Zscaler Internet Access v0.0.3, Jan 30 23

zia.Firewall.getFirewallFilteringRule

Use the zia_firewall_filtering_rule data source to get information about a cloud firewall rule available in the Zscaler Internet Access cloud firewall.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Zia = Pulumi.Zia;

return await Deployment.RunAsync(() => 
{
    var example = Zia.Firewall.GetFirewallFilteringRule.Invoke(new()
    {
        Name = "Office 365 One Click Rule",
    });

});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/zscaler/pulumi-zia/sdk/go/zia/Firewall"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := Firewall.GetFirewallFilteringRule(ctx, &firewall.GetFirewallFilteringRuleArgs{
			Name: pulumi.StringRef("Office 365 One Click Rule"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.Firewall.FirewallFunctions;
import com.pulumi.zia.Firewall.inputs.GetFirewallFilteringRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = FirewallFunctions.getFirewallFilteringRule(GetFirewallFilteringRuleArgs.builder()
            .name("Office 365 One Click Rule")
            .build());

    }
}

import pulumi
import pulumi_zia as zia

example = zia.Firewall.get_firewall_filtering_rule(name="Office 365 One Click Rule")

import * as pulumi from "@pulumi/pulumi";
import * as zia from "@pulumi/zia";

const example = zia.Firewall.getFirewallFilteringRule({
    name: "Office 365 One Click Rule",
});

variables:
  example:
    fn::invoke:
      Function: zia:Firewall:getFirewallFilteringRule
      Arguments:
        name: Office 365 One Click Rule

Using getFirewallFilteringRule

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getFirewallFilteringRule(args: GetFirewallFilteringRuleArgs, opts?: InvokeOptions): Promise<GetFirewallFilteringRuleResult>
function getFirewallFilteringRuleOutput(args: GetFirewallFilteringRuleOutputArgs, opts?: InvokeOptions): Output<GetFirewallFilteringRuleResult>

def get_firewall_filtering_rule(action: Optional[str] = None,
                                description: Optional[str] = None,
                                id: Optional[int] = None,
                                last_modified_time: Optional[int] = None,
                                name: Optional[str] = None,
                                state: Optional[str] = None,
                                opts: Optional[InvokeOptions] = None) -> GetFirewallFilteringRuleResult
def get_firewall_filtering_rule_output(action: Optional[pulumi.Input[str]] = None,
                                description: Optional[pulumi.Input[str]] = None,
                                id: Optional[pulumi.Input[int]] = None,
                                last_modified_time: Optional[pulumi.Input[int]] = None,
                                name: Optional[pulumi.Input[str]] = None,
                                state: Optional[pulumi.Input[str]] = None,
                                opts: Optional[InvokeOptions] = None) -> Output[GetFirewallFilteringRuleResult]

func GetFirewallFilteringRule(ctx *Context, args *GetFirewallFilteringRuleArgs, opts ...InvokeOption) (*GetFirewallFilteringRuleResult, error)
func GetFirewallFilteringRuleOutput(ctx *Context, args *GetFirewallFilteringRuleOutputArgs, opts ...InvokeOption) GetFirewallFilteringRuleResultOutput

> Note: This function is named GetFirewallFilteringRule in the Go SDK.

public static class GetFirewallFilteringRule 
{
    public static Task<GetFirewallFilteringRuleResult> InvokeAsync(GetFirewallFilteringRuleArgs args, InvokeOptions? opts = null)
    public static Output<GetFirewallFilteringRuleResult> Invoke(GetFirewallFilteringRuleInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetFirewallFilteringRuleResult> getFirewallFilteringRule(GetFirewallFilteringRuleArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: zia:Firewall/getFirewallFilteringRule:getFirewallFilteringRule
  arguments:
    # arguments dictionary

The following arguments are supported:

Action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
Description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
Id int: Unique identifier for the Firewall Filtering policy rule
LastModifiedTime int: (Number)
Name string: Name of the Firewall Filtering policy rule
State string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

Action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
Description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
Id int: Unique identifier for the Firewall Filtering policy rule
LastModifiedTime int: (Number)
Name string: Name of the Firewall Filtering policy rule
State string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

action String: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description String: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
id Integer: Unique identifier for the Firewall Filtering policy rule
lastModifiedTime Integer: (Number)
name String: Name of the Firewall Filtering policy rule
state String: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
id number: Unique identifier for the Firewall Filtering policy rule
lastModifiedTime number: (Number)
name string: Name of the Firewall Filtering policy rule
state string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

action str: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description str: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
id int: Unique identifier for the Firewall Filtering policy rule
last_modified_time int: (Number)
name str: Name of the Firewall Filtering policy rule
state str: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

action String: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description String: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
id Number: Unique identifier for the Firewall Filtering policy rule
lastModifiedTime Number: (Number)
name String: Name of the Firewall Filtering policy rule
state String: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

getFirewallFilteringRule Result

The following output properties are available:

AccessControl string: (String)
AppServiceGroups List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleAppServiceGroup>: Application service groups on which this rule is applied
AppServices List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleAppService>: Application services on which this rule is applied
DefaultRule bool: (Boolean)
Departments List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleDepartment>: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
DestAddresses List<string>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries List<string>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories List<string>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups List<string>: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool: (Boolean)
Groups List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleGroup>: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (Number) The ID of this resource.
Labels List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleLabel>: Labels that are applicable to the rule.
LastModifiedBies List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleLastModifiedBy>
LocationGroups List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleLocationGroup>: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleLocation>: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (String) The configured name of the entity
NwApplicationGroups List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleNwApplicationGroup>: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications List<string>: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleNwServiceGroup>: (Optional) Any number of predefined or custom network service groups to which the rule applies.
NwServices List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleNwService>: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean)
Rank int: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
SrcIpGroups List<string>: (Optional) Any number of source IP address groups that you want to control with this rule.
SrcIps List<string>: (Optional) You can enter individual IP addresses, subnets, or address ranges.
TimeWindows List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleTimeWindow>: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users List<zscaler.PulumiPackage.Zia.Firewall.Outputs.GetFirewallFilteringRuleUser>: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
Action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
Description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
LastModifiedTime int: (Number)
State string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

AccessControl string: (String)
AppServiceGroups []GetFirewallFilteringRuleAppServiceGroup: Application service groups on which this rule is applied
AppServices []GetFirewallFilteringRuleAppService: Application services on which this rule is applied
DefaultRule bool: (Boolean)
Departments []GetFirewallFilteringRuleDepartment: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
DestAddresses []string: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries []string: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
DestIpCategories []string: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups []string: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
EnableFullLogging bool: (Boolean)
Groups []GetFirewallFilteringRuleGroup: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (Number) The ID of this resource.
Labels []GetFirewallFilteringRuleLabel: Labels that are applicable to the rule.
LastModifiedBies []GetFirewallFilteringRuleLastModifiedBy
LocationGroups []GetFirewallFilteringRuleLocationGroup: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations []GetFirewallFilteringRuleLocation: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (String) The configured name of the entity
NwApplicationGroups []GetFirewallFilteringRuleNwApplicationGroup: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
NwApplications []string: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
NwServiceGroups []GetFirewallFilteringRuleNwServiceGroup: (Optional) Any number of predefined or custom network service groups to which the rule applies.
NwServices []GetFirewallFilteringRuleNwService: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean)
Rank int: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
SrcIpGroups []string: (Optional) Any number of source IP address groups that you want to control with this rule.
SrcIps []string: (Optional) You can enter individual IP addresses, subnets, or address ranges.
TimeWindows []GetFirewallFilteringRuleTimeWindow: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users []GetFirewallFilteringRuleUser: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
Action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
Description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
LastModifiedTime int: (Number)
State string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

accessControl String: (String)
appServiceGroups List<GetFilteringRuleAppServiceGroup>: Application service groups on which this rule is applied
appServices List<GetFilteringRuleAppService>: Application services on which this rule is applied
defaultRule Boolean: (Boolean)
departments List<GetFilteringRuleDepartment>: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups List<String>: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean: (Boolean)
groups List<GetFilteringRuleGroup>: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Integer: (Number) The ID of this resource.
labels List<GetFilteringRuleLabel>: Labels that are applicable to the rule.
lastModifiedBies List<GetFilteringRuleLastModifiedBy>
locationGroups List<GetFilteringRuleLocationGroup>: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<GetFilteringRuleLocation>: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (String) The configured name of the entity
nwApplicationGroups List<GetFilteringRuleNwApplicationGroup>: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups List<GetFilteringRuleNwServiceGroup>: (Optional) Any number of predefined or custom network service groups to which the rule applies.
nwServices List<GetFilteringRuleNwService>: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean)
rank Integer: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups List<String>: (Optional) Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: (Optional) You can enter individual IP addresses, subnets, or address ranges.
timeWindows List<GetFilteringRuleTimeWindow>: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<GetFilteringRuleUser>: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
action String: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description String: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
lastModifiedTime Integer: (Number)
state String: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

accessControl string: (String)
appServiceGroups GetFirewallFilteringRuleAppServiceGroup[]: Application service groups on which this rule is applied
appServices GetFirewallFilteringRuleAppService[]: Application services on which this rule is applied
defaultRule boolean: (Boolean)
departments GetFirewallFilteringRuleDepartment[]: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
destAddresses string[]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries string[]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories string[]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups string[]: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging boolean: (Boolean)
groups GetFirewallFilteringRuleGroup[]: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id number: (Number) The ID of this resource.
labels GetFirewallFilteringRuleLabel[]: Labels that are applicable to the rule.
lastModifiedBies GetFirewallFilteringRuleLastModifiedBy[]
locationGroups GetFirewallFilteringRuleLocationGroup[]: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations GetFirewallFilteringRuleLocation[]: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: (String) The configured name of the entity
nwApplicationGroups GetFirewallFilteringRuleNwApplicationGroup[]: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications string[]: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups GetFirewallFilteringRuleNwServiceGroup[]: (Optional) Any number of predefined or custom network service groups to which the rule applies.
nwServices GetFirewallFilteringRuleNwService[]: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: (Boolean)
rank number: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups string[]: (Optional) Any number of source IP address groups that you want to control with this rule.
srcIps string[]: (Optional) You can enter individual IP addresses, subnets, or address ranges.
timeWindows GetFirewallFilteringRuleTimeWindow[]: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users GetFirewallFilteringRuleUser[]: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
action string: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description string: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
lastModifiedTime number: (Number)
state string: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

access_control str: (String)
app_service_groups GetFirewallFilteringRuleAppServiceGroup]: Application service groups on which this rule is applied
app_services GetFirewallFilteringRuleAppService]: Application services on which this rule is applied
default_rule bool: (Boolean)
departments GetFirewallFilteringRuleDepartment]: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
dest_addresses Sequence[str]: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
dest_countries Sequence[str]: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
dest_ip_categories Sequence[str]: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups Sequence[str]: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enable_full_logging bool: (Boolean)
groups GetFirewallFilteringRuleGroup]: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id int: (Number) The ID of this resource.
labels GetFirewallFilteringRuleLabel]: Labels that are applicable to the rule.
last_modified_bies GetFirewallFilteringRuleLastModifiedBy]
location_groups GetFirewallFilteringRuleLocationGroup]: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations GetFirewallFilteringRuleLocation]: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: (String) The configured name of the entity
nw_application_groups GetFirewallFilteringRuleNwApplicationGroup]: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nw_applications Sequence[str]: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nw_service_groups GetFirewallFilteringRuleNwServiceGroup]: (Optional) Any number of predefined or custom network service groups to which the rule applies.
nw_services GetFirewallFilteringRuleNwService]: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: (Boolean)
rank int: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
src_ip_groups Sequence[str]: (Optional) Any number of source IP address groups that you want to control with this rule.
src_ips Sequence[str]: (Optional) You can enter individual IP addresses, subnets, or address ranges.
time_windows GetFirewallFilteringRuleTimeWindow]: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users GetFirewallFilteringRuleUser]: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
action str: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description str: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
last_modified_time int: (Number)
state str: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

accessControl String: (String)
appServiceGroups List<Property Map>: Application service groups on which this rule is applied
appServices List<Property Map>: Application services on which this rule is applied
defaultRule Boolean: (Boolean)
departments List<Property Map>: (Optional) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
destAddresses List<String>: ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
destIpCategories List<String>: ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups List<String>: ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
enableFullLogging Boolean: (Boolean)
groups List<Property Map>: (Optional) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Number: (Number) The ID of this resource.
labels List<Property Map>: Labels that are applicable to the rule.
lastModifiedBies List<Property Map>
locationGroups List<Property Map>: (Optional) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<Property Map>: (Optional) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (String) The configured name of the entity
nwApplicationGroups List<Property Map>: (Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
nwApplications List<String>: (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.
nwServiceGroups List<Property Map>: (Optional) Any number of predefined or custom network service groups to which the rule applies.
nwServices List<Property Map>: (Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: (Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean)
rank Number: (Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
srcIpGroups List<String>: (Optional) Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: (Optional) You can enter individual IP addresses, subnets, or address ranges.
timeWindows List<Property Map>: (Optional) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<Property Map>: (Optional) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
action String: (Optional) Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
description String: (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
lastModifiedTime Number: (Number)
state String: (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

Supporting Types

GetFirewallFilteringRuleAppService

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleAppServiceGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleDepartment

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleLabel

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleLastModifiedBy

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleLocation

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleLocationGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleNwApplicationGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleNwService

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleNwServiceGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleTimeWindow

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallFilteringRuleUser

Extensions Dictionary<string, string>: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string: (Map of String)
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>: (Map of String)
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}: (Map of String)
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]: (Map of String)
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>: (Map of String)
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.