1. Packages
  2. Zscaler Internet Access (ZIA)
  3. API Docs
  4. FirewallFilteringRule
Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler

zia.FirewallFilteringRule

Explore with Pulumi AI

zia logo
Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler

    The zia_firewall_filtering_rule resource allows the creation and management of ZIA Cloud Firewall filtering rules in the Zscaler Internet Access.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as zia from "@bdzscaler/pulumi-zia";
    import * as zia from "@pulumi/zia";
    
    const zscalerProxyNwServices = zia.getFirewallFilteringNetworkServices({
        name: "ZSCALER_PROXY_NW_SERVICES",
    });
    const engineering = zia.getDepartmentManagement({
        name: "Engineering",
    });
    const normalInternet = zia.getGroupManagement({
        name: "Normal_Internet",
    });
    const workHours = zia.getTimeWindow({
        name: "Work hours",
    });
    const example = new zia.FirewallFilteringRule("example", {
        description: "Example",
        action: "ALLOW",
        state: "ENABLED",
        order: 1,
        enableFullLogging: true,
        nwServices: {
            ids: [zscalerProxyNwServices.then(zscalerProxyNwServices => zscalerProxyNwServices.id)],
        },
        departments: {
            ids: [engineering.then(engineering => engineering.id)],
        },
        groups: {
            ids: [normalInternet.then(normalInternet => normalInternet.id)],
        },
        timeWindows: {
            ids: [workHours.then(workHours => workHours.id)],
        },
    });
    
    import pulumi
    import pulumi_zia as zia
    import zscaler_pulumi_zia as zia
    
    zscaler_proxy_nw_services = zia.get_firewall_filtering_network_services(name="ZSCALER_PROXY_NW_SERVICES")
    engineering = zia.get_department_management(name="Engineering")
    normal_internet = zia.get_group_management(name="Normal_Internet")
    work_hours = zia.get_time_window(name="Work hours")
    example = zia.FirewallFilteringRule("example",
        description="Example",
        action="ALLOW",
        state="ENABLED",
        order=1,
        enable_full_logging=True,
        nw_services=zia.FirewallFilteringRuleNwServicesArgs(
            ids=[zscaler_proxy_nw_services.id],
        ),
        departments=zia.FirewallFilteringRuleDepartmentsArgs(
            ids=[engineering.id],
        ),
        groups=zia.FirewallFilteringRuleGroupsArgs(
            ids=[normal_internet.id],
        ),
        time_windows=zia.FirewallFilteringRuleTimeWindowsArgs(
            ids=[work_hours.id],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/zscaler/pulumi-zia/sdk/go/zia"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		zscalerProxyNwServices, err := zia.LookupFirewallFilteringNetworkServices(ctx, &zia.LookupFirewallFilteringNetworkServicesArgs{
    			Name: pulumi.StringRef("ZSCALER_PROXY_NW_SERVICES"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		engineering, err := zia.GetDepartmentManagement(ctx, &zia.GetDepartmentManagementArgs{
    			Name: pulumi.StringRef("Engineering"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		normalInternet, err := zia.GetGroupManagement(ctx, &zia.GetGroupManagementArgs{
    			Name: pulumi.StringRef("Normal_Internet"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		workHours, err := zia.GetTimeWindow(ctx, &zia.GetTimeWindowArgs{
    			Name: pulumi.StringRef("Work hours"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = zia.NewFirewallFilteringRule(ctx, "example", &zia.FirewallFilteringRuleArgs{
    			Description:       pulumi.String("Example"),
    			Action:            pulumi.String("ALLOW"),
    			State:             pulumi.String("ENABLED"),
    			Order:             pulumi.Int(1),
    			EnableFullLogging: pulumi.Bool(true),
    			NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
    				Ids: pulumi.IntArray{
    					pulumi.Int(zscalerProxyNwServices.Id),
    				},
    			},
    			Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
    				Ids: pulumi.IntArray{
    					pulumi.Int(engineering.Id),
    				},
    			},
    			Groups: &zia.FirewallFilteringRuleGroupsArgs{
    				Ids: pulumi.IntArray{
    					pulumi.Int(normalInternet.Id),
    				},
    			},
    			TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
    				Ids: pulumi.IntArray{
    					pulumi.Int(workHours.Id),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Zia = Pulumi.Zia;
    using Zia = zscaler.PulumiPackage.Zia;
    
    return await Deployment.RunAsync(() => 
    {
        var zscalerProxyNwServices = Zia.GetFirewallFilteringNetworkServices.Invoke(new()
        {
            Name = "ZSCALER_PROXY_NW_SERVICES",
        });
    
        var engineering = Zia.GetDepartmentManagement.Invoke(new()
        {
            Name = "Engineering",
        });
    
        var normalInternet = Zia.GetGroupManagement.Invoke(new()
        {
            Name = "Normal_Internet",
        });
    
        var workHours = Zia.GetTimeWindow.Invoke(new()
        {
            Name = "Work hours",
        });
    
        var example = new Zia.FirewallFilteringRule("example", new()
        {
            Description = "Example",
            Action = "ALLOW",
            State = "ENABLED",
            Order = 1,
            EnableFullLogging = true,
            NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
            {
                Ids = new[]
                {
                    zscalerProxyNwServices.Apply(getFirewallFilteringNetworkServicesResult => getFirewallFilteringNetworkServicesResult.Id),
                },
            },
            Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
            {
                Ids = new[]
                {
                    engineering.Apply(getDepartmentManagementResult => getDepartmentManagementResult.Id),
                },
            },
            Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
            {
                Ids = new[]
                {
                    normalInternet.Apply(getGroupManagementResult => getGroupManagementResult.Id),
                },
            },
            TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
            {
                Ids = new[]
                {
                    workHours.Apply(getTimeWindowResult => getTimeWindowResult.Id),
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.zia.ZiaFunctions;
    import com.pulumi.zia.inputs.GetFirewallFilteringNetworkServicesArgs;
    import com.pulumi.zia.inputs.GetDepartmentManagementArgs;
    import com.pulumi.zia.inputs.GetGroupManagementArgs;
    import com.pulumi.zia.inputs.GetTimeWindowArgs;
    import com.pulumi.zia.FirewallFilteringRule;
    import com.pulumi.zia.FirewallFilteringRuleArgs;
    import com.pulumi.zia.inputs.FirewallFilteringRuleNwServicesArgs;
    import com.pulumi.zia.inputs.FirewallFilteringRuleDepartmentsArgs;
    import com.pulumi.zia.inputs.FirewallFilteringRuleGroupsArgs;
    import com.pulumi.zia.inputs.FirewallFilteringRuleTimeWindowsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var zscalerProxyNwServices = ZiaFunctions.getFirewallFilteringNetworkServices(GetFirewallFilteringNetworkServicesArgs.builder()
                .name("ZSCALER_PROXY_NW_SERVICES")
                .build());
    
            final var engineering = ZiaFunctions.getDepartmentManagement(GetDepartmentManagementArgs.builder()
                .name("Engineering")
                .build());
    
            final var normalInternet = ZiaFunctions.getGroupManagement(GetGroupManagementArgs.builder()
                .name("Normal_Internet")
                .build());
    
            final var workHours = ZiaFunctions.getTimeWindow(GetTimeWindowArgs.builder()
                .name("Work hours")
                .build());
    
            var example = new FirewallFilteringRule("example", FirewallFilteringRuleArgs.builder()        
                .description("Example")
                .action("ALLOW")
                .state("ENABLED")
                .order(1)
                .enableFullLogging(true)
                .nwServices(FirewallFilteringRuleNwServicesArgs.builder()
                    .ids(zscalerProxyNwServices.applyValue(getFirewallFilteringNetworkServicesResult -> getFirewallFilteringNetworkServicesResult.id()))
                    .build())
                .departments(FirewallFilteringRuleDepartmentsArgs.builder()
                    .ids(engineering.applyValue(getDepartmentManagementResult -> getDepartmentManagementResult.id()))
                    .build())
                .groups(FirewallFilteringRuleGroupsArgs.builder()
                    .ids(normalInternet.applyValue(getGroupManagementResult -> getGroupManagementResult.id()))
                    .build())
                .timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
                    .ids(workHours.applyValue(getTimeWindowResult -> getTimeWindowResult.id()))
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: zia:FirewallFilteringRule
        properties:
          description: Example
          action: ALLOW
          state: ENABLED
          order: 1
          enableFullLogging: true
          nwServices:
            ids:
              - ${zscalerProxyNwServices.id}
          departments:
            ids:
              - ${engineering.id}
          groups:
            ids:
              - ${normalInternet.id}
          timeWindows:
            ids:
              - ${workHours.id}
    variables:
      zscalerProxyNwServices:
        fn::invoke:
          Function: zia:getFirewallFilteringNetworkServices
          Arguments:
            name: ZSCALER_PROXY_NW_SERVICES
      engineering:
        fn::invoke:
          Function: zia:getDepartmentManagement
          Arguments:
            name: Engineering
      normalInternet:
        fn::invoke:
          Function: zia:getGroupManagement
          Arguments:
            name: Normal_Internet
      workHours:
        fn::invoke:
          Function: zia:getTimeWindow
          Arguments:
            name: Work hours
    

    Create FirewallFilteringRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallFilteringRule(name: string, args?: FirewallFilteringRuleArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallFilteringRule(resource_name: str,
                              args: Optional[FirewallFilteringRuleArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def FirewallFilteringRule(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              action: Optional[str] = None,
                              app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
                              app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
                              default_rule: Optional[bool] = None,
                              departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
                              description: Optional[str] = None,
                              dest_addresses: Optional[Sequence[str]] = None,
                              dest_countries: Optional[Sequence[str]] = None,
                              dest_ip_categories: Optional[Sequence[str]] = None,
                              dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
                              device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
                              device_trust_levels: Optional[Sequence[str]] = None,
                              devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
                              enable_full_logging: Optional[bool] = None,
                              groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
                              labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
                              location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
                              locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
                              name: Optional[str] = None,
                              nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
                              nw_applications: Optional[Sequence[str]] = None,
                              nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
                              nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
                              order: Optional[int] = None,
                              predefined: Optional[bool] = None,
                              rank: Optional[int] = None,
                              src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
                              src_ips: Optional[Sequence[str]] = None,
                              state: Optional[str] = None,
                              time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
                              users: Optional[FirewallFilteringRuleUsersArgs] = None,
                              workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
                              zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None)
    func NewFirewallFilteringRule(ctx *Context, name string, args *FirewallFilteringRuleArgs, opts ...ResourceOption) (*FirewallFilteringRule, error)
    public FirewallFilteringRule(string name, FirewallFilteringRuleArgs? args = null, CustomResourceOptions? opts = null)
    public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args)
    public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args, CustomResourceOptions options)
    
    type: zia:FirewallFilteringRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallFilteringRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallFilteringRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallFilteringRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallFilteringRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallFilteringRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var firewallFilteringRuleResource = new Zia.FirewallFilteringRule("firewallFilteringRuleResource", new()
    {
        Action = "string",
        AppServiceGroups = new Zia.Inputs.FirewallFilteringRuleAppServiceGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        AppServices = new Zia.Inputs.FirewallFilteringRuleAppServicesArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        DefaultRule = false,
        Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Description = "string",
        DestAddresses = new[]
        {
            "string",
        },
        DestCountries = new[]
        {
            "string",
        },
        DestIpCategories = new[]
        {
            "string",
        },
        DestIpGroups = new Zia.Inputs.FirewallFilteringRuleDestIpGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        DeviceGroups = new Zia.Inputs.FirewallFilteringRuleDeviceGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        DeviceTrustLevels = new[]
        {
            "string",
        },
        Devices = new Zia.Inputs.FirewallFilteringRuleDevicesArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        EnableFullLogging = false,
        Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Labels = new Zia.Inputs.FirewallFilteringRuleLabelsArgs
        {
            Id = 0,
        },
        LocationGroups = new Zia.Inputs.FirewallFilteringRuleLocationGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Locations = new Zia.Inputs.FirewallFilteringRuleLocationsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Name = "string",
        NwApplicationGroups = new Zia.Inputs.FirewallFilteringRuleNwApplicationGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        NwApplications = new[]
        {
            "string",
        },
        NwServiceGroups = new Zia.Inputs.FirewallFilteringRuleNwServiceGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Order = 0,
        Predefined = false,
        Rank = 0,
        SrcIpGroups = new Zia.Inputs.FirewallFilteringRuleSrcIpGroupsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        SrcIps = new[]
        {
            "string",
        },
        State = "string",
        TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        Users = new Zia.Inputs.FirewallFilteringRuleUsersArgs
        {
            Ids = new[]
            {
                0,
            },
        },
        WorkloadGroups = new[]
        {
            new Zia.Inputs.FirewallFilteringRuleWorkloadGroupArgs
            {
                Id = 0,
                Name = "string",
            },
        },
        ZpaAppSegments = new[]
        {
            new Zia.Inputs.FirewallFilteringRuleZpaAppSegmentArgs
            {
                ExternalId = "string",
                Name = "string",
            },
        },
    });
    
    example, err := zia.NewFirewallFilteringRule(ctx, "firewallFilteringRuleResource", &zia.FirewallFilteringRuleArgs{
    	Action: pulumi.String("string"),
    	AppServiceGroups: &zia.FirewallFilteringRuleAppServiceGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	AppServices: &zia.FirewallFilteringRuleAppServicesArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	DefaultRule: pulumi.Bool(false),
    	Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Description: pulumi.String("string"),
    	DestAddresses: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DestCountries: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DestIpCategories: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DestIpGroups: &zia.FirewallFilteringRuleDestIpGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	DeviceGroups: &zia.FirewallFilteringRuleDeviceGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	DeviceTrustLevels: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Devices: &zia.FirewallFilteringRuleDevicesArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	EnableFullLogging: pulumi.Bool(false),
    	Groups: &zia.FirewallFilteringRuleGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Labels: &zia.FirewallFilteringRuleLabelsArgs{
    		Id: pulumi.Int(0),
    	},
    	LocationGroups: &zia.FirewallFilteringRuleLocationGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Locations: &zia.FirewallFilteringRuleLocationsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Name: pulumi.String("string"),
    	NwApplicationGroups: &zia.FirewallFilteringRuleNwApplicationGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	NwApplications: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NwServiceGroups: &zia.FirewallFilteringRuleNwServiceGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Order:      pulumi.Int(0),
    	Predefined: pulumi.Bool(false),
    	Rank:       pulumi.Int(0),
    	SrcIpGroups: &zia.FirewallFilteringRuleSrcIpGroupsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	SrcIps: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	State: pulumi.String("string"),
    	TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	Users: &zia.FirewallFilteringRuleUsersArgs{
    		Ids: pulumi.IntArray{
    			pulumi.Int(0),
    		},
    	},
    	WorkloadGroups: zia.FirewallFilteringRuleWorkloadGroupArray{
    		&zia.FirewallFilteringRuleWorkloadGroupArgs{
    			Id:   pulumi.Int(0),
    			Name: pulumi.String("string"),
    		},
    	},
    	ZpaAppSegments: zia.FirewallFilteringRuleZpaAppSegmentArray{
    		&zia.FirewallFilteringRuleZpaAppSegmentArgs{
    			ExternalId: pulumi.String("string"),
    			Name:       pulumi.String("string"),
    		},
    	},
    })
    
    var firewallFilteringRuleResource = new FirewallFilteringRule("firewallFilteringRuleResource", FirewallFilteringRuleArgs.builder()        
        .action("string")
        .appServiceGroups(FirewallFilteringRuleAppServiceGroupsArgs.builder()
            .ids(0)
            .build())
        .appServices(FirewallFilteringRuleAppServicesArgs.builder()
            .ids(0)
            .build())
        .defaultRule(false)
        .departments(FirewallFilteringRuleDepartmentsArgs.builder()
            .ids(0)
            .build())
        .description("string")
        .destAddresses("string")
        .destCountries("string")
        .destIpCategories("string")
        .destIpGroups(FirewallFilteringRuleDestIpGroupsArgs.builder()
            .ids(0)
            .build())
        .deviceGroups(FirewallFilteringRuleDeviceGroupsArgs.builder()
            .ids(0)
            .build())
        .deviceTrustLevels("string")
        .devices(FirewallFilteringRuleDevicesArgs.builder()
            .ids(0)
            .build())
        .enableFullLogging(false)
        .groups(FirewallFilteringRuleGroupsArgs.builder()
            .ids(0)
            .build())
        .labels(FirewallFilteringRuleLabelsArgs.builder()
            .id(0)
            .build())
        .locationGroups(FirewallFilteringRuleLocationGroupsArgs.builder()
            .ids(0)
            .build())
        .locations(FirewallFilteringRuleLocationsArgs.builder()
            .ids(0)
            .build())
        .name("string")
        .nwApplicationGroups(FirewallFilteringRuleNwApplicationGroupsArgs.builder()
            .ids(0)
            .build())
        .nwApplications("string")
        .nwServiceGroups(FirewallFilteringRuleNwServiceGroupsArgs.builder()
            .ids(0)
            .build())
        .nwServices(FirewallFilteringRuleNwServicesArgs.builder()
            .ids(0)
            .build())
        .order(0)
        .predefined(false)
        .rank(0)
        .srcIpGroups(FirewallFilteringRuleSrcIpGroupsArgs.builder()
            .ids(0)
            .build())
        .srcIps("string")
        .state("string")
        .timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
            .ids(0)
            .build())
        .users(FirewallFilteringRuleUsersArgs.builder()
            .ids(0)
            .build())
        .workloadGroups(FirewallFilteringRuleWorkloadGroupArgs.builder()
            .id(0)
            .name("string")
            .build())
        .zpaAppSegments(FirewallFilteringRuleZpaAppSegmentArgs.builder()
            .externalId("string")
            .name("string")
            .build())
        .build());
    
    firewall_filtering_rule_resource = zia.FirewallFilteringRule("firewallFilteringRuleResource",
        action="string",
        app_service_groups=zia.FirewallFilteringRuleAppServiceGroupsArgs(
            ids=[0],
        ),
        app_services=zia.FirewallFilteringRuleAppServicesArgs(
            ids=[0],
        ),
        default_rule=False,
        departments=zia.FirewallFilteringRuleDepartmentsArgs(
            ids=[0],
        ),
        description="string",
        dest_addresses=["string"],
        dest_countries=["string"],
        dest_ip_categories=["string"],
        dest_ip_groups=zia.FirewallFilteringRuleDestIpGroupsArgs(
            ids=[0],
        ),
        device_groups=zia.FirewallFilteringRuleDeviceGroupsArgs(
            ids=[0],
        ),
        device_trust_levels=["string"],
        devices=zia.FirewallFilteringRuleDevicesArgs(
            ids=[0],
        ),
        enable_full_logging=False,
        groups=zia.FirewallFilteringRuleGroupsArgs(
            ids=[0],
        ),
        labels=zia.FirewallFilteringRuleLabelsArgs(
            id=0,
        ),
        location_groups=zia.FirewallFilteringRuleLocationGroupsArgs(
            ids=[0],
        ),
        locations=zia.FirewallFilteringRuleLocationsArgs(
            ids=[0],
        ),
        name="string",
        nw_application_groups=zia.FirewallFilteringRuleNwApplicationGroupsArgs(
            ids=[0],
        ),
        nw_applications=["string"],
        nw_service_groups=zia.FirewallFilteringRuleNwServiceGroupsArgs(
            ids=[0],
        ),
        nw_services=zia.FirewallFilteringRuleNwServicesArgs(
            ids=[0],
        ),
        order=0,
        predefined=False,
        rank=0,
        src_ip_groups=zia.FirewallFilteringRuleSrcIpGroupsArgs(
            ids=[0],
        ),
        src_ips=["string"],
        state="string",
        time_windows=zia.FirewallFilteringRuleTimeWindowsArgs(
            ids=[0],
        ),
        users=zia.FirewallFilteringRuleUsersArgs(
            ids=[0],
        ),
        workload_groups=[zia.FirewallFilteringRuleWorkloadGroupArgs(
            id=0,
            name="string",
        )],
        zpa_app_segments=[zia.FirewallFilteringRuleZpaAppSegmentArgs(
            external_id="string",
            name="string",
        )])
    
    const firewallFilteringRuleResource = new zia.FirewallFilteringRule("firewallFilteringRuleResource", {
        action: "string",
        appServiceGroups: {
            ids: [0],
        },
        appServices: {
            ids: [0],
        },
        defaultRule: false,
        departments: {
            ids: [0],
        },
        description: "string",
        destAddresses: ["string"],
        destCountries: ["string"],
        destIpCategories: ["string"],
        destIpGroups: {
            ids: [0],
        },
        deviceGroups: {
            ids: [0],
        },
        deviceTrustLevels: ["string"],
        devices: {
            ids: [0],
        },
        enableFullLogging: false,
        groups: {
            ids: [0],
        },
        labels: {
            id: 0,
        },
        locationGroups: {
            ids: [0],
        },
        locations: {
            ids: [0],
        },
        name: "string",
        nwApplicationGroups: {
            ids: [0],
        },
        nwApplications: ["string"],
        nwServiceGroups: {
            ids: [0],
        },
        nwServices: {
            ids: [0],
        },
        order: 0,
        predefined: false,
        rank: 0,
        srcIpGroups: {
            ids: [0],
        },
        srcIps: ["string"],
        state: "string",
        timeWindows: {
            ids: [0],
        },
        users: {
            ids: [0],
        },
        workloadGroups: [{
            id: 0,
            name: "string",
        }],
        zpaAppSegments: [{
            externalId: "string",
            name: "string",
        }],
    });
    
    type: zia:FirewallFilteringRule
    properties:
        action: string
        appServiceGroups:
            ids:
                - 0
        appServices:
            ids:
                - 0
        defaultRule: false
        departments:
            ids:
                - 0
        description: string
        destAddresses:
            - string
        destCountries:
            - string
        destIpCategories:
            - string
        destIpGroups:
            ids:
                - 0
        deviceGroups:
            ids:
                - 0
        deviceTrustLevels:
            - string
        devices:
            ids:
                - 0
        enableFullLogging: false
        groups:
            ids:
                - 0
        labels:
            id: 0
        locationGroups:
            ids:
                - 0
        locations:
            ids:
                - 0
        name: string
        nwApplicationGroups:
            ids:
                - 0
        nwApplications:
            - string
        nwServiceGroups:
            ids:
                - 0
        nwServices:
            ids:
                - 0
        order: 0
        predefined: false
        rank: 0
        srcIpGroups:
            ids:
                - 0
        srcIps:
            - string
        state: string
        timeWindows:
            ids:
                - 0
        users:
            ids:
                - 0
        workloadGroups:
            - id: 0
              name: string
        zpaAppSegments:
            - externalId: string
              name: string
    

    FirewallFilteringRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FirewallFilteringRule resource accepts the following input properties:

    Action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    AppServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    AppServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    DefaultRule bool
    If set to true, the default rule is applied
    Departments zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    Description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    DestAddresses List<string>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    DestCountries List<string>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    DestIpCategories List<string>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    DeviceTrustLevels List<string>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    Devices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    EnableFullLogging bool
    Groups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    Labels zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    Locations zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    Name string
    The name of the workload group

    • Other Exported Arguments
    NwApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    NwApplications List<string>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    Order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    Predefined bool
    If set to true, a predefined rule is applied
    Rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    SrcIps List<string>
    You can enter individual IP addresses, subnets, or address ranges.
    State string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    Users zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleZpaAppSegment>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    Action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs
    Application service groups on which this rule is applied
    AppServices FirewallFilteringRuleAppServicesArgs
    Application services on which this rule is applied
    DefaultRule bool
    If set to true, the default rule is applied
    Departments FirewallFilteringRuleDepartmentsArgs
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    Description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    DestAddresses []string
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    DestCountries []string
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    DestIpCategories []string
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    DestIpGroups FirewallFilteringRuleDestIpGroupsArgs
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    DeviceGroups FirewallFilteringRuleDeviceGroupsArgs
    This field is applicable for devices that are managed using Zscaler Client Connector.
    DeviceTrustLevels []string
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    Devices FirewallFilteringRuleDevicesArgs
    Name-ID pairs of devices for which rule must be applied.
    EnableFullLogging bool
    Groups FirewallFilteringRuleGroupsArgs
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    Labels FirewallFilteringRuleLabelsArgs
    Labels that are applicable to the rule.
    LocationGroups FirewallFilteringRuleLocationGroupsArgs
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    Locations FirewallFilteringRuleLocationsArgs
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    Name string
    The name of the workload group

    • Other Exported Arguments
    NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    NwApplications []string

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs
    Any number of predefined or custom network service groups to which the rule applies.
    NwServices FirewallFilteringRuleNwServicesArgs

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    Order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    Predefined bool
    If set to true, a predefined rule is applied
    Rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs
    Any number of source IP address groups that you want to control with this rule.
    SrcIps []string
    You can enter individual IP addresses, subnets, or address ranges.
    State string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    TimeWindows FirewallFilteringRuleTimeWindowsArgs
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    Users FirewallFilteringRuleUsersArgs
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    WorkloadGroups []FirewallFilteringRuleWorkloadGroupArgs
    The list of preconfigured workload groups to which the policy must be applied
    ZpaAppSegments []FirewallFilteringRuleZpaAppSegmentArgs
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action String
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    appServices FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    defaultRule Boolean
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description String
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses List<String>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries List<String>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories List<String>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels List<String>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging Boolean
    groups FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    locationGroups FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name String
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications List<String>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order Integer
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined Boolean
    If set to true, a predefined rule is applied
    rank Integer

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    srcIpGroups FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    srcIps List<String>
    You can enter individual IP addresses, subnets, or address ranges.
    state String
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups List<FirewallFilteringRuleWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments List<FirewallFilteringRuleZpaAppSegment>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    appServices FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    defaultRule boolean
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses string[]
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries string[]
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories string[]
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels string[]
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging boolean
    groups FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    locationGroups FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name string
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications string[]

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order number
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined boolean
    If set to true, a predefined rule is applied
    rank number

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    srcIpGroups FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    srcIps string[]
    You can enter individual IP addresses, subnets, or address ranges.
    state string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups FirewallFilteringRuleWorkloadGroup[]
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments FirewallFilteringRuleZpaAppSegment[]
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action str
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    app_service_groups FirewallFilteringRuleAppServiceGroupsArgs
    Application service groups on which this rule is applied
    app_services FirewallFilteringRuleAppServicesArgs
    Application services on which this rule is applied
    default_rule bool
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartmentsArgs
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description str
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    dest_addresses Sequence[str]
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    dest_countries Sequence[str]
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    dest_ip_categories Sequence[str]
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    device_groups FirewallFilteringRuleDeviceGroupsArgs
    This field is applicable for devices that are managed using Zscaler Client Connector.
    device_trust_levels Sequence[str]
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevicesArgs
    Name-ID pairs of devices for which rule must be applied.
    enable_full_logging bool
    groups FirewallFilteringRuleGroupsArgs
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabelsArgs
    Labels that are applicable to the rule.
    location_groups FirewallFilteringRuleLocationGroupsArgs
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocationsArgs
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name str
    The name of the workload group

    • Other Exported Arguments
    nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nw_applications Sequence[str]

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs
    Any number of predefined or custom network service groups to which the rule applies.
    nw_services FirewallFilteringRuleNwServicesArgs

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined bool
    If set to true, a predefined rule is applied
    rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs
    Any number of source IP address groups that you want to control with this rule.
    src_ips Sequence[str]
    You can enter individual IP addresses, subnets, or address ranges.
    state str
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    time_windows FirewallFilteringRuleTimeWindowsArgs
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsersArgs
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workload_groups Sequence[FirewallFilteringRuleWorkloadGroupArgs]
    The list of preconfigured workload groups to which the policy must be applied
    zpa_app_segments Sequence[FirewallFilteringRuleZpaAppSegmentArgs]
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action String
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups Property Map
    Application service groups on which this rule is applied
    appServices Property Map
    Application services on which this rule is applied
    defaultRule Boolean
    If set to true, the default rule is applied
    departments Property Map
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description String
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses List<String>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries List<String>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories List<String>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups Property Map
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups Property Map
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels List<String>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices Property Map
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging Boolean
    groups Property Map
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels Property Map
    Labels that are applicable to the rule.
    locationGroups Property Map
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations Property Map
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name String
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups Property Map
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications List<String>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups Property Map
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices Property Map

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order Number
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined Boolean
    If set to true, a predefined rule is applied
    rank Number

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    srcIpGroups Property Map
    Any number of source IP address groups that you want to control with this rule.
    srcIps List<String>
    You can enter individual IP addresses, subnets, or address ranges.
    state String
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows Property Map
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users Property Map
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups List<Property Map>
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments List<Property Map>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallFilteringRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Integer
    id string
    The provider-assigned unique ID for this managed resource.
    ruleId number
    id str
    The provider-assigned unique ID for this managed resource.
    rule_id int
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Number

    Look up Existing FirewallFilteringRule Resource

    Get an existing FirewallFilteringRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallFilteringRuleState, opts?: CustomResourceOptions): FirewallFilteringRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
            app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
            default_rule: Optional[bool] = None,
            departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
            description: Optional[str] = None,
            dest_addresses: Optional[Sequence[str]] = None,
            dest_countries: Optional[Sequence[str]] = None,
            dest_ip_categories: Optional[Sequence[str]] = None,
            dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
            device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
            device_trust_levels: Optional[Sequence[str]] = None,
            devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
            enable_full_logging: Optional[bool] = None,
            groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
            labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
            location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
            locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
            name: Optional[str] = None,
            nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
            nw_applications: Optional[Sequence[str]] = None,
            nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
            nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
            order: Optional[int] = None,
            predefined: Optional[bool] = None,
            rank: Optional[int] = None,
            rule_id: Optional[int] = None,
            src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
            src_ips: Optional[Sequence[str]] = None,
            state: Optional[str] = None,
            time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
            users: Optional[FirewallFilteringRuleUsersArgs] = None,
            workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
            zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None) -> FirewallFilteringRule
    func GetFirewallFilteringRule(ctx *Context, name string, id IDInput, state *FirewallFilteringRuleState, opts ...ResourceOption) (*FirewallFilteringRule, error)
    public static FirewallFilteringRule Get(string name, Input<string> id, FirewallFilteringRuleState? state, CustomResourceOptions? opts = null)
    public static FirewallFilteringRule get(String name, Output<String> id, FirewallFilteringRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    AppServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    AppServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    DefaultRule bool
    If set to true, the default rule is applied
    Departments zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    Description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    DestAddresses List<string>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    DestCountries List<string>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    DestIpCategories List<string>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    DeviceTrustLevels List<string>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    Devices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    EnableFullLogging bool
    Groups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    Labels zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    Locations zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    Name string
    The name of the workload group

    • Other Exported Arguments
    NwApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    NwApplications List<string>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    Order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    Predefined bool
    If set to true, a predefined rule is applied
    Rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    RuleId int
    SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    SrcIps List<string>
    You can enter individual IP addresses, subnets, or address ranges.
    State string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    Users zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleZpaAppSegment>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    Action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs
    Application service groups on which this rule is applied
    AppServices FirewallFilteringRuleAppServicesArgs
    Application services on which this rule is applied
    DefaultRule bool
    If set to true, the default rule is applied
    Departments FirewallFilteringRuleDepartmentsArgs
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    Description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    DestAddresses []string
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    DestCountries []string
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    DestIpCategories []string
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    DestIpGroups FirewallFilteringRuleDestIpGroupsArgs
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    DeviceGroups FirewallFilteringRuleDeviceGroupsArgs
    This field is applicable for devices that are managed using Zscaler Client Connector.
    DeviceTrustLevels []string
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    Devices FirewallFilteringRuleDevicesArgs
    Name-ID pairs of devices for which rule must be applied.
    EnableFullLogging bool
    Groups FirewallFilteringRuleGroupsArgs
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    Labels FirewallFilteringRuleLabelsArgs
    Labels that are applicable to the rule.
    LocationGroups FirewallFilteringRuleLocationGroupsArgs
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    Locations FirewallFilteringRuleLocationsArgs
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    Name string
    The name of the workload group

    • Other Exported Arguments
    NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    NwApplications []string

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs
    Any number of predefined or custom network service groups to which the rule applies.
    NwServices FirewallFilteringRuleNwServicesArgs

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    Order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    Predefined bool
    If set to true, a predefined rule is applied
    Rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    RuleId int
    SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs
    Any number of source IP address groups that you want to control with this rule.
    SrcIps []string
    You can enter individual IP addresses, subnets, or address ranges.
    State string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    TimeWindows FirewallFilteringRuleTimeWindowsArgs
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    Users FirewallFilteringRuleUsersArgs
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    WorkloadGroups []FirewallFilteringRuleWorkloadGroupArgs
    The list of preconfigured workload groups to which the policy must be applied
    ZpaAppSegments []FirewallFilteringRuleZpaAppSegmentArgs
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action String
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    appServices FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    defaultRule Boolean
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description String
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses List<String>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries List<String>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories List<String>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels List<String>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging Boolean
    groups FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    locationGroups FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name String
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications List<String>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order Integer
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined Boolean
    If set to true, a predefined rule is applied
    rank Integer

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    ruleId Integer
    srcIpGroups FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    srcIps List<String>
    You can enter individual IP addresses, subnets, or address ranges.
    state String
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups List<FirewallFilteringRuleWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments List<FirewallFilteringRuleZpaAppSegment>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action string
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups FirewallFilteringRuleAppServiceGroups
    Application service groups on which this rule is applied
    appServices FirewallFilteringRuleAppServices
    Application services on which this rule is applied
    defaultRule boolean
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartments
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description string
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses string[]
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries string[]
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories string[]
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups FirewallFilteringRuleDestIpGroups
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups FirewallFilteringRuleDeviceGroups
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels string[]
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevices
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging boolean
    groups FirewallFilteringRuleGroups
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabels
    Labels that are applicable to the rule.
    locationGroups FirewallFilteringRuleLocationGroups
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocations
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name string
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups FirewallFilteringRuleNwApplicationGroups
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications string[]

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups FirewallFilteringRuleNwServiceGroups
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices FirewallFilteringRuleNwServices

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order number
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined boolean
    If set to true, a predefined rule is applied
    rank number

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    ruleId number
    srcIpGroups FirewallFilteringRuleSrcIpGroups
    Any number of source IP address groups that you want to control with this rule.
    srcIps string[]
    You can enter individual IP addresses, subnets, or address ranges.
    state string
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows FirewallFilteringRuleTimeWindows
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsers
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups FirewallFilteringRuleWorkloadGroup[]
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments FirewallFilteringRuleZpaAppSegment[]
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action str
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    app_service_groups FirewallFilteringRuleAppServiceGroupsArgs
    Application service groups on which this rule is applied
    app_services FirewallFilteringRuleAppServicesArgs
    Application services on which this rule is applied
    default_rule bool
    If set to true, the default rule is applied
    departments FirewallFilteringRuleDepartmentsArgs
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description str
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    dest_addresses Sequence[str]
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    dest_countries Sequence[str]
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    dest_ip_categories Sequence[str]
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    device_groups FirewallFilteringRuleDeviceGroupsArgs
    This field is applicable for devices that are managed using Zscaler Client Connector.
    device_trust_levels Sequence[str]
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices FirewallFilteringRuleDevicesArgs
    Name-ID pairs of devices for which rule must be applied.
    enable_full_logging bool
    groups FirewallFilteringRuleGroupsArgs
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels FirewallFilteringRuleLabelsArgs
    Labels that are applicable to the rule.
    location_groups FirewallFilteringRuleLocationGroupsArgs
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations FirewallFilteringRuleLocationsArgs
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name str
    The name of the workload group

    • Other Exported Arguments
    nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nw_applications Sequence[str]

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs
    Any number of predefined or custom network service groups to which the rule applies.
    nw_services FirewallFilteringRuleNwServicesArgs

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order int
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined bool
    If set to true, a predefined rule is applied
    rank int

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    rule_id int
    src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs
    Any number of source IP address groups that you want to control with this rule.
    src_ips Sequence[str]
    You can enter individual IP addresses, subnets, or address ranges.
    state str
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    time_windows FirewallFilteringRuleTimeWindowsArgs
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users FirewallFilteringRuleUsersArgs
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workload_groups Sequence[FirewallFilteringRuleWorkloadGroupArgs]
    The list of preconfigured workload groups to which the policy must be applied
    zpa_app_segments Sequence[FirewallFilteringRuleZpaAppSegmentArgs]
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
    action String
    Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP
    appServiceGroups Property Map
    Application service groups on which this rule is applied
    appServices Property Map
    Application services on which this rule is applied
    defaultRule Boolean
    If set to true, the default rule is applied
    departments Property Map
    Apply to any number of departments When not used it implies Any to apply the rule to all departments.
    description String
    Enter additional notes or information. The description cannot exceed 10,240 characters.
    destAddresses List<String>
    ** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
    destCountries List<String>
    ** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
    destIpCategories List<String>
    ** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
    destIpGroups Property Map
    ** - (Optional) Any number of destination IP address groups that you want to control with this rule.
    deviceGroups Property Map
    This field is applicable for devices that are managed using Zscaler Client Connector.
    deviceTrustLevels List<String>
    List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
    devices Property Map
    Name-ID pairs of devices for which rule must be applied.
    enableFullLogging Boolean
    groups Property Map
    You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
    labels Property Map
    Labels that are applicable to the rule.
    locationGroups Property Map
    You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
    locations Property Map
    You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
    name String
    The name of the workload group

    • Other Exported Arguments
    nwApplicationGroups Property Map
    Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify
    nwApplications List<String>

    When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

    source ip addresses supports the following attributes:

    nwServiceGroups Property Map
    Any number of predefined or custom network service groups to which the rule applies.
    nwServices Property Map

    When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

    network applications supports the following attributes:

    order Number
    Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
    predefined Boolean
    If set to true, a predefined rule is applied
    rank Number

    By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

    Who, Where and When supports the following attributes:

    ruleId Number
    srcIpGroups Property Map
    Any number of source IP address groups that you want to control with this rule.
    srcIps List<String>
    You can enter individual IP addresses, subnets, or address ranges.
    state String
    An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
    timeWindows Property Map
    You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
    users Property Map
    You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
    workloadGroups List<Property Map>
    The list of preconfigured workload groups to which the policy must be applied
    zpaAppSegments List<Property Map>
    The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

    Supporting Types

    FirewallFilteringRuleAppServiceGroups, FirewallFilteringRuleAppServiceGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleAppServices, FirewallFilteringRuleAppServicesArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleDepartments, FirewallFilteringRuleDepartmentsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleDestIpGroups, FirewallFilteringRuleDestIpGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleDeviceGroups, FirewallFilteringRuleDeviceGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleDevices, FirewallFilteringRuleDevicesArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleGroups, FirewallFilteringRuleGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleLabels, FirewallFilteringRuleLabelsArgs

    Id int
    A unique identifier assigned to the workload group
    Id int
    A unique identifier assigned to the workload group
    id Integer
    A unique identifier assigned to the workload group
    id number
    A unique identifier assigned to the workload group
    id int
    A unique identifier assigned to the workload group
    id Number
    A unique identifier assigned to the workload group

    FirewallFilteringRuleLocationGroups, FirewallFilteringRuleLocationGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleLocations, FirewallFilteringRuleLocationsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleNwApplicationGroups, FirewallFilteringRuleNwApplicationGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleNwServiceGroups, FirewallFilteringRuleNwServiceGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleNwServices, FirewallFilteringRuleNwServicesArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleSrcIpGroups, FirewallFilteringRuleSrcIpGroupsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleTimeWindows, FirewallFilteringRuleTimeWindowsArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleUsers, FirewallFilteringRuleUsersArgs

    Ids List<int>
    A unique identifier assigned to the workload group
    Ids []int
    A unique identifier assigned to the workload group
    ids List<Integer>
    A unique identifier assigned to the workload group
    ids number[]
    A unique identifier assigned to the workload group
    ids Sequence[int]
    A unique identifier assigned to the workload group
    ids List<Number>
    A unique identifier assigned to the workload group

    FirewallFilteringRuleWorkloadGroup, FirewallFilteringRuleWorkloadGroupArgs

    Id int
    A unique identifier assigned to the workload group
    Name string
    The name of the workload group

    • Other Exported Arguments
    Id int
    A unique identifier assigned to the workload group
    Name string
    The name of the workload group

    • Other Exported Arguments
    id Integer
    A unique identifier assigned to the workload group
    name String
    The name of the workload group

    • Other Exported Arguments
    id number
    A unique identifier assigned to the workload group
    name string
    The name of the workload group

    • Other Exported Arguments
    id int
    A unique identifier assigned to the workload group
    name str
    The name of the workload group

    • Other Exported Arguments
    id Number
    A unique identifier assigned to the workload group
    name String
    The name of the workload group

    • Other Exported Arguments

    FirewallFilteringRuleZpaAppSegment, FirewallFilteringRuleZpaAppSegmentArgs

    ExternalId string
    External ID of the application segment.
    Name string
    The name of the workload group

    • Other Exported Arguments
    ExternalId string
    External ID of the application segment.
    Name string
    The name of the workload group

    • Other Exported Arguments
    externalId String
    External ID of the application segment.
    name String
    The name of the workload group

    • Other Exported Arguments
    externalId string
    External ID of the application segment.
    name string
    The name of the workload group

    • Other Exported Arguments
    external_id str
    External ID of the application segment.
    name str
    The name of the workload group

    • Other Exported Arguments
    externalId String
    External ID of the application segment.
    name String
    The name of the workload group

    • Other Exported Arguments

    Import

    Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.

    Visit

    zia_firewall_filtering_rule can be imported by using <RULE ID> or <RULE NAME> as the import ID.

    For example:

    $ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_id>
    

    or

    $ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_name>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    zia zscaler/pulumi-zia
    License
    MIT
    Notes
    This Pulumi package is based on the zia Terraform Provider.
    zia logo
    Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler