Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Zscaler Internet Access (ZIA)
  3. API Docs
  4. AdvancedSettings
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zscaler/pulumi-zia

zia.AdvancedSettings

Explore with Pulumi AI

zia logo
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zscaler/pulumi-zia

    The zia_advanced_settings resource alows you to updates the advanced settings configuration in the ZIA Admin Portal. To learn more see Configuring Advanced Settings

    Example Usage

    resource "zia_advanced_settings" "this" {
  auth_bypass_urls                                            = [".newexample1.com", ".newexample2.com"]
  dns_resolution_on_transparent_proxy_apps                    = ["CHATGPT_AI"]
  basic_bypass_url_categories                                 = ["NONE"]
  http_range_header_remove_url_categories                     = ["NONE"]
  kerberos_bypass_urls                                        = ["test1.com"]
  kerberos_bypass_apps                                        = []
  dns_resolution_on_transparent_proxy_urls                    = ["test1.com", "test2.com"]
  enable_dns_resolution_on_transparent_proxy                  = true
  enable_evaluate_policy_on_global_ssl_bypass                 = true
  enable_office365                                            = true
  log_internal_ip                                             = true
  enforce_surrogate_ip_for_windows_app                        = true
  track_http_tunnel_on_http_ports                             = true
  block_http_tunnel_on_non_http_ports                         = false
  block_domain_fronting_on_host_header                        = false
  zscaler_client_connector_1_and_pac_road_warrior_in_firewall = true
  cascade_url_filtering                                       = true
  enable_policy_for_unauthenticated_traffic                   = true
  block_non_compliant_http_request_on_http_ports              = true
  enable_admin_rank_access                                    = true
  http2_nonbrowser_traffic_enabled                            = true
  ecs_for_all_enabled                                         = false
  dynamic_user_risk_enabled                                   = false
  block_connect_host_sni_mismatch                             = false
  prefer_sni_over_conn_host                                   = false
  sipa_xff_header_enabled                                     = false
  block_non_http_on_http_port_enabled                         = true
  ui_session_timeout                                          = 300
}

    Create AdvancedSettings Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AdvancedSettings(name: string, args?: AdvancedSettingsArgs, opts?: CustomResourceOptions);
    @overload
def AdvancedSettings(resource_name: str,
                     args: Optional[AdvancedSettingsArgs] = None,
                     opts: Optional[ResourceOptions] = None)

@overload
def AdvancedSettings(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     auth_bypass_apps: Optional[Sequence[str]] = None,
                     auth_bypass_url_categories: Optional[Sequence[str]] = None,
                     auth_bypass_urls: Optional[Sequence[str]] = None,
                     basic_bypass_apps: Optional[Sequence[str]] = None,
                     basic_bypass_url_categories: Optional[Sequence[str]] = None,
                     block_connect_host_sni_mismatch: Optional[bool] = None,
                     block_domain_fronting_apps: Optional[Sequence[str]] = None,
                     block_domain_fronting_on_host_header: Optional[bool] = None,
                     block_http_tunnel_on_non_http_ports: Optional[bool] = None,
                     block_non_compliant_http_request_on_http_ports: Optional[bool] = None,
                     block_non_http_on_http_port_enabled: Optional[bool] = None,
                     cascade_url_filtering: Optional[bool] = None,
                     digest_auth_bypass_apps: Optional[Sequence[str]] = None,
                     digest_auth_bypass_url_categories: Optional[Sequence[str]] = None,
                     digest_auth_bypass_urls: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_apps: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_exempt_apps: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_exempt_url_categories: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_exempt_urls: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_ipv6_apps: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_ipv6_exempt_apps: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_ipv6_url_categories: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_url_categories: Optional[Sequence[str]] = None,
                     dns_resolution_on_transparent_proxy_urls: Optional[Sequence[str]] = None,
                     domain_fronting_bypass_url_categories: Optional[Sequence[str]] = None,
                     dynamic_user_risk_enabled: Optional[bool] = None,
                     ecs_for_all_enabled: Optional[bool] = None,
                     enable_admin_rank_access: Optional[bool] = None,
                     enable_dns_resolution_on_transparent_proxy: Optional[bool] = None,
                     enable_evaluate_policy_on_global_ssl_bypass: Optional[bool] = None,
                     enable_ipv6_dns_optimization_on_all_transparent_proxy: Optional[bool] = None,
                     enable_ipv6_dns_resolution_on_transparent_proxy: Optional[bool] = None,
                     enable_office365: Optional[bool] = None,
                     enable_policy_for_unauthenticated_traffic: Optional[bool] = None,
                     enforce_surrogate_ip_for_windows_app: Optional[bool] = None,
                     http2_nonbrowser_traffic_enabled: Optional[bool] = None,
                     http_range_header_remove_url_categories: Optional[Sequence[str]] = None,
                     kerberos_bypass_apps: Optional[Sequence[str]] = None,
                     kerberos_bypass_url_categories: Optional[Sequence[str]] = None,
                     kerberos_bypass_urls: Optional[Sequence[str]] = None,
                     log_internal_ip: Optional[bool] = None,
                     prefer_sni_over_conn_host: Optional[bool] = None,
                     prefer_sni_over_conn_host_apps: Optional[Sequence[str]] = None,
                     sipa_xff_header_enabled: Optional[bool] = None,
                     sni_dns_optimization_bypass_url_categories: Optional[Sequence[str]] = None,
                     track_http_tunnel_on_http_ports: Optional[bool] = None,
                     ui_session_timeout: Optional[int] = None,
                     zscaler_client_connector1_and_pac_road_warrior_in_firewall: Optional[bool] = None)
    func NewAdvancedSettings(ctx *Context, name string, args *AdvancedSettingsArgs, opts ...ResourceOption) (*AdvancedSettings, error)
    public AdvancedSettings(string name, AdvancedSettingsArgs? args = null, CustomResourceOptions? opts = null)
    public AdvancedSettings(String name, AdvancedSettingsArgs args)
public AdvancedSettings(String name, AdvancedSettingsArgs args, CustomResourceOptions options)

    type: zia:AdvancedSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args AdvancedSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AdvancedSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AdvancedSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AdvancedSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AdvancedSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var advancedSettingsResource = new Zia.AdvancedSettings("advancedSettingsResource", new()
{
    AuthBypassApps = new[]
    {
        "string",
    },
    AuthBypassUrlCategories = new[]
    {
        "string",
    },
    AuthBypassUrls = new[]
    {
        "string",
    },
    BasicBypassApps = new[]
    {
        "string",
    },
    BasicBypassUrlCategories = new[]
    {
        "string",
    },
    BlockConnectHostSniMismatch = false,
    BlockDomainFrontingApps = new[]
    {
        "string",
    },
    BlockDomainFrontingOnHostHeader = false,
    BlockHttpTunnelOnNonHttpPorts = false,
    BlockNonCompliantHttpRequestOnHttpPorts = false,
    BlockNonHttpOnHttpPortEnabled = false,
    CascadeUrlFiltering = false,
    DigestAuthBypassApps = new[]
    {
        "string",
    },
    DigestAuthBypassUrlCategories = new[]
    {
        "string",
    },
    DigestAuthBypassUrls = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyApps = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyExemptApps = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyExemptUrlCategories = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyExemptUrls = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyIpv6Apps = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyIpv6ExemptApps = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyIpv6UrlCategories = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyUrlCategories = new[]
    {
        "string",
    },
    DnsResolutionOnTransparentProxyUrls = new[]
    {
        "string",
    },
    DomainFrontingBypassUrlCategories = new[]
    {
        "string",
    },
    DynamicUserRiskEnabled = false,
    EcsForAllEnabled = false,
    EnableAdminRankAccess = false,
    EnableDnsResolutionOnTransparentProxy = false,
    EnableEvaluatePolicyOnGlobalSslBypass = false,
    EnableIpv6DnsOptimizationOnAllTransparentProxy = false,
    EnableIpv6DnsResolutionOnTransparentProxy = false,
    EnableOffice365 = false,
    EnablePolicyForUnauthenticatedTraffic = false,
    EnforceSurrogateIpForWindowsApp = false,
    Http2NonbrowserTrafficEnabled = false,
    HttpRangeHeaderRemoveUrlCategories = new[]
    {
        "string",
    },
    KerberosBypassApps = new[]
    {
        "string",
    },
    KerberosBypassUrlCategories = new[]
    {
        "string",
    },
    KerberosBypassUrls = new[]
    {
        "string",
    },
    LogInternalIp = false,
    PreferSniOverConnHost = false,
    PreferSniOverConnHostApps = new[]
    {
        "string",
    },
    SipaXffHeaderEnabled = false,
    SniDnsOptimizationBypassUrlCategories = new[]
    {
        "string",
    },
    TrackHttpTunnelOnHttpPorts = false,
    UiSessionTimeout = 0,
    ZscalerClientConnector1AndPacRoadWarriorInFirewall = false,
});

    example, err := zia.NewAdvancedSettings(ctx, "advancedSettingsResource", &zia.AdvancedSettingsArgs{
	AuthBypassApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthBypassUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	BasicBypassApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	BasicBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlockConnectHostSniMismatch: pulumi.Bool(false),
	BlockDomainFrontingApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlockDomainFrontingOnHostHeader:         pulumi.Bool(false),
	BlockHttpTunnelOnNonHttpPorts:           pulumi.Bool(false),
	BlockNonCompliantHttpRequestOnHttpPorts: pulumi.Bool(false),
	BlockNonHttpOnHttpPortEnabled:           pulumi.Bool(false),
	CascadeUrlFiltering:                     pulumi.Bool(false),
	DigestAuthBypassApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	DigestAuthBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DigestAuthBypassUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyExemptApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyExemptUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyExemptUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyIpv6Apps: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyIpv6ExemptApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyIpv6UrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DnsResolutionOnTransparentProxyUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	DomainFrontingBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DynamicUserRiskEnabled:                         pulumi.Bool(false),
	EcsForAllEnabled:                               pulumi.Bool(false),
	EnableAdminRankAccess:                          pulumi.Bool(false),
	EnableDnsResolutionOnTransparentProxy:          pulumi.Bool(false),
	EnableEvaluatePolicyOnGlobalSslBypass:          pulumi.Bool(false),
	EnableIpv6DnsOptimizationOnAllTransparentProxy: pulumi.Bool(false),
	EnableIpv6DnsResolutionOnTransparentProxy:      pulumi.Bool(false),
	EnableOffice365:                                pulumi.Bool(false),
	EnablePolicyForUnauthenticatedTraffic:          pulumi.Bool(false),
	EnforceSurrogateIpForWindowsApp:                pulumi.Bool(false),
	Http2NonbrowserTrafficEnabled:                  pulumi.Bool(false),
	HttpRangeHeaderRemoveUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	KerberosBypassApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	KerberosBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	KerberosBypassUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	LogInternalIp:         pulumi.Bool(false),
	PreferSniOverConnHost: pulumi.Bool(false),
	PreferSniOverConnHostApps: pulumi.StringArray{
		pulumi.String("string"),
	},
	SipaXffHeaderEnabled: pulumi.Bool(false),
	SniDnsOptimizationBypassUrlCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	TrackHttpTunnelOnHttpPorts:                         pulumi.Bool(false),
	UiSessionTimeout:                                   pulumi.Int(0),
	ZscalerClientConnector1AndPacRoadWarriorInFirewall: pulumi.Bool(false),
})

    var advancedSettingsResource = new AdvancedSettings("advancedSettingsResource", AdvancedSettingsArgs.builder()
    .authBypassApps("string")
    .authBypassUrlCategories("string")
    .authBypassUrls("string")
    .basicBypassApps("string")
    .basicBypassUrlCategories("string")
    .blockConnectHostSniMismatch(false)
    .blockDomainFrontingApps("string")
    .blockDomainFrontingOnHostHeader(false)
    .blockHttpTunnelOnNonHttpPorts(false)
    .blockNonCompliantHttpRequestOnHttpPorts(false)
    .blockNonHttpOnHttpPortEnabled(false)
    .cascadeUrlFiltering(false)
    .digestAuthBypassApps("string")
    .digestAuthBypassUrlCategories("string")
    .digestAuthBypassUrls("string")
    .dnsResolutionOnTransparentProxyApps("string")
    .dnsResolutionOnTransparentProxyExemptApps("string")
    .dnsResolutionOnTransparentProxyExemptUrlCategories("string")
    .dnsResolutionOnTransparentProxyExemptUrls("string")
    .dnsResolutionOnTransparentProxyIpv6Apps("string")
    .dnsResolutionOnTransparentProxyIpv6ExemptApps("string")
    .dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories("string")
    .dnsResolutionOnTransparentProxyIpv6UrlCategories("string")
    .dnsResolutionOnTransparentProxyUrlCategories("string")
    .dnsResolutionOnTransparentProxyUrls("string")
    .domainFrontingBypassUrlCategories("string")
    .dynamicUserRiskEnabled(false)
    .ecsForAllEnabled(false)
    .enableAdminRankAccess(false)
    .enableDnsResolutionOnTransparentProxy(false)
    .enableEvaluatePolicyOnGlobalSslBypass(false)
    .enableIpv6DnsOptimizationOnAllTransparentProxy(false)
    .enableIpv6DnsResolutionOnTransparentProxy(false)
    .enableOffice365(false)
    .enablePolicyForUnauthenticatedTraffic(false)
    .enforceSurrogateIpForWindowsApp(false)
    .http2NonbrowserTrafficEnabled(false)
    .httpRangeHeaderRemoveUrlCategories("string")
    .kerberosBypassApps("string")
    .kerberosBypassUrlCategories("string")
    .kerberosBypassUrls("string")
    .logInternalIp(false)
    .preferSniOverConnHost(false)
    .preferSniOverConnHostApps("string")
    .sipaXffHeaderEnabled(false)
    .sniDnsOptimizationBypassUrlCategories("string")
    .trackHttpTunnelOnHttpPorts(false)
    .uiSessionTimeout(0)
    .zscalerClientConnector1AndPacRoadWarriorInFirewall(false)
    .build());

    advanced_settings_resource = zia.AdvancedSettings("advancedSettingsResource",
    auth_bypass_apps=["string"],
    auth_bypass_url_categories=["string"],
    auth_bypass_urls=["string"],
    basic_bypass_apps=["string"],
    basic_bypass_url_categories=["string"],
    block_connect_host_sni_mismatch=False,
    block_domain_fronting_apps=["string"],
    block_domain_fronting_on_host_header=False,
    block_http_tunnel_on_non_http_ports=False,
    block_non_compliant_http_request_on_http_ports=False,
    block_non_http_on_http_port_enabled=False,
    cascade_url_filtering=False,
    digest_auth_bypass_apps=["string"],
    digest_auth_bypass_url_categories=["string"],
    digest_auth_bypass_urls=["string"],
    dns_resolution_on_transparent_proxy_apps=["string"],
    dns_resolution_on_transparent_proxy_exempt_apps=["string"],
    dns_resolution_on_transparent_proxy_exempt_url_categories=["string"],
    dns_resolution_on_transparent_proxy_exempt_urls=["string"],
    dns_resolution_on_transparent_proxy_ipv6_apps=["string"],
    dns_resolution_on_transparent_proxy_ipv6_exempt_apps=["string"],
    dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories=["string"],
    dns_resolution_on_transparent_proxy_ipv6_url_categories=["string"],
    dns_resolution_on_transparent_proxy_url_categories=["string"],
    dns_resolution_on_transparent_proxy_urls=["string"],
    domain_fronting_bypass_url_categories=["string"],
    dynamic_user_risk_enabled=False,
    ecs_for_all_enabled=False,
    enable_admin_rank_access=False,
    enable_dns_resolution_on_transparent_proxy=False,
    enable_evaluate_policy_on_global_ssl_bypass=False,
    enable_ipv6_dns_optimization_on_all_transparent_proxy=False,
    enable_ipv6_dns_resolution_on_transparent_proxy=False,
    enable_office365=False,
    enable_policy_for_unauthenticated_traffic=False,
    enforce_surrogate_ip_for_windows_app=False,
    http2_nonbrowser_traffic_enabled=False,
    http_range_header_remove_url_categories=["string"],
    kerberos_bypass_apps=["string"],
    kerberos_bypass_url_categories=["string"],
    kerberos_bypass_urls=["string"],
    log_internal_ip=False,
    prefer_sni_over_conn_host=False,
    prefer_sni_over_conn_host_apps=["string"],
    sipa_xff_header_enabled=False,
    sni_dns_optimization_bypass_url_categories=["string"],
    track_http_tunnel_on_http_ports=False,
    ui_session_timeout=0,
    zscaler_client_connector1_and_pac_road_warrior_in_firewall=False)

    const advancedSettingsResource = new zia.AdvancedSettings("advancedSettingsResource", {
    authBypassApps: ["string"],
    authBypassUrlCategories: ["string"],
    authBypassUrls: ["string"],
    basicBypassApps: ["string"],
    basicBypassUrlCategories: ["string"],
    blockConnectHostSniMismatch: false,
    blockDomainFrontingApps: ["string"],
    blockDomainFrontingOnHostHeader: false,
    blockHttpTunnelOnNonHttpPorts: false,
    blockNonCompliantHttpRequestOnHttpPorts: false,
    blockNonHttpOnHttpPortEnabled: false,
    cascadeUrlFiltering: false,
    digestAuthBypassApps: ["string"],
    digestAuthBypassUrlCategories: ["string"],
    digestAuthBypassUrls: ["string"],
    dnsResolutionOnTransparentProxyApps: ["string"],
    dnsResolutionOnTransparentProxyExemptApps: ["string"],
    dnsResolutionOnTransparentProxyExemptUrlCategories: ["string"],
    dnsResolutionOnTransparentProxyExemptUrls: ["string"],
    dnsResolutionOnTransparentProxyIpv6Apps: ["string"],
    dnsResolutionOnTransparentProxyIpv6ExemptApps: ["string"],
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories: ["string"],
    dnsResolutionOnTransparentProxyIpv6UrlCategories: ["string"],
    dnsResolutionOnTransparentProxyUrlCategories: ["string"],
    dnsResolutionOnTransparentProxyUrls: ["string"],
    domainFrontingBypassUrlCategories: ["string"],
    dynamicUserRiskEnabled: false,
    ecsForAllEnabled: false,
    enableAdminRankAccess: false,
    enableDnsResolutionOnTransparentProxy: false,
    enableEvaluatePolicyOnGlobalSslBypass: false,
    enableIpv6DnsOptimizationOnAllTransparentProxy: false,
    enableIpv6DnsResolutionOnTransparentProxy: false,
    enableOffice365: false,
    enablePolicyForUnauthenticatedTraffic: false,
    enforceSurrogateIpForWindowsApp: false,
    http2NonbrowserTrafficEnabled: false,
    httpRangeHeaderRemoveUrlCategories: ["string"],
    kerberosBypassApps: ["string"],
    kerberosBypassUrlCategories: ["string"],
    kerberosBypassUrls: ["string"],
    logInternalIp: false,
    preferSniOverConnHost: false,
    preferSniOverConnHostApps: ["string"],
    sipaXffHeaderEnabled: false,
    sniDnsOptimizationBypassUrlCategories: ["string"],
    trackHttpTunnelOnHttpPorts: false,
    uiSessionTimeout: 0,
    zscalerClientConnector1AndPacRoadWarriorInFirewall: false,
});

    type: zia:AdvancedSettings
properties:
    authBypassApps:
        - string
    authBypassUrlCategories:
        - string
    authBypassUrls:
        - string
    basicBypassApps:
        - string
    basicBypassUrlCategories:
        - string
    blockConnectHostSniMismatch: false
    blockDomainFrontingApps:
        - string
    blockDomainFrontingOnHostHeader: false
    blockHttpTunnelOnNonHttpPorts: false
    blockNonCompliantHttpRequestOnHttpPorts: false
    blockNonHttpOnHttpPortEnabled: false
    cascadeUrlFiltering: false
    digestAuthBypassApps:
        - string
    digestAuthBypassUrlCategories:
        - string
    digestAuthBypassUrls:
        - string
    dnsResolutionOnTransparentProxyApps:
        - string
    dnsResolutionOnTransparentProxyExemptApps:
        - string
    dnsResolutionOnTransparentProxyExemptUrlCategories:
        - string
    dnsResolutionOnTransparentProxyExemptUrls:
        - string
    dnsResolutionOnTransparentProxyIpv6Apps:
        - string
    dnsResolutionOnTransparentProxyIpv6ExemptApps:
        - string
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories:
        - string
    dnsResolutionOnTransparentProxyIpv6UrlCategories:
        - string
    dnsResolutionOnTransparentProxyUrlCategories:
        - string
    dnsResolutionOnTransparentProxyUrls:
        - string
    domainFrontingBypassUrlCategories:
        - string
    dynamicUserRiskEnabled: false
    ecsForAllEnabled: false
    enableAdminRankAccess: false
    enableDnsResolutionOnTransparentProxy: false
    enableEvaluatePolicyOnGlobalSslBypass: false
    enableIpv6DnsOptimizationOnAllTransparentProxy: false
    enableIpv6DnsResolutionOnTransparentProxy: false
    enableOffice365: false
    enablePolicyForUnauthenticatedTraffic: false
    enforceSurrogateIpForWindowsApp: false
    http2NonbrowserTrafficEnabled: false
    httpRangeHeaderRemoveUrlCategories:
        - string
    kerberosBypassApps:
        - string
    kerberosBypassUrlCategories:
        - string
    kerberosBypassUrls:
        - string
    logInternalIp: false
    preferSniOverConnHost: false
    preferSniOverConnHostApps:
        - string
    sipaXffHeaderEnabled: false
    sniDnsOptimizationBypassUrlCategories:
        - string
    trackHttpTunnelOnHttpPorts: false
    uiSessionTimeout: 0
    zscalerClientConnector1AndPacRoadWarriorInFirewall: false

    AdvancedSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AdvancedSettings resource accepts the following input properties:

    AuthBypassApps List<string>
    Cloud applications that are exempted from cookie authentication
    AuthBypassUrlCategories List<string>
    URL categories that are exempted from cookie authentication
    AuthBypassUrls List<string>
    Custom URLs that are exempted from cookie authentication for users
    BasicBypassApps List<string>
    Cloud applications that are exempted from Basic authentication
    BasicBypassUrlCategories List<string>
    URL categories that are exempted from Basic authentication
    BlockConnectHostSniMismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    BlockDomainFrontingApps List<string>
    Applications which are subjected to Domain Fronting
    BlockDomainFrontingOnHostHeader bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    BlockHttpTunnelOnNonHttpPorts bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    BlockNonCompliantHttpRequestOnHttpPorts bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    BlockNonHttpOnHttpPortEnabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    CascadeUrlFiltering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    DigestAuthBypassApps List<string>
    Cloud applications that are exempted from Digest authentication
    DigestAuthBypassUrlCategories List<string>
    URL categories that are exempted from Digest authentication
    DigestAuthBypassUrls List<string>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    DnsResolutionOnTransparentProxyApps List<string>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyExemptApps List<string>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyExemptUrlCategories List<string>
    DnsResolutionOnTransparentProxyExemptUrls List<string>
    URLs that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6Apps List<string>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    DnsResolutionOnTransparentProxyIpv6ExemptApps List<string>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<string>
    DnsResolutionOnTransparentProxyIpv6UrlCategories List<string>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrlCategories List<string>
    URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrls List<string>
    URLs to which DNS optimization on transparent proxy mode applies
    DomainFrontingBypassUrlCategories List<string>
    URL categories that are exempted from domain fronting
    DynamicUserRiskEnabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    EcsForAllEnabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    EnableAdminRankAccess bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    EnableDnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableEvaluatePolicyOnGlobalSslBypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsOptimizationOnAllTransparentProxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableOffice365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    EnablePolicyForUnauthenticatedTraffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    EnforceSurrogateIpForWindowsApp bool
    Enforce Surrogate IP authentication for Windows app traffic
    Http2NonbrowserTrafficEnabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    HttpRangeHeaderRemoveUrlCategories List<string>
    URL categories for which HTTP range headers must be removed
    KerberosBypassApps List<string>
    Cloud applications that are exempted from Kerberos authentication
    KerberosBypassUrlCategories List<string>
    URL categories that are exempted from Kerberos authentication
    KerberosBypassUrls List<string>
    Custom URLs that are exempted from Kerberos authentication
    LogInternalIp bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    PreferSniOverConnHost bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    PreferSniOverConnHostApps List<string>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    SipaXffHeaderEnabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    SniDnsOptimizationBypassUrlCategories List<string>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    TrackHttpTunnelOnHttpPorts bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    UiSessionTimeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    ZscalerClientConnector1AndPacRoadWarriorInFirewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    AuthBypassApps []string
    Cloud applications that are exempted from cookie authentication
    AuthBypassUrlCategories []string
    URL categories that are exempted from cookie authentication
    AuthBypassUrls []string
    Custom URLs that are exempted from cookie authentication for users
    BasicBypassApps []string
    Cloud applications that are exempted from Basic authentication
    BasicBypassUrlCategories []string
    URL categories that are exempted from Basic authentication
    BlockConnectHostSniMismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    BlockDomainFrontingApps []string
    Applications which are subjected to Domain Fronting
    BlockDomainFrontingOnHostHeader bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    BlockHttpTunnelOnNonHttpPorts bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    BlockNonCompliantHttpRequestOnHttpPorts bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    BlockNonHttpOnHttpPortEnabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    CascadeUrlFiltering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    DigestAuthBypassApps []string
    Cloud applications that are exempted from Digest authentication
    DigestAuthBypassUrlCategories []string
    URL categories that are exempted from Digest authentication
    DigestAuthBypassUrls []string
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    DnsResolutionOnTransparentProxyApps []string
    Cloud applications to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyExemptApps []string
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyExemptUrlCategories []string
    DnsResolutionOnTransparentProxyExemptUrls []string
    URLs that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6Apps []string
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    DnsResolutionOnTransparentProxyIpv6ExemptApps []string
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories []string
    DnsResolutionOnTransparentProxyIpv6UrlCategories []string
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrlCategories []string
    URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrls []string
    URLs to which DNS optimization on transparent proxy mode applies
    DomainFrontingBypassUrlCategories []string
    URL categories that are exempted from domain fronting
    DynamicUserRiskEnabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    EcsForAllEnabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    EnableAdminRankAccess bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    EnableDnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableEvaluatePolicyOnGlobalSslBypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsOptimizationOnAllTransparentProxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableOffice365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    EnablePolicyForUnauthenticatedTraffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    EnforceSurrogateIpForWindowsApp bool
    Enforce Surrogate IP authentication for Windows app traffic
    Http2NonbrowserTrafficEnabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    HttpRangeHeaderRemoveUrlCategories []string
    URL categories for which HTTP range headers must be removed
    KerberosBypassApps []string
    Cloud applications that are exempted from Kerberos authentication
    KerberosBypassUrlCategories []string
    URL categories that are exempted from Kerberos authentication
    KerberosBypassUrls []string
    Custom URLs that are exempted from Kerberos authentication
    LogInternalIp bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    PreferSniOverConnHost bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    PreferSniOverConnHostApps []string
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    SipaXffHeaderEnabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    SniDnsOptimizationBypassUrlCategories []string
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    TrackHttpTunnelOnHttpPorts bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    UiSessionTimeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    ZscalerClientConnector1AndPacRoadWarriorInFirewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps List<String>
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories List<String>
    URL categories that are exempted from cookie authentication
    authBypassUrls List<String>
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps List<String>
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories List<String>
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch Boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps List<String>
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader Boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts Boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts Boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled Boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering Boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps List<String>
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories List<String>
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls List<String>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps List<String>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps List<String>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyExemptUrls List<String>
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps List<String>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps List<String>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyIpv6UrlCategories List<String>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories List<String>
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls List<String>
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories List<String>
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled Boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled Boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess Boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 Boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic Boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp Boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled Boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories List<String>
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps List<String>
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories List<String>
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls List<String>
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp Boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost Boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps List<String>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled Boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories List<String>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts Boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout Integer
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall Boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps string[]
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories string[]
    URL categories that are exempted from cookie authentication
    authBypassUrls string[]
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps string[]
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories string[]
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps string[]
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps string[]
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories string[]
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls string[]
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps string[]
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps string[]
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories string[]
    dnsResolutionOnTransparentProxyExemptUrls string[]
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps string[]
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps string[]
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories string[]
    dnsResolutionOnTransparentProxyIpv6UrlCategories string[]
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories string[]
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls string[]
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories string[]
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories string[]
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps string[]
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories string[]
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls string[]
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps string[]
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories string[]
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout number
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    auth_bypass_apps Sequence[str]
    Cloud applications that are exempted from cookie authentication
    auth_bypass_url_categories Sequence[str]
    URL categories that are exempted from cookie authentication
    auth_bypass_urls Sequence[str]
    Custom URLs that are exempted from cookie authentication for users
    basic_bypass_apps Sequence[str]
    Cloud applications that are exempted from Basic authentication
    basic_bypass_url_categories Sequence[str]
    URL categories that are exempted from Basic authentication
    block_connect_host_sni_mismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    block_domain_fronting_apps Sequence[str]
    Applications which are subjected to Domain Fronting
    block_domain_fronting_on_host_header bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    block_http_tunnel_on_non_http_ports bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    block_non_compliant_http_request_on_http_ports bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    block_non_http_on_http_port_enabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascade_url_filtering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digest_auth_bypass_apps Sequence[str]
    Cloud applications that are exempted from Digest authentication
    digest_auth_bypass_url_categories Sequence[str]
    URL categories that are exempted from Digest authentication
    digest_auth_bypass_urls Sequence[str]
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dns_resolution_on_transparent_proxy_apps Sequence[str]
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_exempt_apps Sequence[str]
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dns_resolution_on_transparent_proxy_exempt_url_categories Sequence[str]
    dns_resolution_on_transparent_proxy_exempt_urls Sequence[str]
    URLs that are excluded from DNS optimization on transparent proxy mode
    dns_resolution_on_transparent_proxy_ipv6_apps Sequence[str]
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_ipv6_exempt_apps Sequence[str]
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories Sequence[str]
    dns_resolution_on_transparent_proxy_ipv6_url_categories Sequence[str]
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_url_categories Sequence[str]
    URL categories to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_urls Sequence[str]
    URLs to which DNS optimization on transparent proxy mode applies
    domain_fronting_bypass_url_categories Sequence[str]
    URL categories that are exempted from domain fronting
    dynamic_user_risk_enabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecs_for_all_enabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enable_admin_rank_access bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enable_dns_resolution_on_transparent_proxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enable_evaluate_policy_on_global_ssl_bypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enable_ipv6_dns_optimization_on_all_transparent_proxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enable_ipv6_dns_resolution_on_transparent_proxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enable_office365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enable_policy_for_unauthenticated_traffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforce_surrogate_ip_for_windows_app bool
    Enforce Surrogate IP authentication for Windows app traffic
    http2_nonbrowser_traffic_enabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    http_range_header_remove_url_categories Sequence[str]
    URL categories for which HTTP range headers must be removed
    kerberos_bypass_apps Sequence[str]
    Cloud applications that are exempted from Kerberos authentication
    kerberos_bypass_url_categories Sequence[str]
    URL categories that are exempted from Kerberos authentication
    kerberos_bypass_urls Sequence[str]
    Custom URLs that are exempted from Kerberos authentication
    log_internal_ip bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    prefer_sni_over_conn_host bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    prefer_sni_over_conn_host_apps Sequence[str]
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipa_xff_header_enabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sni_dns_optimization_bypass_url_categories Sequence[str]
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    track_http_tunnel_on_http_ports bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    ui_session_timeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscaler_client_connector1_and_pac_road_warrior_in_firewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps List<String>
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories List<String>
    URL categories that are exempted from cookie authentication
    authBypassUrls List<String>
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps List<String>
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories List<String>
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch Boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps List<String>
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader Boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts Boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts Boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled Boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering Boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps List<String>
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories List<String>
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls List<String>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps List<String>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps List<String>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyExemptUrls List<String>
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps List<String>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps List<String>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyIpv6UrlCategories List<String>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories List<String>
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls List<String>
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories List<String>
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled Boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled Boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess Boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 Boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic Boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp Boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled Boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories List<String>
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps List<String>
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories List<String>
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls List<String>
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp Boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost Boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps List<String>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled Boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories List<String>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts Boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout Number
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall Boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AdvancedSettings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AdvancedSettings Resource

    Get an existing AdvancedSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AdvancedSettingsState, opts?: CustomResourceOptions): AdvancedSettings
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_bypass_apps: Optional[Sequence[str]] = None,
        auth_bypass_url_categories: Optional[Sequence[str]] = None,
        auth_bypass_urls: Optional[Sequence[str]] = None,
        basic_bypass_apps: Optional[Sequence[str]] = None,
        basic_bypass_url_categories: Optional[Sequence[str]] = None,
        block_connect_host_sni_mismatch: Optional[bool] = None,
        block_domain_fronting_apps: Optional[Sequence[str]] = None,
        block_domain_fronting_on_host_header: Optional[bool] = None,
        block_http_tunnel_on_non_http_ports: Optional[bool] = None,
        block_non_compliant_http_request_on_http_ports: Optional[bool] = None,
        block_non_http_on_http_port_enabled: Optional[bool] = None,
        cascade_url_filtering: Optional[bool] = None,
        digest_auth_bypass_apps: Optional[Sequence[str]] = None,
        digest_auth_bypass_url_categories: Optional[Sequence[str]] = None,
        digest_auth_bypass_urls: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_apps: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_exempt_apps: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_exempt_url_categories: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_exempt_urls: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_ipv6_apps: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_ipv6_exempt_apps: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_ipv6_url_categories: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_url_categories: Optional[Sequence[str]] = None,
        dns_resolution_on_transparent_proxy_urls: Optional[Sequence[str]] = None,
        domain_fronting_bypass_url_categories: Optional[Sequence[str]] = None,
        dynamic_user_risk_enabled: Optional[bool] = None,
        ecs_for_all_enabled: Optional[bool] = None,
        enable_admin_rank_access: Optional[bool] = None,
        enable_dns_resolution_on_transparent_proxy: Optional[bool] = None,
        enable_evaluate_policy_on_global_ssl_bypass: Optional[bool] = None,
        enable_ipv6_dns_optimization_on_all_transparent_proxy: Optional[bool] = None,
        enable_ipv6_dns_resolution_on_transparent_proxy: Optional[bool] = None,
        enable_office365: Optional[bool] = None,
        enable_policy_for_unauthenticated_traffic: Optional[bool] = None,
        enforce_surrogate_ip_for_windows_app: Optional[bool] = None,
        http2_nonbrowser_traffic_enabled: Optional[bool] = None,
        http_range_header_remove_url_categories: Optional[Sequence[str]] = None,
        kerberos_bypass_apps: Optional[Sequence[str]] = None,
        kerberos_bypass_url_categories: Optional[Sequence[str]] = None,
        kerberos_bypass_urls: Optional[Sequence[str]] = None,
        log_internal_ip: Optional[bool] = None,
        prefer_sni_over_conn_host: Optional[bool] = None,
        prefer_sni_over_conn_host_apps: Optional[Sequence[str]] = None,
        sipa_xff_header_enabled: Optional[bool] = None,
        sni_dns_optimization_bypass_url_categories: Optional[Sequence[str]] = None,
        track_http_tunnel_on_http_ports: Optional[bool] = None,
        ui_session_timeout: Optional[int] = None,
        zscaler_client_connector1_and_pac_road_warrior_in_firewall: Optional[bool] = None) -> AdvancedSettings
    func GetAdvancedSettings(ctx *Context, name string, id IDInput, state *AdvancedSettingsState, opts ...ResourceOption) (*AdvancedSettings, error)
    public static AdvancedSettings Get(string name, Input<string> id, AdvancedSettingsState? state, CustomResourceOptions? opts = null)
    public static AdvancedSettings get(String name, Output<String> id, AdvancedSettingsState state, CustomResourceOptions options)
    resources:  _:    type: zia:AdvancedSettings    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthBypassApps List<string>
    Cloud applications that are exempted from cookie authentication
    AuthBypassUrlCategories List<string>
    URL categories that are exempted from cookie authentication
    AuthBypassUrls List<string>
    Custom URLs that are exempted from cookie authentication for users
    BasicBypassApps List<string>
    Cloud applications that are exempted from Basic authentication
    BasicBypassUrlCategories List<string>
    URL categories that are exempted from Basic authentication
    BlockConnectHostSniMismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    BlockDomainFrontingApps List<string>
    Applications which are subjected to Domain Fronting
    BlockDomainFrontingOnHostHeader bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    BlockHttpTunnelOnNonHttpPorts bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    BlockNonCompliantHttpRequestOnHttpPorts bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    BlockNonHttpOnHttpPortEnabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    CascadeUrlFiltering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    DigestAuthBypassApps List<string>
    Cloud applications that are exempted from Digest authentication
    DigestAuthBypassUrlCategories List<string>
    URL categories that are exempted from Digest authentication
    DigestAuthBypassUrls List<string>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    DnsResolutionOnTransparentProxyApps List<string>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyExemptApps List<string>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyExemptUrlCategories List<string>
    DnsResolutionOnTransparentProxyExemptUrls List<string>
    URLs that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6Apps List<string>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    DnsResolutionOnTransparentProxyIpv6ExemptApps List<string>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<string>
    DnsResolutionOnTransparentProxyIpv6UrlCategories List<string>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrlCategories List<string>
    URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrls List<string>
    URLs to which DNS optimization on transparent proxy mode applies
    DomainFrontingBypassUrlCategories List<string>
    URL categories that are exempted from domain fronting
    DynamicUserRiskEnabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    EcsForAllEnabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    EnableAdminRankAccess bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    EnableDnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableEvaluatePolicyOnGlobalSslBypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsOptimizationOnAllTransparentProxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableOffice365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    EnablePolicyForUnauthenticatedTraffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    EnforceSurrogateIpForWindowsApp bool
    Enforce Surrogate IP authentication for Windows app traffic
    Http2NonbrowserTrafficEnabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    HttpRangeHeaderRemoveUrlCategories List<string>
    URL categories for which HTTP range headers must be removed
    KerberosBypassApps List<string>
    Cloud applications that are exempted from Kerberos authentication
    KerberosBypassUrlCategories List<string>
    URL categories that are exempted from Kerberos authentication
    KerberosBypassUrls List<string>
    Custom URLs that are exempted from Kerberos authentication
    LogInternalIp bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    PreferSniOverConnHost bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    PreferSniOverConnHostApps List<string>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    SipaXffHeaderEnabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    SniDnsOptimizationBypassUrlCategories List<string>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    TrackHttpTunnelOnHttpPorts bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    UiSessionTimeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    ZscalerClientConnector1AndPacRoadWarriorInFirewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    AuthBypassApps []string
    Cloud applications that are exempted from cookie authentication
    AuthBypassUrlCategories []string
    URL categories that are exempted from cookie authentication
    AuthBypassUrls []string
    Custom URLs that are exempted from cookie authentication for users
    BasicBypassApps []string
    Cloud applications that are exempted from Basic authentication
    BasicBypassUrlCategories []string
    URL categories that are exempted from Basic authentication
    BlockConnectHostSniMismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    BlockDomainFrontingApps []string
    Applications which are subjected to Domain Fronting
    BlockDomainFrontingOnHostHeader bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    BlockHttpTunnelOnNonHttpPorts bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    BlockNonCompliantHttpRequestOnHttpPorts bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    BlockNonHttpOnHttpPortEnabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    CascadeUrlFiltering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    DigestAuthBypassApps []string
    Cloud applications that are exempted from Digest authentication
    DigestAuthBypassUrlCategories []string
    URL categories that are exempted from Digest authentication
    DigestAuthBypassUrls []string
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    DnsResolutionOnTransparentProxyApps []string
    Cloud applications to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyExemptApps []string
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyExemptUrlCategories []string
    DnsResolutionOnTransparentProxyExemptUrls []string
    URLs that are excluded from DNS optimization on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6Apps []string
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    DnsResolutionOnTransparentProxyIpv6ExemptApps []string
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories []string
    DnsResolutionOnTransparentProxyIpv6UrlCategories []string
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrlCategories []string
    URL categories to which DNS optimization on transparent proxy mode applies
    DnsResolutionOnTransparentProxyUrls []string
    URLs to which DNS optimization on transparent proxy mode applies
    DomainFrontingBypassUrlCategories []string
    URL categories that are exempted from domain fronting
    DynamicUserRiskEnabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    EcsForAllEnabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    EnableAdminRankAccess bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    EnableDnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableEvaluatePolicyOnGlobalSslBypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsOptimizationOnAllTransparentProxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    EnableIpv6DnsResolutionOnTransparentProxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    EnableOffice365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    EnablePolicyForUnauthenticatedTraffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    EnforceSurrogateIpForWindowsApp bool
    Enforce Surrogate IP authentication for Windows app traffic
    Http2NonbrowserTrafficEnabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    HttpRangeHeaderRemoveUrlCategories []string
    URL categories for which HTTP range headers must be removed
    KerberosBypassApps []string
    Cloud applications that are exempted from Kerberos authentication
    KerberosBypassUrlCategories []string
    URL categories that are exempted from Kerberos authentication
    KerberosBypassUrls []string
    Custom URLs that are exempted from Kerberos authentication
    LogInternalIp bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    PreferSniOverConnHost bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    PreferSniOverConnHostApps []string
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    SipaXffHeaderEnabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    SniDnsOptimizationBypassUrlCategories []string
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    TrackHttpTunnelOnHttpPorts bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    UiSessionTimeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    ZscalerClientConnector1AndPacRoadWarriorInFirewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps List<String>
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories List<String>
    URL categories that are exempted from cookie authentication
    authBypassUrls List<String>
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps List<String>
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories List<String>
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch Boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps List<String>
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader Boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts Boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts Boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled Boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering Boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps List<String>
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories List<String>
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls List<String>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps List<String>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps List<String>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyExemptUrls List<String>
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps List<String>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps List<String>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyIpv6UrlCategories List<String>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories List<String>
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls List<String>
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories List<String>
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled Boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled Boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess Boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 Boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic Boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp Boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled Boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories List<String>
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps List<String>
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories List<String>
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls List<String>
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp Boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost Boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps List<String>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled Boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories List<String>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts Boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout Integer
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall Boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps string[]
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories string[]
    URL categories that are exempted from cookie authentication
    authBypassUrls string[]
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps string[]
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories string[]
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps string[]
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps string[]
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories string[]
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls string[]
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps string[]
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps string[]
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories string[]
    dnsResolutionOnTransparentProxyExemptUrls string[]
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps string[]
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps string[]
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories string[]
    dnsResolutionOnTransparentProxyIpv6UrlCategories string[]
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories string[]
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls string[]
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories string[]
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories string[]
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps string[]
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories string[]
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls string[]
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps string[]
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories string[]
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout number
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    auth_bypass_apps Sequence[str]
    Cloud applications that are exempted from cookie authentication
    auth_bypass_url_categories Sequence[str]
    URL categories that are exempted from cookie authentication
    auth_bypass_urls Sequence[str]
    Custom URLs that are exempted from cookie authentication for users
    basic_bypass_apps Sequence[str]
    Cloud applications that are exempted from Basic authentication
    basic_bypass_url_categories Sequence[str]
    URL categories that are exempted from Basic authentication
    block_connect_host_sni_mismatch bool
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    block_domain_fronting_apps Sequence[str]
    Applications which are subjected to Domain Fronting
    block_domain_fronting_on_host_header bool
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    block_http_tunnel_on_non_http_ports bool
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    block_non_compliant_http_request_on_http_ports bool
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    block_non_http_on_http_port_enabled bool
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascade_url_filtering bool
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digest_auth_bypass_apps Sequence[str]
    Cloud applications that are exempted from Digest authentication
    digest_auth_bypass_url_categories Sequence[str]
    URL categories that are exempted from Digest authentication
    digest_auth_bypass_urls Sequence[str]
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dns_resolution_on_transparent_proxy_apps Sequence[str]
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_exempt_apps Sequence[str]
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dns_resolution_on_transparent_proxy_exempt_url_categories Sequence[str]
    dns_resolution_on_transparent_proxy_exempt_urls Sequence[str]
    URLs that are excluded from DNS optimization on transparent proxy mode
    dns_resolution_on_transparent_proxy_ipv6_apps Sequence[str]
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_ipv6_exempt_apps Sequence[str]
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories Sequence[str]
    dns_resolution_on_transparent_proxy_ipv6_url_categories Sequence[str]
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_url_categories Sequence[str]
    URL categories to which DNS optimization on transparent proxy mode applies
    dns_resolution_on_transparent_proxy_urls Sequence[str]
    URLs to which DNS optimization on transparent proxy mode applies
    domain_fronting_bypass_url_categories Sequence[str]
    URL categories that are exempted from domain fronting
    dynamic_user_risk_enabled bool
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecs_for_all_enabled bool
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enable_admin_rank_access bool
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enable_dns_resolution_on_transparent_proxy bool
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enable_evaluate_policy_on_global_ssl_bypass bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enable_ipv6_dns_optimization_on_all_transparent_proxy bool
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enable_ipv6_dns_resolution_on_transparent_proxy bool
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enable_office365 bool
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enable_policy_for_unauthenticated_traffic bool
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforce_surrogate_ip_for_windows_app bool
    Enforce Surrogate IP authentication for Windows app traffic
    http2_nonbrowser_traffic_enabled bool
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    http_range_header_remove_url_categories Sequence[str]
    URL categories for which HTTP range headers must be removed
    kerberos_bypass_apps Sequence[str]
    Cloud applications that are exempted from Kerberos authentication
    kerberos_bypass_url_categories Sequence[str]
    URL categories that are exempted from Kerberos authentication
    kerberos_bypass_urls Sequence[str]
    Custom URLs that are exempted from Kerberos authentication
    log_internal_ip bool
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    prefer_sni_over_conn_host bool
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    prefer_sni_over_conn_host_apps Sequence[str]
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipa_xff_header_enabled bool
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sni_dns_optimization_bypass_url_categories Sequence[str]
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    track_http_tunnel_on_http_ports bool
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    ui_session_timeout int
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscaler_client_connector1_and_pac_road_warrior_in_firewall bool
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files
    authBypassApps List<String>
    Cloud applications that are exempted from cookie authentication
    authBypassUrlCategories List<String>
    URL categories that are exempted from cookie authentication
    authBypassUrls List<String>
    Custom URLs that are exempted from cookie authentication for users
    basicBypassApps List<String>
    Cloud applications that are exempted from Basic authentication
    basicBypassUrlCategories List<String>
    URL categories that are exempted from Basic authentication
    blockConnectHostSniMismatch Boolean
    Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not
    blockDomainFrontingApps List<String>
    Applications which are subjected to Domain Fronting
    blockDomainFrontingOnHostHeader Boolean
    Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header
    blockHttpTunnelOnNonHttpPorts Boolean
    Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)
    blockNonCompliantHttpRequestOnHttpPorts Boolean
    Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards
    blockNonHttpOnHttpPortEnabled Boolean
    Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked
    cascadeUrlFiltering Boolean
    Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly
    digestAuthBypassApps List<String>
    Cloud applications that are exempted from Digest authentication
    digestAuthBypassUrlCategories List<String>
    URL categories that are exempted from Digest authentication
    digestAuthBypassUrls List<String>
    Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication
    dnsResolutionOnTransparentProxyApps List<String>
    Cloud applications to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyExemptApps List<String>
    Cloud applications that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyExemptUrls List<String>
    URLs that are excluded from DNS optimization on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6Apps List<String>
    Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies
    dnsResolutionOnTransparentProxyIpv6ExemptApps List<String>
    Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode
    dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories List<String>
    dnsResolutionOnTransparentProxyIpv6UrlCategories List<String>
    IPv6 URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrlCategories List<String>
    URL categories to which DNS optimization on transparent proxy mode applies
    dnsResolutionOnTransparentProxyUrls List<String>
    URLs to which DNS optimization on transparent proxy mode applies
    domainFrontingBypassUrlCategories List<String>
    URL categories that are exempted from domain fronting
    dynamicUserRiskEnabled Boolean
    Value indicating whether to dynamically update user risk score by tracking risky user activities in real time
    ecsForAllEnabled Boolean
    Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users.
    enableAdminRankAccess Boolean
    Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management
    enableDnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableEvaluatePolicyOnGlobalSslBypass Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsOptimizationOnAllTransparentProxy Boolean
    Enable/Disable DNS optimization for all IPv6 transparent proxy traffic
    enableIpv6DnsResolutionOnTransparentProxy Boolean
    Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file).
    enableOffice365 Boolean
    Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not
    enablePolicyForUnauthenticatedTraffic Boolean
    Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic
    enforceSurrogateIpForWindowsApp Boolean
    Enforce Surrogate IP authentication for Windows app traffic
    http2NonbrowserTrafficEnabled Boolean
    Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level
    httpRangeHeaderRemoveUrlCategories List<String>
    URL categories for which HTTP range headers must be removed
    kerberosBypassApps List<String>
    Cloud applications that are exempted from Kerberos authentication
    kerberosBypassUrlCategories List<String>
    URL categories that are exempted from Kerberos authentication
    kerberosBypassUrls List<String>
    Custom URLs that are exempted from Kerberos authentication
    logInternalIp Boolean
    Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not
    preferSniOverConnHost Boolean
    Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections
    preferSniOverConnHostApps List<String>
    Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    sipaXffHeaderEnabled Boolean
    Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic.
    sniDnsOptimizationBypassUrlCategories List<String>
    URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)
    trackHttpTunnelOnHttpPorts Boolean
    Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80
    uiSessionTimeout Number
    Specifies the login session timeout for admins accessing the ZIA Admin Portal
    zscalerClientConnector1AndPacRoadWarriorInFirewall Boolean
    Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files

    Import

    Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.

    Visit

    zia_advanced_settings can be imported by using advanced_settings as the import ID.

    For example:

    $ pulumi import zia:index/advancedSettings:AdvancedSettings this "advanced_settings"

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    zia zscaler/pulumi-zia
    License
    MIT
    Notes
    This Pulumi package is based on the zia Terraform Provider.
    zia logo
    Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
    zscaler/pulumi-zia