Firewall Retrievals

The process of collecting configurations is called a retrieval. Configurations can be retrieved manually or automatically when a change is detected or according to a schedule.

There are three types of retrievals.

Manual Retrieval—a user with SIP Administration permissions queued a retrieval on demand. Manual retrieval will show the user who initiated the retrieval. It won't show a device-end user name.
Scheduled Retrieval—the data collector reached out to the device to check for change on a scheduled basis. Scheduled retrieval will show "DC_Automated" as the user.
Automatic (change-based) Retrieval—the data collector received a change syslog message, matched it to the device it belongs to, and initiated a retrieval. The only time a user who pushed the change will display is for Automatic Retrieval, where the Data Collector receives a syslog message stating there was a change and reacts by retrieving a new configuration. Usually the message received contains the change user. Example "Commit job succeeded for user xxxx". In which case we display that user as the person who made a change. In some cases the change user is cached from an earlier syslog event that was processed.

Retrieval Commands

A common question that customers ask is what commands are we executing on their device. They either need the answer for troubleshooting purposes or to help with manual configurations for when a data collector isn't allowed to connect to a device.

In the tables, the left column is a file name, the right column is its corresponding command. Commands highlighted in yellow are allowed to be skipped by options in the device pack, but normalization may be negatively impacted.

Firewalls that use API calls for retrieval are not included here. For more information, see API