Zscaler Internet Access v1.0.1, Jun 6 25

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zia.FirewallDNSRule

Explore with Pulumi AI

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zscaler/pulumi-zia

Example Usage

Create Firewall DNS Rules - Redirect Action

data "zia_department_management" "engineering" {
 name = "Engineering"
}

data "zia_group_management" "normal_internet" {
    name = "Normal_Internet"
}

data "zia_firewall_filtering_time_window" "work_hours" {
    name = "Work hours"
}

resource "zia_firewall_dns_rule" "this" {
    name = "Example_DNS_Rule01"
    description = "Example_DNS_Rule01"
    action = "REDIR_REQ"
    state = "ENABLED"
    order = 10
    rank = 7
    redirect_ip = "8.8.8.8"
    dest_countries = ["CA", "US"]
    source_countries = ["CA", "US"]
    protocols = ["ANY_RULE"]
    departments {
        id = [ data.zia_department_management.engineering.id ]
    }
    groups {
        id = [ data.zia_group_management.normal_internet.id ]
    }
    time_windows {
        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]
    }
}

Create Firewall DNS Rules - Redirect Request DOH

resource "zia_firewall_dns_rule" "this2" {
    name = "Example_DNS_Rule02"
    description = "Example_DNS_Rule02"
    action = "REDIR_REQ_DOH"
    state = "ENABLED"
    order = 12
    rank = 7
    dest_countries = ["CA", "US"]
    source_countries = ["CA", "US"]
    protocols = ["ANY_RULE"]
    dns_gateway {
      id = 18207342
      name = "DNS_GW01"
    }
}

Create Firewall DNS Rules - Redirect TCP Request

resource “zia.FirewallDNSRule” “this3” { name = “Example_DNS_Rule03” description = “Example_DNS_Rule03” action = “REDIR_REQ_TCP” state = “ENABLED” order = 13 rank = 7 dest_countries = [“CA”, “US”] source_countries = [“CA”, “US”] protocols = [“ANY_RULE”] dns_gateway { id = 18207342 name = “DNS_GW01” } }

Create FirewallDNSRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallDNSRule(name: string, args: FirewallDNSRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallDNSRule(resource_name: str,
                    args: FirewallDNSRuleArgs,
                    opts: Optional[ResourceOptions] = None)

@overload
def FirewallDNSRule(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    order: Optional[int] = None,
                    groups: Optional[FirewallDNSRuleGroupsArgs] = None,
                    applications: Optional[Sequence[str]] = None,
                    block_response_code: Optional[str] = None,
                    capture_pcap: Optional[bool] = None,
                    default_rule: Optional[bool] = None,
                    departments: Optional[FirewallDNSRuleDepartmentsArgs] = None,
                    description: Optional[str] = None,
                    dest_addresses: Optional[Sequence[str]] = None,
                    dest_countries: Optional[Sequence[str]] = None,
                    dest_ip_categories: Optional[Sequence[str]] = None,
                    dest_ip_groups: Optional[FirewallDNSRuleDestIpGroupsArgs] = None,
                    dest_ipv6_groups: Optional[FirewallDNSRuleDestIpv6GroupsArgs] = None,
                    device_groups: Optional[FirewallDNSRuleDeviceGroupsArgs] = None,
                    devices: Optional[FirewallDNSRuleDevicesArgs] = None,
                    dns_gateway: Optional[FirewallDNSRuleDnsGatewayArgs] = None,
                    dns_rule_request_types: Optional[Sequence[str]] = None,
                    action: Optional[str] = None,
                    edns_ecs_object: Optional[FirewallDNSRuleEdnsEcsObjectArgs] = None,
                    source_countries: Optional[Sequence[str]] = None,
                    location_groups: Optional[FirewallDNSRuleLocationGroupsArgs] = None,
                    locations: Optional[FirewallDNSRuleLocationsArgs] = None,
                    name: Optional[str] = None,
                    application_groups: Optional[FirewallDNSRuleApplicationGroupsArgs] = None,
                    predefined: Optional[bool] = None,
                    protocols: Optional[Sequence[str]] = None,
                    rank: Optional[int] = None,
                    redirect_ip: Optional[str] = None,
                    res_categories: Optional[Sequence[str]] = None,
                    labels: Optional[FirewallDNSRuleLabelsArgs] = None,
                    src_ip_groups: Optional[FirewallDNSRuleSrcIpGroupsArgs] = None,
                    src_ips: Optional[Sequence[str]] = None,
                    src_ipv6_groups: Optional[FirewallDNSRuleSrcIpv6GroupsArgs] = None,
                    state: Optional[str] = None,
                    time_windows: Optional[FirewallDNSRuleTimeWindowsArgs] = None,
                    users: Optional[FirewallDNSRuleUsersArgs] = None,
                    zpa_ip_group: Optional[FirewallDNSRuleZpaIpGroupArgs] = None)

func NewFirewallDNSRule(ctx *Context, name string, args FirewallDNSRuleArgs, opts ...ResourceOption) (*FirewallDNSRule, error)

public FirewallDNSRule(string name, FirewallDNSRuleArgs args, CustomResourceOptions? opts = null)

public FirewallDNSRule(String name, FirewallDNSRuleArgs args)
public FirewallDNSRule(String name, FirewallDNSRuleArgs args, CustomResourceOptions options)

type: zia:FirewallDNSRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallDNSRuleResource = new Zia.FirewallDNSRule("firewallDNSRuleResource", new()
{
    Order = 0,
    Groups = new Zia.Inputs.FirewallDNSRuleGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Applications = new[]
    {
        "string",
    },
    BlockResponseCode = "string",
    CapturePcap = false,
    DefaultRule = false,
    Departments = new Zia.Inputs.FirewallDNSRuleDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Description = "string",
    DestAddresses = new[]
    {
        "string",
    },
    DestCountries = new[]
    {
        "string",
    },
    DestIpCategories = new[]
    {
        "string",
    },
    DestIpGroups = new Zia.Inputs.FirewallDNSRuleDestIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DestIpv6Groups = new Zia.Inputs.FirewallDNSRuleDestIpv6GroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DeviceGroups = new Zia.Inputs.FirewallDNSRuleDeviceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Devices = new Zia.Inputs.FirewallDNSRuleDevicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DnsGateway = new Zia.Inputs.FirewallDNSRuleDnsGatewayArgs
    {
        Id = 0,
        Name = "string",
    },
    DnsRuleRequestTypes = new[]
    {
        "string",
    },
    Action = "string",
    EdnsEcsObject = new Zia.Inputs.FirewallDNSRuleEdnsEcsObjectArgs
    {
        Id = 0,
        Name = "string",
    },
    SourceCountries = new[]
    {
        "string",
    },
    LocationGroups = new Zia.Inputs.FirewallDNSRuleLocationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Locations = new Zia.Inputs.FirewallDNSRuleLocationsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Name = "string",
    ApplicationGroups = new Zia.Inputs.FirewallDNSRuleApplicationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Predefined = false,
    Protocols = new[]
    {
        "string",
    },
    Rank = 0,
    RedirectIp = "string",
    ResCategories = new[]
    {
        "string",
    },
    Labels = new Zia.Inputs.FirewallDNSRuleLabelsArgs
    {
        Id = 0,
    },
    SrcIpGroups = new Zia.Inputs.FirewallDNSRuleSrcIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    SrcIps = new[]
    {
        "string",
    },
    SrcIpv6Groups = new Zia.Inputs.FirewallDNSRuleSrcIpv6GroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    State = "string",
    TimeWindows = new Zia.Inputs.FirewallDNSRuleTimeWindowsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Users = new Zia.Inputs.FirewallDNSRuleUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ZpaIpGroup = new Zia.Inputs.FirewallDNSRuleZpaIpGroupArgs
    {
        Id = 0,
        Name = "string",
    },
});

example, err := zia.NewFirewallDNSRule(ctx, "firewallDNSRuleResource", &zia.FirewallDNSRuleArgs{
	Order: pulumi.Int(0),
	Groups: &zia.FirewallDNSRuleGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Applications: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlockResponseCode: pulumi.String("string"),
	CapturePcap:       pulumi.Bool(false),
	DefaultRule:       pulumi.Bool(false),
	Departments: &zia.FirewallDNSRuleDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Description: pulumi.String("string"),
	DestAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpGroups: &zia.FirewallDNSRuleDestIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DestIpv6Groups: &zia.FirewallDNSRuleDestIpv6GroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DeviceGroups: &zia.FirewallDNSRuleDeviceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Devices: &zia.FirewallDNSRuleDevicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DnsGateway: &zia.FirewallDNSRuleDnsGatewayArgs{
		Id:   pulumi.Int(0),
		Name: pulumi.String("string"),
	},
	DnsRuleRequestTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Action: pulumi.String("string"),
	EdnsEcsObject: &zia.FirewallDNSRuleEdnsEcsObjectArgs{
		Id:   pulumi.Int(0),
		Name: pulumi.String("string"),
	},
	SourceCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	LocationGroups: &zia.FirewallDNSRuleLocationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Locations: &zia.FirewallDNSRuleLocationsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Name: pulumi.String("string"),
	ApplicationGroups: &zia.FirewallDNSRuleApplicationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Predefined: pulumi.Bool(false),
	Protocols: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rank:       pulumi.Int(0),
	RedirectIp: pulumi.String("string"),
	ResCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	Labels: &zia.FirewallDNSRuleLabelsArgs{
		Id: pulumi.Int(0),
	},
	SrcIpGroups: &zia.FirewallDNSRuleSrcIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	SrcIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpv6Groups: &zia.FirewallDNSRuleSrcIpv6GroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	State: pulumi.String("string"),
	TimeWindows: &zia.FirewallDNSRuleTimeWindowsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Users: &zia.FirewallDNSRuleUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ZpaIpGroup: &zia.FirewallDNSRuleZpaIpGroupArgs{
		Id:   pulumi.Int(0),
		Name: pulumi.String("string"),
	},
})

var firewallDNSRuleResource = new FirewallDNSRule("firewallDNSRuleResource", FirewallDNSRuleArgs.builder()
    .order(0)
    .groups(FirewallDNSRuleGroupsArgs.builder()
        .ids(0)
        .build())
    .applications("string")
    .blockResponseCode("string")
    .capturePcap(false)
    .defaultRule(false)
    .departments(FirewallDNSRuleDepartmentsArgs.builder()
        .ids(0)
        .build())
    .description("string")
    .destAddresses("string")
    .destCountries("string")
    .destIpCategories("string")
    .destIpGroups(FirewallDNSRuleDestIpGroupsArgs.builder()
        .ids(0)
        .build())
    .destIpv6Groups(FirewallDNSRuleDestIpv6GroupsArgs.builder()
        .ids(0)
        .build())
    .deviceGroups(FirewallDNSRuleDeviceGroupsArgs.builder()
        .ids(0)
        .build())
    .devices(FirewallDNSRuleDevicesArgs.builder()
        .ids(0)
        .build())
    .dnsGateway(FirewallDNSRuleDnsGatewayArgs.builder()
        .id(0)
        .name("string")
        .build())
    .dnsRuleRequestTypes("string")
    .action("string")
    .ednsEcsObject(FirewallDNSRuleEdnsEcsObjectArgs.builder()
        .id(0)
        .name("string")
        .build())
    .sourceCountries("string")
    .locationGroups(FirewallDNSRuleLocationGroupsArgs.builder()
        .ids(0)
        .build())
    .locations(FirewallDNSRuleLocationsArgs.builder()
        .ids(0)
        .build())
    .name("string")
    .applicationGroups(FirewallDNSRuleApplicationGroupsArgs.builder()
        .ids(0)
        .build())
    .predefined(false)
    .protocols("string")
    .rank(0)
    .redirectIp("string")
    .resCategories("string")
    .labels(FirewallDNSRuleLabelsArgs.builder()
        .id(0)
        .build())
    .srcIpGroups(FirewallDNSRuleSrcIpGroupsArgs.builder()
        .ids(0)
        .build())
    .srcIps("string")
    .srcIpv6Groups(FirewallDNSRuleSrcIpv6GroupsArgs.builder()
        .ids(0)
        .build())
    .state("string")
    .timeWindows(FirewallDNSRuleTimeWindowsArgs.builder()
        .ids(0)
        .build())
    .users(FirewallDNSRuleUsersArgs.builder()
        .ids(0)
        .build())
    .zpaIpGroup(FirewallDNSRuleZpaIpGroupArgs.builder()
        .id(0)
        .name("string")
        .build())
    .build());

firewall_dns_rule_resource = zia.FirewallDNSRule("firewallDNSRuleResource",
    order=0,
    groups={
        "ids": [0],
    },
    applications=["string"],
    block_response_code="string",
    capture_pcap=False,
    default_rule=False,
    departments={
        "ids": [0],
    },
    description="string",
    dest_addresses=["string"],
    dest_countries=["string"],
    dest_ip_categories=["string"],
    dest_ip_groups={
        "ids": [0],
    },
    dest_ipv6_groups={
        "ids": [0],
    },
    device_groups={
        "ids": [0],
    },
    devices={
        "ids": [0],
    },
    dns_gateway={
        "id": 0,
        "name": "string",
    },
    dns_rule_request_types=["string"],
    action="string",
    edns_ecs_object={
        "id": 0,
        "name": "string",
    },
    source_countries=["string"],
    location_groups={
        "ids": [0],
    },
    locations={
        "ids": [0],
    },
    name="string",
    application_groups={
        "ids": [0],
    },
    predefined=False,
    protocols=["string"],
    rank=0,
    redirect_ip="string",
    res_categories=["string"],
    labels={
        "id": 0,
    },
    src_ip_groups={
        "ids": [0],
    },
    src_ips=["string"],
    src_ipv6_groups={
        "ids": [0],
    },
    state="string",
    time_windows={
        "ids": [0],
    },
    users={
        "ids": [0],
    },
    zpa_ip_group={
        "id": 0,
        "name": "string",
    })

const firewallDNSRuleResource = new zia.FirewallDNSRule("firewallDNSRuleResource", {
    order: 0,
    groups: {
        ids: [0],
    },
    applications: ["string"],
    blockResponseCode: "string",
    capturePcap: false,
    defaultRule: false,
    departments: {
        ids: [0],
    },
    description: "string",
    destAddresses: ["string"],
    destCountries: ["string"],
    destIpCategories: ["string"],
    destIpGroups: {
        ids: [0],
    },
    destIpv6Groups: {
        ids: [0],
    },
    deviceGroups: {
        ids: [0],
    },
    devices: {
        ids: [0],
    },
    dnsGateway: {
        id: 0,
        name: "string",
    },
    dnsRuleRequestTypes: ["string"],
    action: "string",
    ednsEcsObject: {
        id: 0,
        name: "string",
    },
    sourceCountries: ["string"],
    locationGroups: {
        ids: [0],
    },
    locations: {
        ids: [0],
    },
    name: "string",
    applicationGroups: {
        ids: [0],
    },
    predefined: false,
    protocols: ["string"],
    rank: 0,
    redirectIp: "string",
    resCategories: ["string"],
    labels: {
        id: 0,
    },
    srcIpGroups: {
        ids: [0],
    },
    srcIps: ["string"],
    srcIpv6Groups: {
        ids: [0],
    },
    state: "string",
    timeWindows: {
        ids: [0],
    },
    users: {
        ids: [0],
    },
    zpaIpGroup: {
        id: 0,
        name: "string",
    },
});

type: zia:FirewallDNSRule
properties:
    action: string
    applicationGroups:
        ids:
            - 0
    applications:
        - string
    blockResponseCode: string
    capturePcap: false
    defaultRule: false
    departments:
        ids:
            - 0
    description: string
    destAddresses:
        - string
    destCountries:
        - string
    destIpCategories:
        - string
    destIpGroups:
        ids:
            - 0
    destIpv6Groups:
        ids:
            - 0
    deviceGroups:
        ids:
            - 0
    devices:
        ids:
            - 0
    dnsGateway:
        id: 0
        name: string
    dnsRuleRequestTypes:
        - string
    ednsEcsObject:
        id: 0
        name: string
    groups:
        ids:
            - 0
    labels:
        id: 0
    locationGroups:
        ids:
            - 0
    locations:
        ids:
            - 0
    name: string
    order: 0
    predefined: false
    protocols:
        - string
    rank: 0
    redirectIp: string
    resCategories:
        - string
    sourceCountries:
        - string
    srcIpGroups:
        ids:
            - 0
    srcIps:
        - string
    srcIpv6Groups:
        ids:
            - 0
    state: string
    timeWindows:
        ids:
            - 0
    users:
        ids:
            - 0
    zpaIpGroup:
        id: 0
        name: string

FirewallDNSRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallDNSRule resource accepts the following input properties:

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
Applications List<string>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsGateway zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
DnsRuleRequestTypes List<string>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
EdnsEcsObject zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the Firewall Filtering policy rule
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols List<string>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaIpGroup zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups FirewallDNSRuleApplicationGroupsArgs: (List of Objects) DNS application groups to which the rule applies
Applications []string: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments FirewallDNSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallDNSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups FirewallDNSRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups FirewallDNSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices FirewallDNSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsGateway FirewallDNSRuleDnsGatewayArgs: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
DnsRuleRequestTypes []string: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
EdnsEcsObject FirewallDNSRuleEdnsEcsObjectArgs: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
Groups FirewallDNSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallDNSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups FirewallDNSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallDNSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the Firewall Filtering policy rule
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols []string: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups FirewallDNSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups FirewallDNSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows FirewallDNSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallDNSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaIpGroup FirewallDNSRuleZpaIpGroupArgs: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallDNSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the Firewall Filtering policy rule
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
applications string[]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallDNSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes string[]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: Name of the Firewall Filtering policy rule
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols string[]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
application_groups FirewallDNSRuleApplicationGroupsArgs: (List of Objects) DNS application groups to which the rule applies
applications Sequence[str]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
block_response_code str: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallDNSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups FirewallDNSRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups FirewallDNSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dns_gateway FirewallDNSRuleDnsGatewayArgs: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dns_rule_request_types Sequence[str]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
edns_ecs_object FirewallDNSRuleEdnsEcsObjectArgs: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups FirewallDNSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: Name of the Firewall Filtering policy rule
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols Sequence[str]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirect_ip str: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups FirewallDNSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups FirewallDNSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
time_windows FirewallDNSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_ip_group FirewallDNSRuleZpaIpGroupArgs: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups Property Map: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway Property Map: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject Property Map: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the Firewall Filtering policy rule
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup Property Map: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallDNSRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing FirewallDNSRule Resource

Get an existing FirewallDNSRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallDNSRuleState, opts?: CustomResourceOptions): FirewallDNSRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        application_groups: Optional[FirewallDNSRuleApplicationGroupsArgs] = None,
        applications: Optional[Sequence[str]] = None,
        block_response_code: Optional[str] = None,
        capture_pcap: Optional[bool] = None,
        default_rule: Optional[bool] = None,
        departments: Optional[FirewallDNSRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dest_addresses: Optional[Sequence[str]] = None,
        dest_countries: Optional[Sequence[str]] = None,
        dest_ip_categories: Optional[Sequence[str]] = None,
        dest_ip_groups: Optional[FirewallDNSRuleDestIpGroupsArgs] = None,
        dest_ipv6_groups: Optional[FirewallDNSRuleDestIpv6GroupsArgs] = None,
        device_groups: Optional[FirewallDNSRuleDeviceGroupsArgs] = None,
        devices: Optional[FirewallDNSRuleDevicesArgs] = None,
        dns_gateway: Optional[FirewallDNSRuleDnsGatewayArgs] = None,
        dns_rule_request_types: Optional[Sequence[str]] = None,
        edns_ecs_object: Optional[FirewallDNSRuleEdnsEcsObjectArgs] = None,
        groups: Optional[FirewallDNSRuleGroupsArgs] = None,
        labels: Optional[FirewallDNSRuleLabelsArgs] = None,
        location_groups: Optional[FirewallDNSRuleLocationGroupsArgs] = None,
        locations: Optional[FirewallDNSRuleLocationsArgs] = None,
        name: Optional[str] = None,
        order: Optional[int] = None,
        predefined: Optional[bool] = None,
        protocols: Optional[Sequence[str]] = None,
        rank: Optional[int] = None,
        redirect_ip: Optional[str] = None,
        res_categories: Optional[Sequence[str]] = None,
        rule_id: Optional[int] = None,
        source_countries: Optional[Sequence[str]] = None,
        src_ip_groups: Optional[FirewallDNSRuleSrcIpGroupsArgs] = None,
        src_ips: Optional[Sequence[str]] = None,
        src_ipv6_groups: Optional[FirewallDNSRuleSrcIpv6GroupsArgs] = None,
        state: Optional[str] = None,
        time_windows: Optional[FirewallDNSRuleTimeWindowsArgs] = None,
        users: Optional[FirewallDNSRuleUsersArgs] = None,
        zpa_ip_group: Optional[FirewallDNSRuleZpaIpGroupArgs] = None) -> FirewallDNSRule

func GetFirewallDNSRule(ctx *Context, name string, id IDInput, state *FirewallDNSRuleState, opts ...ResourceOption) (*FirewallDNSRule, error)

public static FirewallDNSRule Get(string name, Input<string> id, FirewallDNSRuleState? state, CustomResourceOptions? opts = null)

public static FirewallDNSRule get(String name, Output<String> id, FirewallDNSRuleState state, CustomResourceOptions options)

resources:  _:    type: zia:FirewallDNSRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
Applications List<string>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsGateway zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
DnsRuleRequestTypes List<string>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
EdnsEcsObject zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the Firewall Filtering policy rule
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols List<string>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaIpGroup zscaler.PulumiPackage.Zia.Inputs.FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups FirewallDNSRuleApplicationGroupsArgs: (List of Objects) DNS application groups to which the rule applies
Applications []string: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments FirewallDNSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallDNSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups FirewallDNSRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups FirewallDNSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices FirewallDNSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsGateway FirewallDNSRuleDnsGatewayArgs: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
DnsRuleRequestTypes []string: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
EdnsEcsObject FirewallDNSRuleEdnsEcsObjectArgs: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
Groups FirewallDNSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallDNSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups FirewallDNSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallDNSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: Name of the Firewall Filtering policy rule
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols []string: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups FirewallDNSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups FirewallDNSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows FirewallDNSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallDNSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaIpGroup FirewallDNSRuleZpaIpGroupArgs: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallDNSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the Firewall Filtering policy rule
order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Integer
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups FirewallDNSRuleApplicationGroups: (List of Objects) DNS application groups to which the rule applies
applications string[]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallDNSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallDNSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallDNSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway FirewallDNSRuleDnsGateway: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes string[]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject FirewallDNSRuleEdnsEcsObject: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallDNSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: Name of the Firewall Filtering policy rule
order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols string[]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId number
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallDNSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallDNSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows FirewallDNSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup FirewallDNSRuleZpaIpGroup: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
application_groups FirewallDNSRuleApplicationGroupsArgs: (List of Objects) DNS application groups to which the rule applies
applications Sequence[str]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
block_response_code str: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments FirewallDNSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallDNSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups FirewallDNSRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups FirewallDNSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallDNSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dns_gateway FirewallDNSRuleDnsGatewayArgs: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dns_rule_request_types Sequence[str]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
edns_ecs_object FirewallDNSRuleEdnsEcsObjectArgs: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups FirewallDNSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallDNSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups FirewallDNSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallDNSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: Name of the Firewall Filtering policy rule
order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols Sequence[str]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirect_ip str: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
rule_id int
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups FirewallDNSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups FirewallDNSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
time_windows FirewallDNSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallDNSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_ip_group FirewallDNSRuleZpaIpGroupArgs: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups Property Map: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsGateway Property Map: (Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
ednsEcsObject Property Map: (List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: Name of the Firewall Filtering policy rule
order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Number
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaIpGroup Property Map: (Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.

Supporting Types

FirewallDNSRuleApplicationGroups, FirewallDNSRuleApplicationGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDepartments, FirewallDNSRuleDepartmentsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDestIpGroups, FirewallDNSRuleDestIpGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDestIpv6Groups, FirewallDNSRuleDestIpv6GroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDeviceGroups, FirewallDNSRuleDeviceGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDevices, FirewallDNSRuleDevicesArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleDnsGateway, FirewallDNSRuleDnsGatewayArgs

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

FirewallDNSRuleEdnsEcsObject, FirewallDNSRuleEdnsEcsObjectArgs

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

FirewallDNSRuleGroups, FirewallDNSRuleGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleLabels, FirewallDNSRuleLabelsArgs

Id int: Unique identifier for the Firewall Filtering policy rule

Id int: Unique identifier for the Firewall Filtering policy rule

id Integer: Unique identifier for the Firewall Filtering policy rule

id number: Unique identifier for the Firewall Filtering policy rule

id int: Unique identifier for the Firewall Filtering policy rule

id Number: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleLocationGroups, FirewallDNSRuleLocationGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleLocations, FirewallDNSRuleLocationsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleSrcIpGroups, FirewallDNSRuleSrcIpGroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleSrcIpv6Groups, FirewallDNSRuleSrcIpv6GroupsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleTimeWindows, FirewallDNSRuleTimeWindowsArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleUsers, FirewallDNSRuleUsersArgs

Ids List<int>: Unique identifier for the Firewall Filtering policy rule

Ids []int: Unique identifier for the Firewall Filtering policy rule

ids List<Integer>: Unique identifier for the Firewall Filtering policy rule

ids number[]: Unique identifier for the Firewall Filtering policy rule

ids Sequence[int]: Unique identifier for the Firewall Filtering policy rule

ids List<Number>: Unique identifier for the Firewall Filtering policy rule

FirewallDNSRuleZpaIpGroup, FirewallDNSRuleZpaIpGroupArgs

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zscaler/pulumi-zia

zia.FirewallDNSRule

On this page

On this page

Example Usage

Create Firewall DNS Rules - Redirect Action

Create Firewall DNS Rules - Redirect Request DOH

Create Firewall DNS Rules - Redirect TCP Request

Create FirewallDNSRule Resource

Constructor syntax

Parameters

Constructor example

FirewallDNSRule Resource Properties

Inputs

Outputs

Look up Existing FirewallDNSRule Resource

Supporting Types

FirewallDNSRuleApplicationGroups, FirewallDNSRuleApplicationGroupsArgs

FirewallDNSRuleDepartments, FirewallDNSRuleDepartmentsArgs

FirewallDNSRuleDestIpGroups, FirewallDNSRuleDestIpGroupsArgs

FirewallDNSRuleDestIpv6Groups, FirewallDNSRuleDestIpv6GroupsArgs

FirewallDNSRuleDeviceGroups, FirewallDNSRuleDeviceGroupsArgs

FirewallDNSRuleDevices, FirewallDNSRuleDevicesArgs

FirewallDNSRuleDnsGateway, FirewallDNSRuleDnsGatewayArgs

FirewallDNSRuleEdnsEcsObject, FirewallDNSRuleEdnsEcsObjectArgs

FirewallDNSRuleGroups, FirewallDNSRuleGroupsArgs

FirewallDNSRuleLabels, FirewallDNSRuleLabelsArgs

FirewallDNSRuleLocationGroups, FirewallDNSRuleLocationGroupsArgs

FirewallDNSRuleLocations, FirewallDNSRuleLocationsArgs

FirewallDNSRuleSrcIpGroups, FirewallDNSRuleSrcIpGroupsArgs

FirewallDNSRuleSrcIpv6Groups, FirewallDNSRuleSrcIpv6GroupsArgs

FirewallDNSRuleTimeWindows, FirewallDNSRuleTimeWindowsArgs

FirewallDNSRuleUsers, FirewallDNSRuleUsersArgs

FirewallDNSRuleZpaIpGroup, FirewallDNSRuleZpaIpGroupArgs

Package Details

On this page

On this page