Zscaler Internet Access v0.0.3, Jan 30 23

zia.Firewall.FirewallFilteringRule

The zia_firewall_filtering_rule resource allows the creation and management of ZIA Cloud Firewall filtering rules in the Zscaler Internet Access.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;

return await Deployment.RunAsync(() => 
{
    var zscalerProxyNwServices = Zia.Firewall.GetFirewallFilteringNetworkServices.Invoke(new()
    {
        Name = "ZSCALER_PROXY_NW_SERVICES",
    });

    var engineering = Zia.Departments.GetDepartmentManagement.Invoke(new()
    {
        Name = "Engineering",
    });

    var normalInternet = Zia.Groups.GetGroupManagement.Invoke(new()
    {
        Name = "Normal_Internet",
    });

    var workHours = Zia.TimeWindow.GetTimeWindow.Invoke(new()
    {
        Name = "Work hours",
    });

    var example = new Zia.Firewall.FirewallFilteringRule("example", new()
    {
        Description = "Example",
        Action = "ALLOW",
        State = "ENABLED",
        Order = 1,
        EnableFullLogging = true,
        NwServices = new Zia.Firewall.Inputs.FirewallFilteringRuleNwServicesArgs
        {
            Ids = new[]
            {
                zscalerProxyNwServices.Apply(getFirewallFilteringNetworkServicesResult => getFirewallFilteringNetworkServicesResult.Id),
            },
        },
        Departments = new Zia.Firewall.Inputs.FirewallFilteringRuleDepartmentsArgs
        {
            Ids = new[]
            {
                engineering.Apply(getDepartmentManagementResult => getDepartmentManagementResult.Id),
            },
        },
        Groups = new Zia.Firewall.Inputs.FirewallFilteringRuleGroupsArgs
        {
            Ids = new[]
            {
                normalInternet.Apply(getGroupManagementResult => getGroupManagementResult.Id),
            },
        },
        TimeWindows = new Zia.Firewall.Inputs.FirewallFilteringRuleTimeWindowsArgs
        {
            Ids = new[]
            {
                workHours.Apply(getTimeWindowResult => getTimeWindowResult.Id),
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/zscaler/pulumi-zia/sdk/go/zia/Departments"
	"github.com/zscaler/pulumi-zia/sdk/go/zia/Firewall"
	"github.com/zscaler/pulumi-zia/sdk/go/zia/Groups"
	"github.com/zscaler/pulumi-zia/sdk/go/zia/TimeWindow"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		zscalerProxyNwServices, err := Firewall.GetFirewallFilteringNetworkServices(ctx, &firewall.GetFirewallFilteringNetworkServicesArgs{
			Name: pulumi.StringRef("ZSCALER_PROXY_NW_SERVICES"),
		}, nil)
		if err != nil {
			return err
		}
		engineering, err := Departments.GetDepartmentManagement(ctx, &departments.GetDepartmentManagementArgs{
			Name: pulumi.StringRef("Engineering"),
		}, nil)
		if err != nil {
			return err
		}
		normalInternet, err := Groups.GetGroupManagement(ctx, &groups.GetGroupManagementArgs{
			Name: pulumi.StringRef("Normal_Internet"),
		}, nil)
		if err != nil {
			return err
		}
		workHours, err := TimeWindow.GetTimeWindow(ctx, &timewindow.GetTimeWindowArgs{
			Name: pulumi.StringRef("Work hours"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = Firewall.NewFirewallFilteringRule(ctx, "example", &Firewall.FirewallFilteringRuleArgs{
			Description:       pulumi.String("Example"),
			Action:            pulumi.String("ALLOW"),
			State:             pulumi.String("ENABLED"),
			Order:             pulumi.Int(1),
			EnableFullLogging: pulumi.Bool(true),
			NwServices: &firewall.FirewallFilteringRuleNwServicesArgs{
				Ids: pulumi.IntArray{
					*pulumi.Int(zscalerProxyNwServices.Id),
				},
			},
			Departments: &firewall.FirewallFilteringRuleDepartmentsArgs{
				Ids: pulumi.IntArray{
					*pulumi.Int(engineering.Id),
				},
			},
			Groups: &firewall.FirewallFilteringRuleGroupsArgs{
				Ids: pulumi.IntArray{
					*pulumi.Int(normalInternet.Id),
				},
			},
			TimeWindows: &firewall.FirewallFilteringRuleTimeWindowsArgs{
				Ids: pulumi.IntArray{
					*pulumi.Int(workHours.Id),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.Firewall.FirewallFunctions;
import com.pulumi.zia.Firewall.inputs.GetFirewallFilteringNetworkServicesArgs;
import com.pulumi.zia.Departments.DepartmentsFunctions;
import com.pulumi.zia.Departments.inputs.GetDepartmentManagementArgs;
import com.pulumi.zia.Groups.GroupsFunctions;
import com.pulumi.zia.Groups.inputs.GetGroupManagementArgs;
import com.pulumi.zia.TimeWindow.TimeWindowFunctions;
import com.pulumi.zia.TimeWindow.inputs.GetTimeWindowArgs;
import com.pulumi.zia.Firewall.FirewallFilteringRule;
import com.pulumi.zia.Firewall.FirewallFilteringRuleArgs;
import com.pulumi.zia.Firewall.inputs.FirewallFilteringRuleNwServicesArgs;
import com.pulumi.zia.Firewall.inputs.FirewallFilteringRuleDepartmentsArgs;
import com.pulumi.zia.Firewall.inputs.FirewallFilteringRuleGroupsArgs;
import com.pulumi.zia.Firewall.inputs.FirewallFilteringRuleTimeWindowsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var zscalerProxyNwServices = FirewallFunctions.getFirewallFilteringNetworkServices(GetFirewallFilteringNetworkServicesArgs.builder()
            .name("ZSCALER_PROXY_NW_SERVICES")
            .build());

        final var engineering = DepartmentsFunctions.getDepartmentManagement(GetDepartmentManagementArgs.builder()
            .name("Engineering")
            .build());

        final var normalInternet = GroupsFunctions.getGroupManagement(GetGroupManagementArgs.builder()
            .name("Normal_Internet")
            .build());

        final var workHours = TimeWindowFunctions.getTimeWindow(GetTimeWindowArgs.builder()
            .name("Work hours")
            .build());

        var example = new FirewallFilteringRule("example", FirewallFilteringRuleArgs.builder()        
            .description("Example")
            .action("ALLOW")
            .state("ENABLED")
            .order(1)
            .enableFullLogging(true)
            .nwServices(FirewallFilteringRuleNwServicesArgs.builder()
                .ids(zscalerProxyNwServices.applyValue(getFirewallFilteringNetworkServicesResult -> getFirewallFilteringNetworkServicesResult.id()))
                .build())
            .departments(FirewallFilteringRuleDepartmentsArgs.builder()
                .ids(engineering.applyValue(getDepartmentManagementResult -> getDepartmentManagementResult.id()))
                .build())
            .groups(FirewallFilteringRuleGroupsArgs.builder()
                .ids(normalInternet.applyValue(getGroupManagementResult -> getGroupManagementResult.id()))
                .build())
            .timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
                .ids(workHours.applyValue(getTimeWindowResult -> getTimeWindowResult.id()))
                .build())
            .build());

    }
}

import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia

zscaler_proxy_nw_services = zia.Firewall.get_firewall_filtering_network_services(name="ZSCALER_PROXY_NW_SERVICES")
engineering = zia.Departments.get_department_management(name="Engineering")
normal_internet = zia.Groups.get_group_management(name="Normal_Internet")
work_hours = zia.TimeWindow.get_time_window(name="Work hours")
example = zia.firewall.FirewallFilteringRule("example",
    description="Example",
    action="ALLOW",
    state="ENABLED",
    order=1,
    enable_full_logging=True,
    nw_services=zia.firewall.FirewallFilteringRuleNwServicesArgs(
        ids=[zscaler_proxy_nw_services.id],
    ),
    departments=zia.firewall.FirewallFilteringRuleDepartmentsArgs(
        ids=[engineering.id],
    ),
    groups=zia.firewall.FirewallFilteringRuleGroupsArgs(
        ids=[normal_internet.id],
    ),
    time_windows=zia.firewall.FirewallFilteringRuleTimeWindowsArgs(
        ids=[work_hours.id],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as zia from "@pulumi/zia";
import * as zia from "@zscaler/pulumi-zia";

const zscalerProxyNwServices = zia.Firewall.getFirewallFilteringNetworkServices({
    name: "ZSCALER_PROXY_NW_SERVICES",
});
const engineering = zia.Departments.getDepartmentManagement({
    name: "Engineering",
});
const normalInternet = zia.Groups.getGroupManagement({
    name: "Normal_Internet",
});
const workHours = zia.TimeWindow.getTimeWindow({
    name: "Work hours",
});
const example = new zia.firewall.FirewallFilteringRule("example", {
    description: "Example",
    action: "ALLOW",
    state: "ENABLED",
    order: 1,
    enableFullLogging: true,
    nwServices: {
        ids: [zscalerProxyNwServices.then(zscalerProxyNwServices => zscalerProxyNwServices.id)],
    },
    departments: {
        ids: [engineering.then(engineering => engineering.id)],
    },
    groups: {
        ids: [normalInternet.then(normalInternet => normalInternet.id)],
    },
    timeWindows: {
        ids: [workHours.then(workHours => workHours.id)],
    },
});

resources:
  example:
    type: zia:Firewall:FirewallFilteringRule
    properties:
      description: Example
      action: ALLOW
      state: ENABLED
      order: 1
      enableFullLogging: true
      nwServices:
        ids:
          - ${zscalerProxyNwServices.id}
      departments:
        ids:
          - ${engineering.id}
      groups:
        ids:
          - ${normalInternet.id}
      timeWindows:
        ids:
          - ${workHours.id}
variables:
  zscalerProxyNwServices:
    fn::invoke:
      Function: zia:Firewall:getFirewallFilteringNetworkServices
      Arguments:
        name: ZSCALER_PROXY_NW_SERVICES
  engineering:
    fn::invoke:
      Function: zia:Departments:getDepartmentManagement
      Arguments:
        name: Engineering
  normalInternet:
    fn::invoke:
      Function: zia:Groups:getGroupManagement
      Arguments:
        name: Normal_Internet
  workHours:
    fn::invoke:
      Function: zia:TimeWindow:getTimeWindow
      Arguments:
        name: Work hours

Create FirewallFilteringRule Resource

new FirewallFilteringRule(name: string, args?: FirewallFilteringRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallFilteringRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          access_control: Optional[str] = None,
                          action: Optional[str] = None,
                          app_service_groups: Optional[_firewall.FirewallFilteringRuleAppServiceGroupsArgs] = None,
                          app_services: Optional[_firewall.FirewallFilteringRuleAppServicesArgs] = None,
                          default_rule: Optional[bool] = None,
                          departments: Optional[_firewall.FirewallFilteringRuleDepartmentsArgs] = None,
                          description: Optional[str] = None,
                          dest_addresses: Optional[Sequence[str]] = None,
                          dest_countries: Optional[Sequence[str]] = None,
                          dest_ip_categories: Optional[Sequence[str]] = None,
                          dest_ip_groups: Optional[_firewall.FirewallFilteringRuleDestIpGroupsArgs] = None,
                          enable_full_logging: Optional[bool] = None,
                          groups: Optional[_firewall.FirewallFilteringRuleGroupsArgs] = None,
                          labels: Optional[_firewall.FirewallFilteringRuleLabelsArgs] = None,
                          last_modified_bies: Optional[Sequence[_firewall.FirewallFilteringRuleLastModifiedByArgs]] = None,
                          last_modified_time: Optional[int] = None,
                          location_groups: Optional[_firewall.FirewallFilteringRuleLocationGroupsArgs] = None,
                          locations: Optional[_firewall.FirewallFilteringRuleLocationsArgs] = None,
                          name: Optional[str] = None,
                          nw_application_groups: Optional[_firewall.FirewallFilteringRuleNwApplicationGroupsArgs] = None,
                          nw_applications: Optional[Sequence[str]] = None,
                          nw_service_groups: Optional[_firewall.FirewallFilteringRuleNwServiceGroupsArgs] = None,
                          nw_services: Optional[_firewall.FirewallFilteringRuleNwServicesArgs] = None,
                          order: Optional[int] = None,
                          predefined: Optional[bool] = None,
                          rank: Optional[int] = None,
                          src_ip_groups: Optional[_firewall.FirewallFilteringRuleSrcIpGroupsArgs] = None,
                          src_ips: Optional[Sequence[str]] = None,
                          state: Optional[str] = None,
                          time_windows: Optional[_firewall.FirewallFilteringRuleTimeWindowsArgs] = None,
                          users: Optional[_firewall.FirewallFilteringRuleUsersArgs] = None)
@overload
def FirewallFilteringRule(resource_name: str,
                          args: Optional[FirewallFilteringRuleArgs] = None,
                          opts: Optional[ResourceOptions] = None)

func NewFirewallFilteringRule(ctx *Context, name string, args *FirewallFilteringRuleArgs, opts ...ResourceOption) (*FirewallFilteringRule, error)

public FirewallFilteringRule(string name, FirewallFilteringRuleArgs? args = null, CustomResourceOptions? opts = null)

public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args)
public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args, CustomResourceOptions options)

type: zia:Firewall:FirewallFilteringRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

FirewallFilteringRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallFilteringRule resource accepts the following input properties:

AccessControl string
Action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
AppServiceGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
AppServices zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
DefaultRule bool: If set to true, the default rule is applied
Departments zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries List<string>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories List<string>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool
Groups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
LastModifiedBies List<zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLastModifiedByArgs>
LastModifiedTime int
LocationGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the network service group
NwApplicationGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications List<string>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: If set to true, a predefined rule is applied
Rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
SrcIpGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
SrcIps List<string>: You can enter individual IP addresses, subnets, or address ranges.
State string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

AccessControl string
Action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
AppServices FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
DefaultRule bool: If set to true, the default rule is applied
Departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries []string: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories []string: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool
Groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
LastModifiedBies []FirewallFilteringRuleLastModifiedByArgs
LastModifiedTime int
LocationGroups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the network service group
NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications []string: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
NwServices FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: If set to true, a predefined rule is applied
Rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
SrcIps []string: You can enter individual IP addresses, subnets, or address ranges.
State string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl String
action String: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups FilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
appServices FilteringRuleAppServicesArgs: Application services on which this rule is applied
defaultRule Boolean: If set to true, the default rule is applied
departments FilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean
groups FilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FilteringRuleLabelsArgs: Labels that are applicable to the rule.
lastModifiedBies List<FilteringRuleLastModifiedByArgs>
lastModifiedTime Integer
locationGroups FilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the network service group
nwApplicationGroups FilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups FilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nwServices FilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: If set to true, a predefined rule is applied
rank Integer: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups FilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: You can enter individual IP addresses, subnets, or address ranges.
state String: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl string
action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
appServices FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
defaultRule boolean: If set to true, the default rule is applied
departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries string[]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories string[]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging boolean
groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
lastModifiedBies FirewallFilteringRuleLastModifiedByArgs[]
lastModifiedTime number
locationGroups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: Name of the network service group
nwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications string[]: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: If set to true, a predefined rule is applied
rank number: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
srcIps string[]: You can enter individual IP addresses, subnets, or address ranges.
state string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

access_control str
action str: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
app_service_groups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
app_services FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
default_rule bool: If set to true, the default rule is applied
departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
dest_countries Sequence[str]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
dest_ip_categories Sequence[str]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enable_full_logging bool
groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
last_modified_bies FirewallFilteringRuleLastModifiedByArgs]
last_modified_time int
location_groups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: Name of the network service group
nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nw_applications Sequence[str]: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nw_services FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: If set to true, a predefined rule is applied
rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
src_ips Sequence[str]: You can enter individual IP addresses, subnets, or address ranges.
state str: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
time_windows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl String
action String: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups Property Map: Application service groups on which this rule is applied
appServices Property Map: Application services on which this rule is applied
defaultRule Boolean: If set to true, the default rule is applied
departments Property Map: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean
groups Property Map: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: Labels that are applicable to the rule.
lastModifiedBies List<Property Map>
lastModifiedTime Number
locationGroups Property Map: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the network service group
nwApplicationGroups Property Map: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups Property Map: Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: If set to true, a predefined rule is applied
rank Number: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups Property Map: Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: You can enter individual IP addresses, subnets, or address ranges.
state String: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows Property Map: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallFilteringRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing FirewallFilteringRule Resource

Get an existing FirewallFilteringRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallFilteringRuleState, opts?: CustomResourceOptions): FirewallFilteringRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_control: Optional[str] = None,
        action: Optional[str] = None,
        app_service_groups: Optional[_firewall.FirewallFilteringRuleAppServiceGroupsArgs] = None,
        app_services: Optional[_firewall.FirewallFilteringRuleAppServicesArgs] = None,
        default_rule: Optional[bool] = None,
        departments: Optional[_firewall.FirewallFilteringRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dest_addresses: Optional[Sequence[str]] = None,
        dest_countries: Optional[Sequence[str]] = None,
        dest_ip_categories: Optional[Sequence[str]] = None,
        dest_ip_groups: Optional[_firewall.FirewallFilteringRuleDestIpGroupsArgs] = None,
        enable_full_logging: Optional[bool] = None,
        groups: Optional[_firewall.FirewallFilteringRuleGroupsArgs] = None,
        labels: Optional[_firewall.FirewallFilteringRuleLabelsArgs] = None,
        last_modified_bies: Optional[Sequence[_firewall.FirewallFilteringRuleLastModifiedByArgs]] = None,
        last_modified_time: Optional[int] = None,
        location_groups: Optional[_firewall.FirewallFilteringRuleLocationGroupsArgs] = None,
        locations: Optional[_firewall.FirewallFilteringRuleLocationsArgs] = None,
        name: Optional[str] = None,
        nw_application_groups: Optional[_firewall.FirewallFilteringRuleNwApplicationGroupsArgs] = None,
        nw_applications: Optional[Sequence[str]] = None,
        nw_service_groups: Optional[_firewall.FirewallFilteringRuleNwServiceGroupsArgs] = None,
        nw_services: Optional[_firewall.FirewallFilteringRuleNwServicesArgs] = None,
        order: Optional[int] = None,
        predefined: Optional[bool] = None,
        rank: Optional[int] = None,
        rule_id: Optional[int] = None,
        src_ip_groups: Optional[_firewall.FirewallFilteringRuleSrcIpGroupsArgs] = None,
        src_ips: Optional[Sequence[str]] = None,
        state: Optional[str] = None,
        time_windows: Optional[_firewall.FirewallFilteringRuleTimeWindowsArgs] = None,
        users: Optional[_firewall.FirewallFilteringRuleUsersArgs] = None) -> FirewallFilteringRule

func GetFirewallFilteringRule(ctx *Context, name string, id IDInput, state *FirewallFilteringRuleState, opts ...ResourceOption) (*FirewallFilteringRule, error)

public static FirewallFilteringRule Get(string name, Input<string> id, FirewallFilteringRuleState? state, CustomResourceOptions? opts = null)

public static FirewallFilteringRule get(String name, Output<String> id, FirewallFilteringRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessControl string
Action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
AppServiceGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
AppServices zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
DefaultRule bool: If set to true, the default rule is applied
Departments zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries List<string>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories List<string>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool
Groups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
LastModifiedBies List<zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLastModifiedByArgs>
LastModifiedTime int
LocationGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the network service group
NwApplicationGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications List<string>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: If set to true, a predefined rule is applied
Rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RuleId int
SrcIpGroups zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
SrcIps List<string>: You can enter individual IP addresses, subnets, or address ranges.
State string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Firewall.Inputs.FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

AccessControl string
Action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
AppServices FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
DefaultRule bool: If set to true, the default rule is applied
Departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries []string: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories []string: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool
Groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
LastModifiedBies []FirewallFilteringRuleLastModifiedByArgs
LastModifiedTime int
LocationGroups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the network service group
NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications []string: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
NwServices FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: If set to true, a predefined rule is applied
Rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RuleId int
SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
SrcIps []string: You can enter individual IP addresses, subnets, or address ranges.
State string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl String
action String: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups FilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
appServices FilteringRuleAppServicesArgs: Application services on which this rule is applied
defaultRule Boolean: If set to true, the default rule is applied
departments FilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean
groups FilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FilteringRuleLabelsArgs: Labels that are applicable to the rule.
lastModifiedBies List<FilteringRuleLastModifiedByArgs>
lastModifiedTime Integer
locationGroups FilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the network service group
nwApplicationGroups FilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups FilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nwServices FilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: If set to true, a predefined rule is applied
rank Integer: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ruleId Integer
srcIpGroups FilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: You can enter individual IP addresses, subnets, or address ranges.
state String: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl string
action string: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
appServices FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
defaultRule boolean: If set to true, the default rule is applied
departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries string[]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories string[]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging boolean
groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
lastModifiedBies FirewallFilteringRuleLastModifiedByArgs[]
lastModifiedTime number
locationGroups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: Name of the network service group
nwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications string[]: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: If set to true, a predefined rule is applied
rank number: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ruleId number
srcIpGroups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
srcIps string[]: You can enter individual IP addresses, subnets, or address ranges.
state string: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

access_control str
action str: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
app_service_groups FirewallFilteringRuleAppServiceGroupsArgs: Application service groups on which this rule is applied
app_services FirewallFilteringRuleAppServicesArgs: Application services on which this rule is applied
default_rule bool: If set to true, the default rule is applied
departments FirewallFilteringRuleDepartmentsArgs: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
dest_countries Sequence[str]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
dest_ip_categories Sequence[str]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enable_full_logging bool
groups FirewallFilteringRuleGroupsArgs: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallFilteringRuleLabelsArgs: Labels that are applicable to the rule.
last_modified_bies FirewallFilteringRuleLastModifiedByArgs]
last_modified_time int
location_groups FirewallFilteringRuleLocationGroupsArgs: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallFilteringRuleLocationsArgs: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: Name of the network service group
nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nw_applications Sequence[str]: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs: Any number of predefined or custom network service groups to which the rule applies.
nw_services FirewallFilteringRuleNwServicesArgs: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: If set to true, a predefined rule is applied
rank int: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
rule_id int
src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs: Any number of source IP address groups that you want to control with this rule.
src_ips Sequence[str]: You can enter individual IP addresses, subnets, or address ranges.
state str: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
time_windows FirewallFilteringRuleTimeWindowsArgs: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallFilteringRuleUsersArgs: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

accessControl String
action String: Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
appServiceGroups Property Map: Application service groups on which this rule is applied
appServices Property Map: Application services on which this rule is applied
defaultRule Boolean: If set to true, the default rule is applied
departments Property Map: Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean
groups Property Map: You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: Labels that are applicable to the rule.
lastModifiedBies List<Property Map>
lastModifiedTime Number
locationGroups Property Map: You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the network service group
nwApplicationGroups Property Map: Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups Property Map: Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: If set to true, a predefined rule is applied
rank Number: By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ruleId Number
srcIpGroups Property Map: Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: You can enter individual IP addresses, subnets, or address ranges.
state String: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows Property Map: You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

Supporting Types

FirewallFilteringRuleAppServiceGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleAppServices

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleDepartments

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleDestIpGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleLabels

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleLastModifiedBy

Extensions Dictionary<string, string>
Id int: Identifier that uniquely identifies an entity

Extensions map[string]string
Id int: Identifier that uniquely identifies an entity

extensions Map<String,String>
id Integer: Identifier that uniquely identifies an entity

extensions {[key: string]: string}
id number: Identifier that uniquely identifies an entity

extensions Mapping[str, str]
id int: Identifier that uniquely identifies an entity

extensions Map<String>
id Number: Identifier that uniquely identifies an entity

FirewallFilteringRuleLocationGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleLocations

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleNwApplicationGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleNwServiceGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleNwServices

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleSrcIpGroups

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleTimeWindows

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

FirewallFilteringRuleUsers

Ids List<int>: Identifier that uniquely identifies an entity

Ids []int: Identifier that uniquely identifies an entity

ids List<Integer>: Identifier that uniquely identifies an entity

ids number[]: Identifier that uniquely identifies an entity

ids Sequence[int]: Identifier that uniquely identifies an entity

ids List<Number>: Identifier that uniquely identifies an entity

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.