as FormButtonBar,
+
+  BaseFormGroupToggleDisabledEnabled  as FormGroupStatus,
+  BaseFormGroupFileUpload             as FormGroupCacert,
+  BaseFormGroupInput                  as FormGroupBackend,
+  BaseViewResource                    as BaseView,
+  TheForm,
+  TheView
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js
new file mode 100644
index 000000000000..19ee011ba064
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js
@@ -0,0 +1,13 @@
+import { computed } from '@vue/composition-api'
+import i18n from '@/utils/locale'
+
+export const useTitle = () => i18n.t('Database ProxySQL')
+
+export const useStore = $store => {
+  return {
+    isLoading: computed(() => $store.getters['$_bases/isLoading']),
+    getItem: () => $store.dispatch('$_bases/getDatabaseProxySQL'),
+    getItemOptions: () => $store.dispatch('$_bases/optionsDatabaseProxySQL'),
+    updateItem: params => $store.dispatch('$_bases/updateDatabaseProxySQL', params)
+  }
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js
new file mode 100644
index 000000000000..b564de1be255
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js
@@ -0,0 +1,11 @@
+import i18n from '@/utils/locale'
+import yup from '@/utils/yup'
+
+export const schema = () => yup.object({
+  status: yup.string().nullable().label(i18n.t('Enable')),
+  cacert: yup.string().nullable().label(i18n.t('CA Certificate')),
+  backend: yup.string().nullable().label(i18n.t('Backend host')),
+})
+
+export default schema
+
diff --git a/html/pfappserver/root/src/views/Configuration/index.vue b/html/pfappserver/root/src/views/Configuration/index.vue
index 71bf7127f997..201de2d3412d 100644
--- a/html/pfappserver/root/src/views/Configuration/index.vue
+++ b/html/pfappserver/root/src/views/Configuration/index.vue
@@ -148,7 +148,8 @@ const setup = () => {
         { name: i18n.t('Database'),
           items: [
             { name: i18n.t('General'), path: '/configuration/database_general' },
-            { name: i18n.t('Advanced'), path: '/configuration/database_advanced' }
+            { name: i18n.t('Advanced'), path: '/configuration/database_advanced' },
+            { name: i18n.t('ProxySQL'), path: '/configuration/database_proxysql' }
           ]
         },
         { name: i18n.t('Cluster'), path: '/configuration/active_active', class: 'no-saas' },
diff --git a/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
index 3ba96a6603a0..3d8a8943bc00 100644
--- a/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
+++ b/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
@@ -67,6 +67,16 @@
       :text="$i18n.t('Enables processing of bandwidth accounting. Requires a restart of pfacct to be effective')"
     />
 
+    <form-group-pfacct-workers namespace="pfacct_workers"
+      :column-label="$i18n.t('Pfacct workers')"
+      :text="$i18n.t('The number of processing accounting packets. Requires a restart of pfacct to be effective')"
+    />
+
+    <form-group-pfacct-work-queue-size namespace="pfacct_work_queue_size"
+      :column-label="$i18n.t('Pfacct Work Queue Size')"
+      :text="$i18n.t('The size of the queue for each worker. Requires a restart of pfacct to be effective')"
+    />
+
     <form-group-radius-attributes namespace="radius_attributes"
       :column-label="$i18n.t('RADIUS attributes')"
       :text="$i18n.t('List of RADIUS attributes that can be used in the sources configuration.')"
@@ -120,7 +130,9 @@ import {
   FormGroupRadiusAttributes,
   FormGroupNormalizeRadiusMachineAuthUsername,
   FormGroupProcessBandwidthAccounting,
-  FormGroupUsernameAttributes
+  FormGroupUsernameAttributes,
+  FormGroupPfacctWorkers,
+  FormGroupPfacctWorkQueueSize
 } from './'
 
 const components = {
@@ -142,7 +154,9 @@ const components = {
   FormGroupRadiusAttributes,
   FormGroupNormalizeRadiusMachineAuthUsername,
   FormGroupProcessBandwidthAccounting,
-  FormGroupUsernameAttributes
+  FormGroupUsernameAttributes,
+  FormGroupPfacctWorkers,
+  FormGroupPfacctWorkQueueSize
 }
 
 export const props = {
diff --git a/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js b/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
index f7b454eac577..d128a29b8955 100644
--- a/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
+++ b/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
@@ -1,7 +1,8 @@
 import {
   BaseFormButtonBar,
   BaseFormGroupTextarea,
-  BaseFormGroupToggleDisabledEnabled
+  BaseFormGroupToggleDisabledEnabled,
+  BaseFormGroupInputNumber
 } from '@/components/new/'
 import { BaseViewResource } from '../../../_components/new/'
 import AlertServices from './AlertServices'
@@ -28,6 +29,8 @@ export {
   BaseFormGroupTextarea               as FormGroupRadiusAttributes,
   BaseFormGroupToggleDisabledEnabled  as FormGroupNormalizeRadiusMachineAuthUsername,
   BaseFormGroupTextarea               as FormGroupUsernameAttributes,
+  BaseFormGroupInputNumber            as FormGroupPfacctWorkers,
+  BaseFormGroupInputNumber            as FormGroupPfacctWorkQueueSize,
 
   AlertServices,
   BaseViewResource                    as BaseView,
diff --git a/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js b/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
index c45ce94ce75f..f4ed8ed0497d 100644
--- a/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
@@ -10,7 +10,7 @@ yup.addMethod(yup.string, 'securityEventIdNotExistsExcept', function (exceptId =
     test: (value) => {
       if (!value || `${value}`.toLowerCase() === `${exceptId}`.toLowerCase()) return true
       return store.dispatch('config/getSecurityEvents').then(response => {
-        return Object.keys(response).filter(item => item.toLowerCase() === `${value}`.toLowerCase()).length === 0
+        return Object.keys(response).filter(item => `${item}`.toLowerCase() === `${value}`.toLowerCase()).length === 0
       }).catch(() => {
         return true
       })
diff --git a/html/pfappserver/root/src/views/Configuration/sources/schema.js b/html/pfappserver/root/src/views/Configuration/sources/schema.js
index e84e747ca016..9220f12747e5 100644
--- a/html/pfappserver/root/src/views/Configuration/sources/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/sources/schema.js
@@ -84,14 +84,15 @@ export const schema = (props) => {
 
   const {
     cert_file_upload,
-    key_file_upload,
     idp_ca_cert_path_upload,
     idp_cert_path_upload,
     idp_metadata_path_upload,
+    key_file_upload,
     path_upload,
     paypal_cert_file_upload,
     sp_cert_path_upload,
     sp_key_path_upload,
+
   } = form || {}
 
   return yup.object({
@@ -123,9 +124,9 @@ export const schema = (props) => {
           : yup.string().nullable()
       }),
     cert_id: yup.string().label(i18n.t('ID')),
-    client_cert_file: yup.string().label(i18n.t('Client Certificate')),
+    client_cert_file: yup.string().nullable().label(i18n.t('Client certificate')),
     client_id: yup.string().label(i18n.t('Client ID')),
-    client_key_file: yup.string().label(i18n.t('Client Key')),
+    client_key_file: yup.string().nullable().label(i18n.t('Client key')),
     client_secret: yup.string().label(i18n.t('Secret')),
     description: yup.string().label(i18n.t('Description')),
     domains: yup.string().label(i18n.t('Domains')),
diff --git a/html/pfappserver/root/src/views/Nodes/_config/index.js b/html/pfappserver/root/src/views/Nodes/_config/index.js
index d60e7a8c785a..e4543b2cc60a 100644
--- a/html/pfappserver/root/src/views/Nodes/_config/index.js
+++ b/html/pfappserver/root/src/views/Nodes/_config/index.js
@@ -43,7 +43,14 @@ export const importFields = [
     types: [fieldType.YESNO],
     required: false,
     formatter: formatter.yesNoFromString,
-    validator: validatorFromColumnSchemas(MysqlDatabase.node.autoreg)
+    validator: validatorFromColumnSchemas(MysqlDatabase.node.autoreg),
+    props: {
+      options: [
+        { value: 'no', label: i18n.t('No') },
+        { value: 'yes', label: i18n.t('Yes'), color: 'var(--primary)' }
+      ],
+      labelRight: true
+    }
   },
   {
     value: 'bandwidth_balance',
@@ -120,7 +127,14 @@ export const importFields = [
     types: [fieldType.YESNO],
     required: false,
     formatter: formatter.yesNoFromString,
-    validator: validatorFromColumnSchemas(MysqlDatabase.node.voip)
+    validator: validatorFromColumnSchemas(MysqlDatabase.node.voip),
+    props: {
+      options: [
+        { value: 'no', label: i18n.t('No') },
+        { value: 'yes', label: i18n.t('Yes'), color: 'var(--primary)' }
+      ],
+      labelRight: true
+    }
   }
 ]
 
diff --git a/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue b/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
index e839fee720f2..a47a5f939dae 100644
--- a/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
+++ b/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
@@ -170,6 +170,7 @@ const setup = (props, context) => {
     }
     let createdUsers = ref([])
     let promises = []
+    $store.commit('$_users/CREATED_USERS_REPLACED', [])
     for (let i = 0; i < base.quantity; i++) {
       let _form = {
         ...base,
@@ -178,20 +179,24 @@ const setup = (props, context) => {
       }
       promises.push($store.dispatch('$_users/exists', _form.pid).then(() => {
         // user exists
+        completed.value += 1/3
         return $store.dispatch('$_users/updateUser', _form).then(() => {
-          completed.value += 0.5
+          completed.value += 1/3
           return $store.dispatch('$_users/updatePassword', _form).then(() => {
+            completed.value += 1/3
             createdUsers.value.push(_form)
-            completed.value += 0.5
+            $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
           })
         })
       }).catch(() => {
         // user not exist
+        completed.value += 1/3
         return $store.dispatch('$_users/createUser', _form).then(() => {
-          completed.value += 0.5
+          completed.value += 1/3
           return $store.dispatch('$_users/createPassword', _form).then(() => {
+            completed.value += 1/3
             createdUsers.value.push(_form)
-            completed.value += 0.5
+            $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
           })
         })
       }))
@@ -204,7 +209,6 @@ const setup = (props, context) => {
         skipped: null,
         failed: null
       })
-      $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
     })
   }
 
diff --git a/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue b/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
index 1476a29f54b9..abcf492afbe8 100644
--- a/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
+++ b/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
@@ -1,21 +1,19 @@
 <template>
   <b-modal v-model="show" size="lg" :title="$t('Create Users')"
-    centered no-close-on-backdrop no-close-on-esc lazy scrollable
+    centered lazy scrollable
   >
-    <template v-slot:modal-header v-if="isLoading">
-      <h4>{{ $i18n.t('Creating Users') }}</h4>
-    </template>
-    <template v-slot:modal-header v-else>
-      <h4>{{ $i18n.t('The following users have been created') }}</h4>
+    <template v-slot:modal-header>
+      <div v-if="Math.round(progress) < 100"
+        class="w-100 text-small mt-3">
+        {{ $i18n.t('Creating {quantity} users:', { quantity }) }} {{ Math.round(progress) }}%
+        <b-progress :max="100" height="4px">
+          <b-progress-bar :value="progress" :precision="2" variant="success" :show-value="false"></b-progress-bar>
+          <b-progress-bar :value="100 - progress" :precision="2" variant="light" :show-value="false" style="opacity: 0.2"></b-progress-bar>
+        </b-progress>
+      </div>
+      <h4 v-else>{{ $i18n.t('Created {quantity} users', { quantity }) }}</h4>
     </template>
-    <div v-if="progress < 100" class="text-small">
-      {{ Math.round(progress) }}%
-      <b-progress :max="100" height="4px">
-        <b-progress-bar :value="progress" :precision="2" variant="success" :show-value="false"></b-progress-bar>
-        <b-progress-bar :value="100 - progress" :precision="2" variant="light" :show-value="false" style="opacity: 0.2"></b-progress-bar>
-      </b-progress>
-    </div>
-    <b-table v-else
+    <b-table
       :items="users"
       :fields="visibleUsersFields"
       :sortBy="usersSortBy"
@@ -23,13 +21,14 @@
       show-empty responsive striped>
       <template v-slot:empty>
         <slot name="emptySearch" v-bind="{ isLoading }">
-        <base-table-empty :is-loading="isLoading">{{ $t('No users created') }}</base-table-empty>
+          <base-table-empty :is-loading="isLoading">{{ $t('No users created') }}</base-table-empty>
         </slot>
       </template>
     </b-table>
     <template v-slot:modal-footer>
-      <div class="w-100">
-        <b-button :disabled="isLoading" variant="primary" class="float-right" @click="goToPreview">{{ $i18n.t('Preview') }}</b-button>
+      <div class="w-100 text-right">
+        <b-button variant="secondary" class="mr-1" @click="show = false;">{{ $i18n.t('Close') }}</b-button>
+        <b-button variant="primary" class="mr-1" @click="goToPreview">{{ $i18n.t('Preview Messages') }}</b-button>
       </div>
     </template>
   </b-modal>
diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index 40ae4a201bd6..0c51e709f1a6 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -15,12 +15,13 @@ pf::UnifiedApi::Controller::Config::ConnectionProfiles
 use strict;
 use warnings;
 use captiveportal::DynamicRouting::Application;
+use Mojo::Asset;
 use Mojo::Base qw(pf::UnifiedApi::Controller::Config);
 use pf::ConfigStore::Profile;
 use pf::UnifiedApi::Request;
 use pfappserver::Form::Config::Profile;
 use pfappserver::Form::Config::Profile::Default;
-use File::Slurp qw(write_file);
+use File::Slurp qw(read_file write_file);
 use POSIX qw(:errno_h);
 use JSON::MaybeXS qw();
 use File::Find;
@@ -38,6 +39,7 @@ use pf::file_paths qw(
 );
 use pf::error qw(is_error);
 use pfconfig::git_storage;
+use MIME::Base64 qw(encode_base64 decode_base64);
 
 has 'config_store_class' => 'pf::ConfigStore::Profile';
 has 'form_class' => 'pfappserver::Form::Config::Profile';
@@ -141,7 +143,13 @@ sub get_file {
         return $self->render_error(404, "'$file' not found");
     }
 
-    return $self->reply->file($path);
+    my $content = read_file($path);
+    my $encoded = encode_base64($content);
+
+    my $asset = Mojo::Asset::Memory->new;
+    $asset->add_chunk($encoded);
+
+    return $self->reply->asset($asset);
 }
 
 =head2 new_file
@@ -162,11 +170,11 @@ sub new_file {
        return $self->render_error(412, "'$file' already exists");
     }
 
-    my $content = $self->req->text;
+    my $content = decode_base64($self->req->body);
     eval {
         my (undef, $file_parent_dir, undef) = splitpath($path);
         pf_make_dir($file_parent_dir);
-        write_file($path, {binmode => ':utf8', no_clobber => 1}, $content);
+        write_file($path, {binmode => ':raw', no_clobber => 1}, $content);
     };
     if ($@) {
        pf::log::get_logger->error("Error writing file: $@");
@@ -199,10 +207,12 @@ sub replace_file {
     }
 
     my $path = profileFilePath($id, $file);
-    my $content = $self->req->text;
+    my $content = decode_base64($self->req->body);
 
     eval {
-        write_file($path, {atomic=> 1, binmode => ':utf8', no_clobber => 0}, $content);
+        my (undef, $file_parent_dir, undef) = splitpath($path);
+        pf_make_dir($file_parent_dir);
+        write_file($path, {atomic=> 1, binmode => ':raw', no_clobber => 1}, $content);
     };
     if ($@) {
        pf::log::get_logger->error("Error writing file: $@");
@@ -422,7 +432,7 @@ file_excluded
 
 sub file_excluded {
     my ($file) = @_;
-    return $file !~ /\.(html|mjml)$/ || $file =~ /^\./;
+    return $file !~ /\.(html|mjml|jpg|jpeg|gif|png|svg|json|js|css|scss|otf|ttf|woff|woff2)$/ || $file =~ /^\./;
 }
 
 sub dir_excluded {
@@ -620,6 +630,16 @@ sub preview_file {
     if (!defined $path) {
         return $self->render_error(404, "'$file' not found");
     }
+
+    if ($path !~ /\.html$/) {
+        my $type = $self->app->types->file_type($path);
+        if ($type) {
+            $self->res->headers->content_type($type);
+        }
+        $self->reply->file($path);
+        return;
+    }
+
     my $profile =
       pf::Connection::ProfileFactory->instantiate( "00:11:22:33:44:55",
         { portal => $self->id } );
diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm
index 53b9167bbd07..972883223980 100644
--- a/lib/pf/iptables.pm
+++ b/lib/pf/iptables.pm
@@ -161,9 +161,7 @@ sub iptables_generate {
     push @pfconnector_ips, $management_network->{Tip};
     @pfconnector_ips = uniq sort @pfconnector_ips;
     for my $ip (@pfconnector_ips) {
-        for my $dport (23001..23256) {
-            $tags{'pfconnector'} .= "-A input-management-if --protocol tcp --match tcp -s $ip --dport $dport --jump ACCEPT\n";
-        }
+        $tags{'pfconnector'} .= "-A input-management-if --protocol tcp --match multiport -s $ip --dports 23001:23256 -j ACCEPT\n";
     }
 
     # eduroam RADIUS virtual-server
@@ -204,6 +202,9 @@ sub iptables_generate {
     #NAT Intercept Proxy
     $self->generate_interception_rules(\$tags{'nat_if_src_to_chain'},\$tags{'nat_prerouting_vlan'},\$tags{'input_inter_vlan_if'} );
 
+    #DNAT traffic from docker to mgmt ip
+    $self->generate_dnat_from_docker(\$tags{'nat_if_src_to_chain'});
+
     # OAuth
     my $passthrough_enabled = (isenabled($Config{'fencing'}{'passthrough'}) || isenabled($Config{'fencing'}{'isolation_passthrough'}));
 
@@ -859,6 +860,20 @@ sub generate_netflow_rules {
     }
 }
 
+=item generate_dnat_from_docker
+
+DNAT to 100.64.0.1 the traffic coming from docker image to management ip address.
+
+=cut
+
+sub generate_dnat_from_docker {
+    my ($self, $nat_if_src_to_chain) = @_;
+    my $logger = get_logger();
+
+    my $mgmt_ip = (defined($management_network->tag('vip'))) ? $management_network->tag('vip') : $management_network->tag('ip');
+    $$nat_if_src_to_chain .= "-A PREROUTING --protocol udp -s 100.64.0.0/10 -d $mgmt_ip --jump DNAT --to 100.64.0.1\n";
+}
+
 =back
 
 =head1 AUTHOR
diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm
index 88b0456eada7..b93b018d2d9b 100644
--- a/lib/pf/radius.pm
+++ b/lib/pf/radius.pm
@@ -806,7 +806,7 @@ sub switch_access {
 
     $logger->info("handling radius autz request: from switch_ip => ($switch_ip), "
         . "connection_type => " . connection_type_to_str($connection_type) . ","
-        . "switch_mac => ".( defined($switch_mac) ? "($switch_mac)" : "(Unknown)" ).", mac => [$mac], port => $port, username => \"$user_name\"" );
+        . "switch_mac => ".( defined($switch_mac) ? "($switch_mac)" : "(Unknown)" ).", mac => [$mac], port => ".( defined($port) ? "($port)" : "(Unknown)" ).", username => \"$user_name\"" );
 
     if ( !$switch->canDoCliAccess && !$switch->supportsVPN()) {
         $logger->warn("CLI Access is not permit on this switch $switch->{_id}");
diff --git a/lib/pf/services/manager/proxysql.pm b/lib/pf/services/manager/proxysql.pm
index 2687d6dce921..88848d119316 100644
--- a/lib/pf/services/manager/proxysql.pm
+++ b/lib/pf/services/manager/proxysql.pm
@@ -58,6 +58,7 @@ sub generateConfig {
     my ($package, $filename, $line) = caller();
 
     my %tags;
+    my $single_server = 0;
     $tags{'template'} = $self->proxysql_config_template;
     $tags{'geoDB'} = $FALSE;
     $tags{'mysql_servers'} = "";
@@ -72,7 +73,23 @@ EOT
 EOT
 
     my $i = 100;
-    if (pf::cluster::getWriteDB()) {
+    my $database_proxysql = $pf::config::Config{database_proxysql};
+
+    if (isenabled($database_proxysql->{status})) {
+        my $cacert = $database_proxysql->{cacert};
+        if ($cacert) {
+            $tags{'mysql_ssl_p2s_capath'} = << "EOT";
+    mysql-ssl_p2s_capath = "$cacert";
+EOT
+        }
+
+        $single_server = 1;
+        my $backend = $database_proxysql->{backend};
+        my $ssl = $cacert ? 1 : 0;
+        $tags{mysql_servers} .= << "EOT";
+    { address="$backend" , port=3306 , hostgroup=10, max_connections=1000, weight=$i, use_ssl=$ssl },
+EOT
+    } elsif (pf::cluster::getWriteDB()) {
         $tags{'geoDB'} = $TRUE;
         my @mysql_write_backend = pf::cluster::getWriteDB();
         my @mysql_read_backend = pf::cluster::getReadDB();
@@ -105,8 +122,11 @@ EOT
         }
     }
 
+
+
     my @mysql_servers = pf::cluster::mysql_servers();
-    $tags{'single_server'} = (scalar(@mysql_servers) == 1);
+
+    $tags{'single_server'} = $single_server || (scalar(@mysql_servers) == 1);
 
     $tags{'mysql_pf_user'} = $DB_Config->{user};
     $tags{'mysql_pf_user'} =~ s/"/\\"/g;
diff --git a/rpm/packetfence.spec b/rpm/packetfence.spec
index fb65e52540ce..cfb384b2ed32 100644
--- a/rpm/packetfence.spec
+++ b/rpm/packetfence.spec
@@ -461,6 +461,7 @@ done
 %{__install} -d %{buildroot}/etc/cron.d
 %{__install} -d %{buildroot}/etc/docker
 %{__install} -d %{buildroot}/usr/local/pf/html
+%{__install} -d %{buildroot}/usr/local/pf/html/common
 %{__install} -d %{buildroot}/usr/local/pf/html/pfappserver
 %{__install} -d %{buildroot}/usr/local/pf/html/captive-portal
 touch %{buildroot}/usr/local/pf/var/cache_control
@@ -507,6 +508,7 @@ cp -r containers %{buildroot}/usr/local/pf
 # temp
 cp -r html/pfappserver %{buildroot}/usr/local/pf/html
 cp -r html/captive-portal %{buildroot}/usr/local/pf/html
+cp -r html/common %{buildroot}/usr/local/pf/html
 
 cp -r lib %{buildroot}/usr/local/pf/
 cp -r go %{buildroot}/usr/local/pf/
@@ -655,12 +657,15 @@ gpg --no-default-keyring --keyring /root/.gnupg/pubring.kbx --import /etc/pki/rp
 # Remove the monit service from the multi-user target if its there
 rm -f /etc/systemd/system/multi-user.target.wants/monit.service
 
+cd /usr/local/pf
 
 #Make ssl certificate
-cd /usr/local/pf
 make conf/ssl/server.pem
 chown pf /usr/local/pf/conf/ssl/server.key
 
+#Make configurable logo in default profile templates
+make html/captive-portal/profile-templates/default/logo.png
+
 # Create server local RADIUS secret
 if [ ! -f /usr/local/pf/conf/local_secret ]; then
     date +%s | sha256sum | base64 | head -c 32 > /usr/local/pf/conf/local_secret
@@ -1244,6 +1249,7 @@ fi
 
 # html dir
 %dir                    /usr/local/pf/html
+                        /usr/local/pf/html/common
 %dir                    /usr/local/pf/html/pfappserver
                         /usr/local/pf/html/pfappserver/root
 /usr/local/pf/html/pfappserver/lib
diff --git a/sbin/proxysql-docker-wrapper b/sbin/proxysql-docker-wrapper
index 294acd49e037..5c38982f0cc6 100755
--- a/sbin/proxysql-docker-wrapper
+++ b/sbin/proxysql-docker-wrapper
@@ -5,6 +5,7 @@ source /usr/local/pf/containers/systemd-service
 name=proxysql
 
 args=`base_args $name`
+args="$args -v/usr/local/pf/conf/:/usr/local/pf/conf/"
 args="$args -v/usr/local/pf/var/conf/:/usr/local/pf/var/conf/"
 args="$args -v /usr/local/pf/var/proxysql/:/usr/local/pf/var/proxysql/"
 args+=" -p 127.0.0.1:6032:6032 -p 6033:6033 -p 6080:6080"
diff --git a/t/venom/lib/pf_api_action.yml b/t/venom/lib/pf_api_action.yml
index dbfd809168f0..0ec6efc0dd0a 100644
--- a/t/venom/lib/pf_api_action.yml
+++ b/t/venom/lib/pf_api_action.yml
@@ -39,3 +39,4 @@ output:
   pf_api_action__node_unregdate: "{{.http_json.item.unregdate}}" 
   pf_api_action__node_security_event_id: "{{.http_json.items.items0.security_event_id}}" 
   pf_api_action__items: "{{.http_json.items}}" 
+  pf_api_action__token: "{{.result.token}}" 
diff --git a/t/venom/lib/pf_api_domain_join.yml b/t/venom/lib/pf_api_domain_join.yml
index a232ae7cc2c3..f84d6f8836e2 100644
--- a/t/venom/lib/pf_api_domain_join.yml
+++ b/t/venom/lib/pf_api_domain_join.yml
@@ -3,8 +3,8 @@ input:
   id: ""
   username: ""
   password: ""
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_domain_action
   method: POST
diff --git a/t/venom/lib/pf_api_domain_unjoin.yml b/t/venom/lib/pf_api_domain_unjoin.yml
index 3e97c650ecc4..595b1fefdc5e 100644
--- a/t/venom/lib/pf_api_domain_unjoin.yml
+++ b/t/venom/lib/pf_api_domain_unjoin.yml
@@ -3,8 +3,8 @@ input:
   id: ""
   username: ""
   password: ""
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_domain_action
   method: POST
diff --git a/t/venom/lib/pf_api_poll.yml b/t/venom/lib/pf_api_poll.yml
index 010fb8435ab9..ee023cd8f5dc 100644
--- a/t/venom/lib/pf_api_poll.yml
+++ b/t/venom/lib/pf_api_poll.yml
@@ -3,8 +3,8 @@ input:
   i_task_id: ""
   i_message: "Completed"
   i_progress: 100
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_action
   url: "pfqueue/task/{{.input.i_task_id}}/status/poll"
diff --git a/t/venom/lib/pf_api_service_pf_start_async.yml b/t/venom/lib/pf_api_service_pf_start_async.yml
new file mode 100644
index 000000000000..55a836ec11a2
--- /dev/null
+++ b/t/venom/lib/pf_api_service_pf_start_async.yml
@@ -0,0 +1,21 @@
+executor: pf_api_service_pf_start_async
+steps:
+- type: pf_api_service_action
+  service: "pf"
+  action: "start"
+  method: POST
+  time_to_sleep: "0"
+  status_code: 202
+  body: >-
+    {
+      "async": "true"
+    }
+
+# radiusd-auth is a service with a lot of service dependencies
+# so, one of the lastest vital services to start
+- type: pf_api_service_status
+  service: "radiusd-auth"
+  retry: 600
+  delay: 3
+  assertions:
+    - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_restart.yml b/t/venom/lib/pf_api_service_restart.yml
index 8f84d4ab5f9c..bc68aa222be0 100644
--- a/t/venom/lib/pf_api_service_restart.yml
+++ b/t/venom/lib/pf_api_service_restart.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 40
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_restart_async.yml b/t/venom/lib/pf_api_service_restart_async.yml
index ec1f4df8ba76..8a6fd59be842 100644
--- a/t/venom/lib/pf_api_service_restart_async.yml
+++ b/t/venom/lib/pf_api_service_restart_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_service_restart_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
   time_to_sleep_before_status: 0
 steps:
 - type: pf_api_service_action
diff --git a/t/venom/lib/pf_api_service_start.yml b/t/venom/lib/pf_api_service_start.yml
index 3a2cacd37fe3..b615805a1de5 100644
--- a/t/venom/lib/pf_api_service_start.yml
+++ b/t/venom/lib/pf_api_service_start.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 40
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_start_async.yml b/t/venom/lib/pf_api_service_start_async.yml
index 8633b2cba647..44a383fa4637 100644
--- a/t/venom/lib/pf_api_service_start_async.yml
+++ b/t/venom/lib/pf_api_service_start_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_service_start_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_service_action
   service: "{{.input.service}}"
diff --git a/t/venom/lib/pf_api_service_stop.yml b/t/venom/lib/pf_api_service_stop.yml
index 6eb68577768a..7258cb35fccb 100644
--- a/t/venom/lib/pf_api_service_stop.yml
+++ b/t/venom/lib/pf_api_service_stop.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 40
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.pid ShouldEqual 0
diff --git a/t/venom/lib/pf_api_system_service_restart_async.yml b/t/venom/lib/pf_api_system_service_restart_async.yml
index 9a8def887caa..fb4b3acf1c42 100644
--- a/t/venom/lib/pf_api_system_service_restart_async.yml
+++ b/t/venom/lib/pf_api_system_service_restart_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_system_service_restart_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_system_service_action
   service: "{{.input.service}}"
diff --git a/t/venom/lib/systemctl_service.yml b/t/venom/lib/systemctl_service.yml
index 5baf000a8da9..d0e84d589f8c 100644
--- a/t/venom/lib/systemctl_service.yml
+++ b/t/venom/lib/systemctl_service.yml
@@ -6,8 +6,16 @@ input:
 steps:
 - type: exec
   script: '{{.input.sudo}} systemctl {{.input.unit_command}} {{.input.service}}'
-  # TO BE REMOVE IF DEFAULT IF ENOUGH
-  #assertions:
-  #  - result.systemout ShouldContainSubstring "
+  vars:
+    status_lines:
+      from: result.systemout
+
+- type: exec
+  script: echo -n '{{.status_lines}}' | sed -nr 's/.*(Loaded.*Memory).*/\1/p'
+  vars:
+   first_lines:
+     from: result.systemout
+
 output:
   service_systemout: "{{.result.systemout}}"
+  service_first_lines: "{{.first_lines}}"
diff --git a/t/venom/lib/systemctl_service_restart.yml b/t/venom/lib/systemctl_service_restart.yml
index 899e4a1aa48a..a515aab50644 100644
--- a/t/venom/lib/systemctl_service_restart.yml
+++ b/t/venom/lib/systemctl_service_restart.yml
@@ -2,7 +2,7 @@ executor: systemctl_service_restart
 input:
   service: "" 
   time_to_sleep: 0
-  sudo: ""
+  sudo: "sudo"
 steps:
 # service restarted by hand because using API cause Venom failure (EOF)
 - type: systemctl_service
diff --git a/t/venom/lib/systemctl_service_status.yml b/t/venom/lib/systemctl_service_status.yml
index 8ba198c75beb..837f4d14babb 100644
--- a/t/venom/lib/systemctl_service_status.yml
+++ b/t/venom/lib/systemctl_service_status.yml
@@ -3,12 +3,16 @@ input:
   service: "" 
   sudo: ""
   substring: "active (running)"
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: systemctl_service
   unit_command: status
   service: "{{.input.service}}"
   sudo: "{{.input.sudo}}"
+  retry: "{{.input.i_retry}}"
+  delay: "{{.input.i_delay}}"
   assertions:
-    - result.service_systemout ShouldContainSubstring '{{.input.substring}}'
+    - result.service_first_lines ShouldContainSubstring '{{.input.substring}}'
 output:
   service_status_systemout: "{{.result.service_systemout}}"
diff --git a/t/venom/requirements.yml b/t/venom/requirements.yml
index a17dbc274016..766ec4dbf10e 100644
--- a/t/venom/requirements.yml
+++ b/t/venom/requirements.yml
@@ -1,6 +1,6 @@
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.2
+    version: v1.3.5
 
   - src: geerlingguy.nodejs
     version: 6.0.0
@@ -22,7 +22,7 @@ collections:
   - name: inverse_inc.cumulus
     version: 1.1.1
   - name: inverse_inc.utils
-    version: 1.1.1
+    version: 1.1.2
   - name: inverse_inc.wireless
     version: 0.2.2
 
diff --git a/t/venom/scenarios/captive_portal/playbooks/rsync.yml b/t/venom/scenarios/captive_portal/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/captive_portal/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/captive_portal/site.yml b/t/venom/scenarios/captive_portal/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/captive_portal/site.yml
+++ b/t/venom/scenarios/captive_portal/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/cli_login/playbooks/rsync.yml b/t/venom/scenarios/cli_login/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/cli_login/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/cli_login/site.yml b/t/venom/scenarios/cli_login/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/cli_login/site.yml
+++ b/t/venom/scenarios/cli_login/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/cluster/playbooks/rsync.yml b/t/venom/scenarios/cluster/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/cluster/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/cluster/site.yml b/t/venom/scenarios/cluster/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/cluster/site.yml
+++ b/t/venom/scenarios/cluster/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml b/t/venom/scenarios/common/dev.yml
similarity index 54%
rename from t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml
rename to t/venom/scenarios/common/dev.yml
index f6515ea2ac67..44bfd9aec9bd 100644
--- a/t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml
+++ b/t/venom/scenarios/common/dev.yml
@@ -16,15 +16,21 @@
         rsync_opts:
           - "--exclude=vars/local.yml"
 
-    - name: Synchronize Git repository t/mock_servers with /usr/local/pf/t/mock_servers
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}/../mock_servers"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
+    - name: Set users term linux
+      ansible.builtin.lineinfile:
+        path: /etc/environment
+        regexp: '^TERM='
+        line: TERM=linux
+      when: ansible_facts['os_family'] == "Debian"
+
+    - name: Set root term linux
+      ansible.builtin.lineinfile:
+        path: /root/.profile
+        regexp: '^export TERM='
+        line: export TERM=linux
+      when: ansible_facts['os_family'] == "Debian"
 
+    - name: Add vim
+      ansible.builtin.package:
+        name: vim
+        state: present
diff --git a/t/venom/scenarios/configurator/playbooks/rsync.yml b/t/venom/scenarios/configurator/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/configurator/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/configurator/site.yml b/t/venom/scenarios/configurator/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/configurator/site.yml
+++ b/t/venom/scenarios/configurator/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/dot1x_eap_peap/site.yml b/t/venom/scenarios/dot1x_eap_peap/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/dot1x_eap_peap/site.yml
+++ b/t/venom/scenarios/dot1x_eap_peap/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml b/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/dot1x_eap_tls/site.yml b/t/venom/scenarios/dot1x_eap_tls/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/dot1x_eap_tls/site.yml
+++ b/t/venom/scenarios/dot1x_eap_tls/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/example/playbooks/rsync.yml b/t/venom/scenarios/example/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/example/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/example/site.yml b/t/venom/scenarios/example/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/example/site.yml
+++ b/t/venom/scenarios/example/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/export_import/playbooks/rsync.yml b/t/venom/scenarios/export_import/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/export_import/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/export_import/site.yml b/t/venom/scenarios/export_import/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/export_import/site.yml
+++ b/t/venom/scenarios/export_import/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/external_integrations/playbooks/rsync.yml b/t/venom/scenarios/external_integrations/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/external_integrations/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/external_integrations/site.yml b/t/venom/scenarios/external_integrations/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/external_integrations/site.yml
+++ b/t/venom/scenarios/external_integrations/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml b/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/fingerbank_invalid_db/site.yml b/t/venom/scenarios/fingerbank_invalid_db/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/fingerbank_invalid_db/site.yml
+++ b/t/venom/scenarios/fingerbank_invalid_db/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/inline/playbooks/rsync.yml b/t/venom/scenarios/inline/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/inline/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/inline/playbooks/run_tests.yml b/t/venom/scenarios/inline/playbooks/run_tests.yml
index 1446c6e37a95..ebd5f31d0788 100644
--- a/t/venom/scenarios/inline/playbooks/run_tests.yml
+++ b/t/venom/scenarios/inline/playbooks/run_tests.yml
@@ -13,6 +13,8 @@
       - inline/l2/teardown
       - security_event_suricata
       - security_event_suricata/teardown
+      - security_event_random_mac
+      - security_event_random_mac/teardown
 
   tasks:
     - name: Run Venom testsuites
diff --git a/t/venom/scenarios/inline/site.yml b/t/venom/scenarios/inline/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/inline/site.yml
+++ b/t/venom/scenarios/inline/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml b/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/inline_l2_and_radius/site.yml b/t/venom/scenarios/inline_l2_and_radius/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/inline_l2_and_radius/site.yml
+++ b/t/venom/scenarios/inline_l2_and_radius/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/mac_auth/playbooks/rsync.yml b/t/venom/scenarios/mac_auth/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/mac_auth/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/mac_auth/site.yml b/t/venom/scenarios/mac_auth/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/mac_auth/site.yml
+++ b/t/venom/scenarios/mac_auth/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/security_events/playbooks/rsync.yml b/t/venom/scenarios/security_events/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/security_events/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/security_events/site.yml b/t/venom/scenarios/security_events/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/security_events/site.yml
+++ b/t/venom/scenarios/security_events/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/template/playbooks/rsync.yml b/t/venom/scenarios/template/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/template/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/template/site.yml b/t/venom/scenarios/template/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/template/site.yml
+++ b/t/venom/scenarios/template/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/test_venom/playbooks/rsync.yml b/t/venom/scenarios/test_venom/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/test_venom/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/test_venom/site.yml b/t/venom/scenarios/test_venom/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/test_venom/site.yml
+++ b/t/venom/scenarios/test_venom/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/unit_tests/playbooks/rsync.yml b/t/venom/scenarios/unit_tests/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/unit_tests/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/unit_tests/site.yml b/t/venom/scenarios/unit_tests/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/unit_tests/site.yml
+++ b/t/venom/scenarios/unit_tests/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/test_suites/cli-login-radius/20_start_services.yml b/t/venom/test_suites/cli-login-radius/20_start_services.yml
index 31882d9f6e07..366439880d8f 100644
--- a/t/venom/test_suites/cli-login-radius/20_start_services.yml
+++ b/t/venom/test_suites/cli-login-radius/20_start_services.yml
@@ -2,7 +2,5 @@ name: Start radius-test.service
 testcases:
 - name: start_radius_test_service
   steps:
-  - type: systemctl_service
-    unit_command: restart
+  - type: systemctl_service_restart
     service: radius-test.service
-    sudo: sudo
diff --git a/t/venom/test_suites/common/restart_iptables_service.yml b/t/venom/test_suites/common/restart_iptables_service.yml
index b608c6e2234c..b7ea61e77907 100644
--- a/t/venom/test_suites/common/restart_iptables_service.yml
+++ b/t/venom/test_suites/common/restart_iptables_service.yml
@@ -1,17 +1,6 @@
 name: Restart iptables service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_iptables_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/iptables/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'iptables'
diff --git a/t/venom/test_suites/common/restart_pfcron_service.yml b/t/venom/test_suites/common/restart_pfcron_service.yml
index e76a57483714..4e7740510bdb 100644
--- a/t/venom/test_suites/common/restart_pfcron_service.yml
+++ b/t/venom/test_suites/common/restart_pfcron_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfcron service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfcron_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfcron/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async 
+    service: 'pfcron'
diff --git a/t/venom/test_suites/common/restart_pfdhcp_service.yml b/t/venom/test_suites/common/restart_pfdhcp_service.yml
index 8b3cec82804f..57336c16611c 100644
--- a/t/venom/test_suites/common/restart_pfdhcp_service.yml
+++ b/t/venom/test_suites/common/restart_pfdhcp_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdhcp service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdhcp_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdhcp/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdhcp'
diff --git a/t/venom/test_suites/common/restart_pfdhcplistener_service.yml b/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
index d9c00b1f15ea..5e1d57b8c4b3 100644
--- a/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
+++ b/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdhcplistener service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdhcplistener_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdhcplistener/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdhcplistener'
diff --git a/t/venom/test_suites/common/restart_pfdns.yml b/t/venom/test_suites/common/restart_pfdns.yml
deleted file mode 100644
index 2475b9cc96ab..000000000000
--- a/t/venom/test_suites/common/restart_pfdns.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Restart pfdns service
-testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
-- name: restart_pfdns_service
-  steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdns/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
diff --git a/t/venom/test_suites/common/restart_pfdns_service.yml b/t/venom/test_suites/common/restart_pfdns_service.yml
index 2475b9cc96ab..0f465e469c63 100644
--- a/t/venom/test_suites/common/restart_pfdns_service.yml
+++ b/t/venom/test_suites/common/restart_pfdns_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdns service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdns_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdns/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdns'
diff --git a/t/venom/test_suites/common/restart_radius_services.yml b/t/venom/test_suites/common/restart_radius_services.yml
index 8dbc968ab0b1..a6bea5add1d9 100644
--- a/t/venom/test_suites/common/restart_radius_services.yml
+++ b/t/venom/test_suites/common/restart_radius_services.yml
@@ -1,27 +1,9 @@
 name: Restart RADIUS services
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_radius_services
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/radiusd-auth/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'radiusd-auth'
 
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfacct/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfacct'
diff --git a/t/venom/test_suites/configurator/50_run_configurator_step4.yml b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
index dbba66c6773f..a297a2c37918 100644
--- a/t/venom/test_suites/configurator/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 30
-    i_delay: 60
+  - type: pf_api_service_pf_start_async
diff --git a/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml b/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
index e70078d49514..a297a2c37918 100644
--- a/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 10
-    i_delay: 60
+  - type: pf_api_service_pf_start_async
diff --git a/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml b/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
index e70078d49514..a297a2c37918 100644
--- a/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 10
-    i_delay: 60
+  - type: pf_api_service_pf_start_async
diff --git a/t/venom/test_suites/security_event_random_mac/00_setup_network.yml b/t/venom/test_suites/security_event_random_mac/00_setup_network.yml
new file mode 100644
index 000000000000..66c7653ef0b6
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/00_setup_network.yml
@@ -0,0 +1,52 @@
+name: Setup inlinel2 network
+testcases:
+
+  - name: create_two_virtual_ethernet_interfaces
+    steps:
+    - type: exec
+      script: ip link add bridgeinlinel2 type veth peer name inlinel2
+
+  - name: create_tap_interface
+    steps:
+      - type: exec
+        script: ip tuntap add blok-tap1 mode tap
+
+  - name: set_blok-tap1_up
+    steps:
+      - type: exec
+        script: ip link set blok-tap1 up
+
+  - name: create_bridge
+    steps:
+    - type: exec
+      script: ip link add blok-br1 type bridge
+
+  - name: set_bridge_up
+    steps:
+    - type: exec
+      script: ip link set blok-br1 up
+
+  - name: set_blok-vpeer0_up
+    steps:
+    - type: exec
+      script:  ip link set inlinel2 up
+
+  - name: set_bridgeinlinel2_up
+    steps:
+    - type: exec
+      script:  ip link set bridgeinlinel2 up
+ 
+  - name: add_ip_to_inlinel2_interface
+    steps:
+    - type: exec
+      script: 'ip addr add {{.security_event_random_mac.pf_portal}}/24 dev inlinel2'
+
+  - name: add_bridgeinlinel2_in_the_blok-br1_bridge
+    steps:
+    - type: exec
+      script: ip link set bridgeinlinel2 master blok-br1
+
+  - name: add_blok-tap1_in_the_blok-br1_bridge
+    steps:
+    - type: exec
+      script: ip link set blok-tap1 master blok-br1
diff --git a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
new file mode 100644
index 000000000000..c9949c957299
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
@@ -0,0 +1,280 @@
+name: Enable Inline l2 configuration in PacketFence
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: configure_interface_inlinel2_as_type_inline_l2
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/interface/inlinel2'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inlinel2",
+       "isClone": false,
+       "isNew": false,
+       "prefixRouteName": "",
+       "additional_listening_daemons": [],
+       "coa": null,
+       "dhcpd_enabled": "enabled",
+       "dns": "8.8.8.8",
+       "high_availability": 0,
+       "hwaddr": "92:ed:ee:36:e9:6a",
+       "ifindex": "10",
+       "ipv6_address": null,
+       "ipv6_prefix": null,
+       "is_running": true,
+       "master": null,
+       "name": "inlinel2",
+       "nat_enabled": "enabled",
+       "network": null,
+       "network_iseditable": false,
+       "networks": [],
+       "not_editable": false,
+       "reg_network": null,
+       "split_network": null,
+       "type": "inlinel2",
+       "vip": null,
+       "vlan": null,
+       "ipaddress": "{{.security_event_random_mac.pf_portal}}",
+       "netmask": "255.255.255.0"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: configure_inline_l2_network
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/l2_network/{{.security_event_random_mac.networks}}'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "{{.security_event_random_mac.networks}}",
+       "isClone": false,
+       "isNew": false,
+       "algorithm": 1,
+       "description": null,
+       "dhcp_default_lease_time": "30",
+       "dhcp_end": "{{.security_event_random_mac.node.ipaddress}}",
+       "dhcp_max_lease_time": "30",
+       "dhcp_start": "{{.security_event_random_mac.node.ipaddress}}",
+       "dns": "8.8.8.8",
+       "ip_assigned": null,
+       "ip_reserved": null,
+       "netflow_accounting_enabled": "enabled",
+       "netmask": "255.255.255.0",
+       "not_deletable": false,
+       "not_sortable": false,
+       "pool_backend": "memory",
+       "portal_fqdn": null,
+       "type": "inlinel2"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: create_a_user
+  steps:
+  - type: http
+    method: POST
+    url: '{{.pfserver_webadmin_url}}/api/v1/users'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "valid_from": "2021-12-06 00:00:00",
+       "expiration": null,
+       "actions": [
+         {
+           "type": "set_role",
+           "value": "1"
+         },
+         {
+           "type": "set_access_duration",
+           "value": "1h"
+         }
+       ],
+       "pid_overwrite": 0,
+       "pid": "iastigmate",
+       "email": "iastigmate@test.ca",
+       "sponsor": "",
+       "password": "password",
+       "login_remaining": null,
+       "gender": "",
+       "title": "",
+       "firstname": "Igmout",
+       "lastname": "Astigmate",
+       "nickname": "",
+       "company": "",
+       "telephone": "",
+       "cell_phone": "",
+       "work_phone": "",
+       "address": "",
+       "apartment_number": "",
+       "building_number": "",
+       "room_number": "",
+       "anniversary": "",
+       "birthday": "",
+       "psk": "",
+       "notes": "",
+       "custom_field_1": "",
+       "custom_field_2": "",
+       "custom_field_3": "",
+       "custom_field_4": "",
+       "custom_field_5": "",
+       "custom_field_6": "",
+       "custom_field_7": "",
+       "custom_field_8": "",
+       "custom_field_9": ""
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 201
+
+- name: assign_a_password_to_the_user
+  steps:
+  - type: http
+    method: POST
+    url: '{{.pfserver_webadmin_url}}/api/v1/user/iastigmate/password'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "quiet": true,
+       "valid_from": "2021-12-06 00:00:00",
+       "expiration": "{{.inline_lx_iastigmate.password.expiration}}",
+       "actions": [
+         {
+           "type": "set_role",
+           "value": "1"
+         },
+         {
+           "type": "set_access_duration",
+           "value": "1h"
+         }
+       ],
+       "pid_overwrite": 0,
+       "pid": "iastigmate",
+       "email": "iastigmate@test.ca",
+       "sponsor": "",
+       "password": "password",
+       "login_remaining": null,
+       "gender": "",
+       "title": "",
+       "firstname": "Igmout",
+       "lastname": "Astigmate",
+       "nickname": "",
+       "company": "",
+       "telephone": "",
+       "cell_phone": "",
+       "work_phone": "",
+       "address": "",
+       "apartment_number": "",
+       "building_number": "",
+       "room_number": "",
+       "anniversary": "",
+       "birthday": "",
+       "psk": "",
+       "notes": "",
+       "custom_field_1": "",
+       "custom_field_2": "",
+       "custom_field_3": "",
+       "custom_field_4": "",
+       "custom_field_5": "",
+       "custom_field_6": "",
+       "custom_field_7": "",
+       "custom_field_8": "",
+       "custom_field_9": "",
+       "access_duration": "1h",
+       "access_level": null,
+       "can_sponsor": null,
+       "category": "1",
+       "unregdate": null
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 201
+
+- name: configure_snat_interface_for_passthroughs
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/network'
+    ignore_verify_ssl: true
+    body: >-
+      {
+        "interfaceSNAT":"eth0"
+      }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+      - result.bodyjson.message ShouldEqual "Settings updated"
+
+- name: configure_snat_interface_for_inline
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/inline'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inline",
+       "interfaceSNAT": "eth0"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: restart_iptables
+  steps:
+  - type: pf_api_service_restart_async
+    service: "iptables"
+
+- name: restart_pfdns_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdns"
+
+- name: restart_pfdhcp_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdhcp"
+
+- name: restart_haproxy-portal_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "haproxy-portal"
+
+- name: restart_keepalived_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "keepalived"
+
+- name: restart_pfdhcplistener_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdhcplistener"
+
+- name: restart_pfacct_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfacct"
+
+- name: restart_pfqueue_service
+  steps:
+  - type: pf_api_system_service_restart_async
+    service: "pfqueue"
diff --git a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
new file mode 100644
index 000000000000..058a56083c6b
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
@@ -0,0 +1,25 @@
+name: Set Random Mac Security event
+testcases:
+- name: enable_security_event
+  steps:
+  - type: pf_api_action
+    method: PATCH
+    url: 'config/security_event/{{.security_event_random_mac.event.id}}'
+    body: '{"id":"{{.security_event_random_mac.event.id}}","enabled":"Y","quiet":true}'
+
+# restart pfqueue et pf detect
+- name: restart_service_pfqueue
+  steps:
+  - type: pf_api_service_restart_async 
+    service: "pfqueue"
+    time_to_sleep: 5
+
+- name: restart_service_pfdetect
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdetect"
+
+- name: clear_fingerbank_cache
+  steps:
+  - type: pfcmd_run_command 
+    script: 'cache fingerbank clear'
diff --git a/t/venom/test_suites/security_event_random_mac/10_client_start.yml b/t/venom/test_suites/security_event_random_mac/10_client_start.yml
new file mode 100644
index 000000000000..08202b9670ed
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/10_client_start.yml
@@ -0,0 +1,37 @@
+name: Start client
+testcases:
+  - name: download_ulinux
+    steps:
+    - type: exec
+      script: wget http://inverse.ca/downloads/PacketFence/LiveCD/ulinux.qcow2 -O /tmp/ulinux.qcow2
+
+  - name: install_systemd_script
+    steps:
+      - type: exec
+        script: |
+          cat > /lib/systemd/system/ulinux.service << EOF
+          [Unit]
+          Description=QEMU virtual machine
+
+          [Service]
+          ExecStart= /usr/bin/qemu-system-x86_64 -boot d -hda /tmp/ulinux.qcow2 -m 128M -device "virtio-net-pci,netdev=network0,mac={{.security_event_random_mac.node.macaddress}}" -netdev tap,id=network0,ifname=blok-tap1,script=no,downscript=no -nographic -serial telnet:localhost:4321,server,nowait
+          ExecStop=pkill -f qemu
+          ExecStop=/usr/bin/bash -c 'while nc localhost 7100; do sleep 1; done'
+
+          [Install]
+          WantedBy=multi-user.target
+          EOF
+
+  - name: systemctl_daemon-reload
+    steps:
+      - type: exec
+        script: systemctl daemon-reload
+
+  - name: start_the_client
+    steps:
+      - type: exec
+        script: systemctl start ulinux
+      
+      # let ulinux start
+      - type: exec
+        script: sleep 30
diff --git a/t/venom/test_suites/security_event_random_mac/30_tests.yml b/t/venom/test_suites/security_event_random_mac/30_tests.yml
new file mode 100644
index 000000000000..f156d7454a20
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/30_tests.yml
@@ -0,0 +1,53 @@
+name: Test inline l2 violation
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: test_if_the_device_is_in_the_isolation_ipset
+  steps:
+  - type: exec
+    script: 'ipset test pfsession_Isol_{{.security_event_random_mac.networks}} {{.security_event_random_mac.node.ipaddress}}'
+    delay: 5
+    retry: 14
+
+- name: get_security_event_id
+  steps: 
+  - type: pf_api_node_security_events
+    id: "{{.security_event_random_mac.node.macaddress}}"
+    vars:
+      all_events:
+        from: result.pf_api_node_security_event_
+
+- name: get_event_id
+  steps: 
+  - type:
+    script: echo '{{.get_security_event_id.all_events}}' | jq '.[] | if (.security_event_id == {{.security_event_random_mac.event.id}} and .status == "open") then .id else false end ' | grep -v "false"
+    vars:
+      event_id:
+        from: result.systemout
+
+- name: release_violation_on_the_node
+  steps:
+  - type: http
+    method: PUT
+    url: '{{.pfserver_webadmin_url}}/api/v1/node/{{.security_event_random_mac.node.macaddress}}/close_security_event'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "security_event_id": "{{.get_event_id.event_id}}",
+       "mac": "{{.security_event_random_mac.node.macaddress}}"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+
+- name: test_if_the_device_is_back_in_the_unregister_ipset
+  steps:
+  - type: exec
+    script: 'ipset test pfsession_Unreg_{{.security_event_random_mac.networks}} {{.security_event_random_mac.node.ipaddress}}'
+    delay: 10
+    retry: 15
diff --git a/t/venom/test_suites/security_event_random_mac/Diagram.png b/t/venom/test_suites/security_event_random_mac/Diagram.png
new file mode 100644
index 000000000000..f67e372bf8bf
Binary files /dev/null and b/t/venom/test_suites/security_event_random_mac/Diagram.png differ
diff --git a/t/venom/test_suites/security_event_random_mac/TESTSUITE.md b/t/venom/test_suites/security_event_random_mac/TESTSUITE.md
new file mode 100644
index 000000000000..d13eed932fec
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/TESTSUITE.md
@@ -0,0 +1,29 @@
+# Security Event Random Mac Address
+
+Create a Inline L2 network, start a client on this network apply a security suricata event, tests.
+
+## Requirements
+
+### Global config steps
+1. Create a Inline l2 network (virtual ethernet interfaces, bridge and tap)
+
+## Scenario steps
+1. Enable the interface inlinel2 as a inlinel2 interface
+1. Configure the network 192.168.4.0 to lower the lease time
+1. Create a user to use to authenticate on the portal
+1. Configure interfaceSNAT (network and inline) to allow internet access for the client once registered
+1. Restart services associated to inline configuration
+1. Set Random Mac Security event configuration
+1. Download ulinux image, install systemd service and start the client on the inline l2 network
+1. Test if the device is in the Isolation ipset set
+1. Release the security event on the node
+1. Test if the device is in the unregistered ipset set
+
+## Teardown steps
+1. Stop the client and remove the systemd script
+1. Set inlinel2 interface as none
+1. Delete user in db
+1. Deconfigure interfaceSNAT (network and inline)
+1. Restart services related to inline setup
+1. Remove Inline L2 network (remove virtual ethernet interfaces, bridge and tap)
+1. Disable Random Mac security configuration
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml b/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml
new file mode 100644
index 000000000000..05dbf9d94d72
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml
@@ -0,0 +1,17 @@
+name: Stop client
+testcases:
+- name: stop_the_client
+  steps:
+  - type: systemctl_service
+    service: ulinux
+    unit_command: stop
+
+- name: delete_systemd_script
+  steps:
+  - type: file_delete
+    file: /lib/systemd/system/ulinux.service
+
+- name: systemctl_daemon-reload
+  steps:
+  - type: systemctl_service
+    service: daemon-reload
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
new file mode 100644
index 000000000000..285a25e682fc
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
@@ -0,0 +1,112 @@
+name: Delete configuration in PacketFence
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: configure_inlinel2_as_other
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/interface/inlinel2'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inlinel2",
+       "isClone": false,
+       "isNew": false,
+       "type": "none",
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: delete_user_in_db
+  steps:
+  - type: http
+    method: DELETE
+    url: '{{.pfserver_webadmin_url}}/api/v1/user/iastigmate'
+    ignore_verify_ssl: true
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: deconfigure_snat_interface_for_passthroughs
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/network'
+    ignore_verify_ssl: true
+    body: >-
+      {
+        "interfaceSNAT":""
+      }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+      - result.bodyjson.message ShouldEqual "Settings updated"
+
+- name: deconfigure_snat_interface_for_inline
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/inline'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inline",
+       "interfaceSNAT": ""
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: disable_security_event
+  steps:
+  - type: pf_api_action
+    method: PATCH
+    url: 'config/security_event/{{.security_event_random_mac.event.id}}'
+    body: '{"id":"{{.security_event_random_mac.event.id}}","enabled":"N","quiet":true}'
+
+- name: restart_iptables
+  steps:
+  - type: pf_api_service_restart_async
+    service: "iptables"
+
+- name: restart_pfdns_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdns"
+
+- name: restart_pfdhcp_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdhcp"
+
+- name: restart_haproxy-portal_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "haproxy-portal"
+
+- name: restart_keepalived_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "keepalived"
+
+- name: restart_pfdhcplistener_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfdhcplistener"
+
+- name: restart_pfacct_service
+  steps:
+  - type: pf_api_service_restart_async
+    service: "pfacct"
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml b/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml
new file mode 100644
index 000000000000..66d123c61e35
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml
@@ -0,0 +1,16 @@
+name: Remove inlinel2 network
+testcases:
+- name: Delete bridgeinline2 interface
+  steps:
+  - type: exec
+    script: ip link del bridgeinlinel2
+
+- name: Delete blok-tap1 interface
+  steps:
+  - type: exec
+    script: ip link del blok-tap1
+
+- name: Delete blok-br1 bridge
+  steps:
+  - type: exec
+    script: ip link del blok-br1
diff --git a/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml b/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
index b20d210f182c..25ad0f6e804a 100644
--- a/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
+++ b/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
@@ -241,48 +241,40 @@ testcases:
 
 - name: restart_iptables
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-iptables
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: iptables
 
-- name: restart_pfdns_service
+- name: restart_pfdns
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdns
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdns
 
-- name: restart_pfdhcp_service
+- name: restart_pfdhcp
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcp
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdhcp
 
-- name: restart_haproxy-portal_service
+- name: restart_haproxy-portal
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-haproxy-portal
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: haproxy-portal
 
-- name: restart_keepalived_service
+- name: restart_keepalived
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-keepalived
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: keepalived
 
-- name: restart_pfdhcplistener_service
+- name: restart_pfdhcplistener
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcplistener
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdhcplistener
 
-- name: restart_pfacct_service
+- name: restart_pfacct
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfacct
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfacct
 
 - name: restart_pfqueue_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfqueue
-    time_to_sleep: 5
+  - type: pf_api_service_restart 
+    service: pfqueue
diff --git a/t/venom/vars/all.yml b/t/venom/vars/all.yml
index 76b315a8be0b..b16b003b8921 100644
--- a/t/venom/vars/all.yml
+++ b/t/venom/vars/all.yml
@@ -609,6 +609,15 @@ security_event_suricata.node.ipaddress: 192.168.3.10
 security_event_suricata.pf_portal: 192.168.3.1
 security_event_suricata.networks: 192.168.3.0
 
+################################################################################
+## Security event random_mac test suite specific variables
+#################################################################################
+security_event_random_mac.event.id: '3000007'
+security_event_random_mac.node.macaddress: 02:06:19:98:00:04
+security_event_random_mac.node.ipaddress: 192.168.4.10
+security_event_random_mac.pf_portal: 192.168.4.1
+security_event_random_mac.networks: 192.168.4.0
+
 #################################################################################
 ## inline_l2_and_radius test suite specific variables
 #################################################################################