If you have a checkpoint firewall, you probably know about Gaia… and if you have more than one firewall admin, you probably want to individually authenticate them to the operating system (as apposed to a encrypted file of usernames & passwords which get’s passed around the office)
add rba role TACP-0 domain-type System all-features set aaa tacacs-servers authentication server 10.10.10.10 key mysecretkey
What you need to know about the above…
- If a user can successfully authenticate by TACACS they become a super user, if you need different roles read up on “role based administration”,
- The config has been tested on Cisco ACS 5.4, the default TACACS “
default device administration” profile works with no changes.
- This is tacacs authentication only, authorization is handled by the local RBA.