F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

MattB_MA_170307

Icon for Nimbostratus rank

Nimbostratus

Sep 25, 2014

Need shell access for tcpdump, but nothing else

I know that there are multiple levels of user account control in the F5 LTM, but I'm struggling to find one that fits my need.

I have a user who has to troubleshoot connections from outside systems through to the server behind the F5. Thanks to our SNAT policy, all of these connections appear in Wireshark to be originating from a single address, which is expected. I'd like to give this user access to the advanced shell so a tcpdump can be run, but I dont want to give them any access to the configuration- no modify, create, or delete. Basically, I need an auditor role with shell access so a pcap file can be created and downloaded.

How can I create this user?

application delivery

BIG-IP Access Policy Manager (APM)

1 Reply

R_Eastman_13667
Historic F5 Account
Oct 16, 2014
The only group with advanced shell access is Administrator.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5