FirewallFilteringRule

pulumi-resource-zia v1.3.8, Mar 13 26

Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

The zia_firewall_filtering_rule resource manages firewall filtering rules in the Zscaler Internet Access (ZIA) cloud service. Cloud firewall rules control traffic that is forwarded to the Zscaler service for inspection, allowing you to allow, block, or apply specific actions based on source, destination, applications, and other criteria.

For more information, see the ZIA Cloud Firewall documentation.

Example Usage

Basic Firewall Filtering Rule

Example coming soon!

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := zia.NewFirewallFilteringRule(ctx, "example", &zia.FirewallFilteringRuleArgs{
			Name:        pulumi.String("Example Firewall Rule"),
			Description: pulumi.StringRef("Allow outbound traffic"),
			Order:       pulumi.Int(1),
			State:       pulumi.StringRef("ENABLED"),
			Action:      pulumi.StringRef("ALLOW"),
		})
		return err
	})
}

Example coming soon!

import * as zia from "@bdzscaler/pulumi-zia";

const example = new zia.FirewallFilteringRule("example", {
    name: "Example Firewall Rule",
    description: "Allow outbound traffic",
    order: 1,
    state: "ENABLED",
    action: "ALLOW",
});

import zscaler_pulumi_zia as zia

example = zia.FirewallFilteringRule("example",
    name="Example Firewall Rule",
    description="Allow outbound traffic",
    order=1,
    state="ENABLED",
    action="ALLOW",
)

resources:
  example:
    type: zia:FirewallFilteringRule
    properties:
      name: Example Firewall Rule
      description: Allow outbound traffic
      order: 1
      state: ENABLED
      action: ALLOW

Create FirewallFilteringRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallFilteringRule(name: string, args: FirewallFilteringRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallFilteringRule(resource_name: str,
                          args: FirewallFilteringRuleArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def FirewallFilteringRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          name: Optional[str] = None,
                          order: Optional[int] = None,
                          dest_ip_categories: Optional[Sequence[str]] = None,
                          app_services: Optional[Sequence[int]] = None,
                          departments: Optional[Sequence[int]] = None,
                          description: Optional[str] = None,
                          dest_addresses: Optional[Sequence[str]] = None,
                          dest_countries: Optional[Sequence[str]] = None,
                          action: Optional[str] = None,
                          dest_ip_groups: Optional[Sequence[int]] = None,
                          device_groups: Optional[Sequence[int]] = None,
                          device_trust_levels: Optional[Sequence[str]] = None,
                          devices: Optional[Sequence[int]] = None,
                          enable_full_logging: Optional[bool] = None,
                          exclude_src_countries: Optional[bool] = None,
                          groups: Optional[Sequence[int]] = None,
                          labels: Optional[Sequence[int]] = None,
                          location_groups: Optional[Sequence[int]] = None,
                          default_rule: Optional[bool] = None,
                          nw_application_groups: Optional[Sequence[int]] = None,
                          locations: Optional[Sequence[int]] = None,
                          nw_applications: Optional[Sequence[str]] = None,
                          nw_service_groups: Optional[Sequence[int]] = None,
                          nw_services: Optional[Sequence[int]] = None,
                          app_service_groups: Optional[Sequence[int]] = None,
                          predefined: Optional[bool] = None,
                          rank: Optional[int] = None,
                          source_countries: Optional[Sequence[str]] = None,
                          src_ip_groups: Optional[Sequence[int]] = None,
                          src_ips: Optional[Sequence[str]] = None,
                          state: Optional[str] = None,
                          time_windows: Optional[Sequence[int]] = None,
                          users: Optional[Sequence[int]] = None,
                          workload_groups: Optional[Sequence[WorkloadGroupInputArgs]] = None,
                          zpa_app_segments: Optional[Sequence[ZPAAppSegmentInputArgs]] = None)

func NewFirewallFilteringRule(ctx *Context, name string, args FirewallFilteringRuleArgs, opts ...ResourceOption) (*FirewallFilteringRule, error)

public FirewallFilteringRule(string name, FirewallFilteringRuleArgs args, CustomResourceOptions? opts = null)

public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args)
public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args, CustomResourceOptions options)

type: zia:FirewallFilteringRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallFilteringRuleResource = new Zia.FirewallFilteringRule("firewallFilteringRuleResource", new()
{
    Name = "string",
    Order = 0,
    DestIpCategories = new[]
    {
        "string",
    },
    AppServices = new[]
    {
        0,
    },
    Departments = new[]
    {
        0,
    },
    Description = "string",
    DestAddresses = new[]
    {
        "string",
    },
    DestCountries = new[]
    {
        "string",
    },
    Action = "string",
    DestIpGroups = new[]
    {
        0,
    },
    DeviceGroups = new[]
    {
        0,
    },
    DeviceTrustLevels = new[]
    {
        "string",
    },
    Devices = new[]
    {
        0,
    },
    EnableFullLogging = false,
    ExcludeSrcCountries = false,
    Groups = new[]
    {
        0,
    },
    Labels = new[]
    {
        0,
    },
    LocationGroups = new[]
    {
        0,
    },
    DefaultRule = false,
    NwApplicationGroups = new[]
    {
        0,
    },
    Locations = new[]
    {
        0,
    },
    NwApplications = new[]
    {
        "string",
    },
    NwServiceGroups = new[]
    {
        0,
    },
    NwServices = new[]
    {
        0,
    },
    AppServiceGroups = new[]
    {
        0,
    },
    Predefined = false,
    Rank = 0,
    SourceCountries = new[]
    {
        "string",
    },
    SrcIpGroups = new[]
    {
        0,
    },
    SrcIps = new[]
    {
        "string",
    },
    State = "string",
    TimeWindows = new[]
    {
        0,
    },
    Users = new[]
    {
        0,
    },
    WorkloadGroups = new[]
    {
        new Zia.Inputs.WorkloadGroupInputArgs
        {
            ResourceId = 0,
            Name = "string",
        },
    },
    ZpaAppSegments = new[]
    {
        new Zia.Inputs.ZPAAppSegmentInputArgs
        {
            ExternalId = "string",
            Name = "string",
        },
    },
});

example, err := zia.NewFirewallFilteringRule(ctx, "firewallFilteringRuleResource", &zia.FirewallFilteringRuleArgs{
	Name:  pulumi.String("string"),
	Order: pulumi.Int(0),
	DestIpCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	AppServices: pulumi.IntArray{
		pulumi.Int(0),
	},
	Departments: pulumi.IntArray{
		pulumi.Int(0),
	},
	Description: pulumi.String("string"),
	DestAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	Action: pulumi.String("string"),
	DestIpGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	DeviceGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	DeviceTrustLevels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Devices: pulumi.IntArray{
		pulumi.Int(0),
	},
	EnableFullLogging:   pulumi.Bool(false),
	ExcludeSrcCountries: pulumi.Bool(false),
	Groups: pulumi.IntArray{
		pulumi.Int(0),
	},
	Labels: pulumi.IntArray{
		pulumi.Int(0),
	},
	LocationGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	DefaultRule: pulumi.Bool(false),
	NwApplicationGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	Locations: pulumi.IntArray{
		pulumi.Int(0),
	},
	NwApplications: pulumi.StringArray{
		pulumi.String("string"),
	},
	NwServiceGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	NwServices: pulumi.IntArray{
		pulumi.Int(0),
	},
	AppServiceGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	Predefined: pulumi.Bool(false),
	Rank:       pulumi.Int(0),
	SourceCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	SrcIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	State: pulumi.String("string"),
	TimeWindows: pulumi.IntArray{
		pulumi.Int(0),
	},
	Users: pulumi.IntArray{
		pulumi.Int(0),
	},
	WorkloadGroups: pulumizia.WorkloadGroupInputTypeArray{
		&pulumizia.WorkloadGroupInputTypeArgs{
			ResourceId: pulumi.Int(0),
			Name:       pulumi.String("string"),
		},
	},
	ZpaAppSegments: pulumizia.ZPAAppSegmentInputArray{
		&pulumizia.ZPAAppSegmentInputArgs{
			ExternalId: pulumi.String("string"),
			Name:       pulumi.String("string"),
		},
	},
})

var firewallFilteringRuleResource = new FirewallFilteringRule("firewallFilteringRuleResource", FirewallFilteringRuleArgs.builder()
    .name("string")
    .order(0)
    .destIpCategories("string")
    .appServices(0)
    .departments(0)
    .description("string")
    .destAddresses("string")
    .destCountries("string")
    .action("string")
    .destIpGroups(0)
    .deviceGroups(0)
    .deviceTrustLevels("string")
    .devices(0)
    .enableFullLogging(false)
    .excludeSrcCountries(false)
    .groups(0)
    .labels(0)
    .locationGroups(0)
    .defaultRule(false)
    .nwApplicationGroups(0)
    .locations(0)
    .nwApplications("string")
    .nwServiceGroups(0)
    .nwServices(0)
    .appServiceGroups(0)
    .predefined(false)
    .rank(0)
    .sourceCountries("string")
    .srcIpGroups(0)
    .srcIps("string")
    .state("string")
    .timeWindows(0)
    .users(0)
    .workloadGroups(WorkloadGroupInputArgs.builder()
        .resourceId(0)
        .name("string")
        .build())
    .zpaAppSegments(ZPAAppSegmentInputArgs.builder()
        .externalId("string")
        .name("string")
        .build())
    .build());

firewall_filtering_rule_resource = zia.FirewallFilteringRule("firewallFilteringRuleResource",
    name="string",
    order=0,
    dest_ip_categories=["string"],
    app_services=[0],
    departments=[0],
    description="string",
    dest_addresses=["string"],
    dest_countries=["string"],
    action="string",
    dest_ip_groups=[0],
    device_groups=[0],
    device_trust_levels=["string"],
    devices=[0],
    enable_full_logging=False,
    exclude_src_countries=False,
    groups=[0],
    labels=[0],
    location_groups=[0],
    default_rule=False,
    nw_application_groups=[0],
    locations=[0],
    nw_applications=["string"],
    nw_service_groups=[0],
    nw_services=[0],
    app_service_groups=[0],
    predefined=False,
    rank=0,
    source_countries=["string"],
    src_ip_groups=[0],
    src_ips=["string"],
    state="string",
    time_windows=[0],
    users=[0],
    workload_groups=[{
        "resource_id": 0,
        "name": "string",
    }],
    zpa_app_segments=[{
        "external_id": "string",
        "name": "string",
    }])

const firewallFilteringRuleResource = new zia.FirewallFilteringRule("firewallFilteringRuleResource", {
    name: "string",
    order: 0,
    destIpCategories: ["string"],
    appServices: [0],
    departments: [0],
    description: "string",
    destAddresses: ["string"],
    destCountries: ["string"],
    action: "string",
    destIpGroups: [0],
    deviceGroups: [0],
    deviceTrustLevels: ["string"],
    devices: [0],
    enableFullLogging: false,
    excludeSrcCountries: false,
    groups: [0],
    labels: [0],
    locationGroups: [0],
    defaultRule: false,
    nwApplicationGroups: [0],
    locations: [0],
    nwApplications: ["string"],
    nwServiceGroups: [0],
    nwServices: [0],
    appServiceGroups: [0],
    predefined: false,
    rank: 0,
    sourceCountries: ["string"],
    srcIpGroups: [0],
    srcIps: ["string"],
    state: "string",
    timeWindows: [0],
    users: [0],
    workloadGroups: [{
        resourceId: 0,
        name: "string",
    }],
    zpaAppSegments: [{
        externalId: "string",
        name: "string",
    }],
});

type: zia:FirewallFilteringRule
properties:
    action: string
    appServiceGroups:
        - 0
    appServices:
        - 0
    defaultRule: false
    departments:
        - 0
    description: string
    destAddresses:
        - string
    destCountries:
        - string
    destIpCategories:
        - string
    destIpGroups:
        - 0
    deviceGroups:
        - 0
    deviceTrustLevels:
        - string
    devices:
        - 0
    enableFullLogging: false
    excludeSrcCountries: false
    groups:
        - 0
    labels:
        - 0
    locationGroups:
        - 0
    locations:
        - 0
    name: string
    nwApplicationGroups:
        - 0
    nwApplications:
        - string
    nwServiceGroups:
        - 0
    nwServices:
        - 0
    order: 0
    predefined: false
    rank: 0
    sourceCountries:
        - string
    srcIpGroups:
        - 0
    srcIps:
        - string
    state: string
    timeWindows:
        - 0
    users:
        - 0
    workloadGroups:
        - name: string
          resourceId: 0
    zpaAppSegments:
        - externalId: string
          name: string