The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
A. Add tcpdump to CLISH using add command.
Create a new access role.
Add tcpdump to the role.
Create new user with any UID and assign role to the user.
B. Add tcpdump to CLISH using add command.
Create a new access role.
Add tcpdump to the role.
Create new user with UID 0 and assign role to the user.
C. Create a new access role.
Add expert-mode access to the role.
Create new user with UID 0 and assign role to the user.
D. Create a new access role.
Add expert-mode access to the role.
Create new user with any UID and assign role to the user.
Add tcpdump to CLISH using add command.
Create a new access role.
Add tcpdump to the role.
Create new user with UID 0 and assign role to the user.
in my lab:
add command tcpdump path /usr/sbin/tcpdump description “tcpdump – dump traffic”
create user, role and add to role command tcpdump
without UID 0 not enought right
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86583
Add tcpdump to CLISH using add command.
Create a new access role.
Add tcpdump to the role.
Create new user with UID 0 and assign role to the user.
Otherwise we’ll get an error You don’t have permission to capture on that device
correct:
Add tcpdump to CLISH using add command. Create a new access role. Add tcpdump to the role. Create new user with UID 0 and assign role to the user.
in my lab:
add command tcpdump path /usr/sbin/tcpdump description “tcpdump – dump traffic”
create user, role and add command tcpdump to role for user
whiout UID 0 you don’t have access right
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86583