Zscaler Internet Access v0.0.6, Apr 10 24

Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler

zia.FirewallFilteringRule

Explore with Pulumi AI

Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
import * as zia from "@pulumi/zia";

const zscalerProxyNwServices = zia.getFirewallFilteringNetworkServices({
    name: "ZSCALER_PROXY_NW_SERVICES",
});
const engineering = zia.getDepartmentManagement({
    name: "Engineering",
});
const normalInternet = zia.getGroupManagement({
    name: "Normal_Internet",
});
const workHours = zia.getTimeWindow({
    name: "Work hours",
});
const example = new zia.FirewallFilteringRule("example", {
    description: "Example",
    action: "ALLOW",
    state: "ENABLED",
    order: 1,
    enableFullLogging: true,
    nwServices: {
        ids: [zscalerProxyNwServices.then(zscalerProxyNwServices => zscalerProxyNwServices.id)],
    },
    departments: {
        ids: [engineering.then(engineering => engineering.id)],
    },
    groups: {
        ids: [normalInternet.then(normalInternet => normalInternet.id)],
    },
    timeWindows: {
        ids: [workHours.then(workHours => workHours.id)],
    },
});

import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia

zscaler_proxy_nw_services = zia.get_firewall_filtering_network_services(name="ZSCALER_PROXY_NW_SERVICES")
engineering = zia.get_department_management(name="Engineering")
normal_internet = zia.get_group_management(name="Normal_Internet")
work_hours = zia.get_time_window(name="Work hours")
example = zia.FirewallFilteringRule("example",
    description="Example",
    action="ALLOW",
    state="ENABLED",
    order=1,
    enable_full_logging=True,
    nw_services=zia.FirewallFilteringRuleNwServicesArgs(
        ids=[zscaler_proxy_nw_services.id],
    ),
    departments=zia.FirewallFilteringRuleDepartmentsArgs(
        ids=[engineering.id],
    ),
    groups=zia.FirewallFilteringRuleGroupsArgs(
        ids=[normal_internet.id],
    ),
    time_windows=zia.FirewallFilteringRuleTimeWindowsArgs(
        ids=[work_hours.id],
    ))

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/zscaler/pulumi-zia/sdk/go/zia"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		zscalerProxyNwServices, err := zia.LookupFirewallFilteringNetworkServices(ctx, &zia.LookupFirewallFilteringNetworkServicesArgs{
			Name: pulumi.StringRef("ZSCALER_PROXY_NW_SERVICES"),
		}, nil)
		if err != nil {
			return err
		}
		engineering, err := zia.GetDepartmentManagement(ctx, &zia.GetDepartmentManagementArgs{
			Name: pulumi.StringRef("Engineering"),
		}, nil)
		if err != nil {
			return err
		}
		normalInternet, err := zia.GetGroupManagement(ctx, &zia.GetGroupManagementArgs{
			Name: pulumi.StringRef("Normal_Internet"),
		}, nil)
		if err != nil {
			return err
		}
		workHours, err := zia.GetTimeWindow(ctx, &zia.GetTimeWindowArgs{
			Name: pulumi.StringRef("Work hours"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = zia.NewFirewallFilteringRule(ctx, "example", &zia.FirewallFilteringRuleArgs{
			Description:       pulumi.String("Example"),
			Action:            pulumi.String("ALLOW"),
			State:             pulumi.String("ENABLED"),
			Order:             pulumi.Int(1),
			EnableFullLogging: pulumi.Bool(true),
			NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
				Ids: pulumi.IntArray{
					pulumi.Int(zscalerProxyNwServices.Id),
				},
			},
			Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
				Ids: pulumi.IntArray{
					pulumi.Int(engineering.Id),
				},
			},
			Groups: &zia.FirewallFilteringRuleGroupsArgs{
				Ids: pulumi.IntArray{
					pulumi.Int(normalInternet.Id),
				},
			},
			TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
				Ids: pulumi.IntArray{
					pulumi.Int(workHours.Id),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;

return await Deployment.RunAsync(() => 
{
    var zscalerProxyNwServices = Zia.GetFirewallFilteringNetworkServices.Invoke(new()
    {
        Name = "ZSCALER_PROXY_NW_SERVICES",
    });

    var engineering = Zia.GetDepartmentManagement.Invoke(new()
    {
        Name = "Engineering",
    });

    var normalInternet = Zia.GetGroupManagement.Invoke(new()
    {
        Name = "Normal_Internet",
    });

    var workHours = Zia.GetTimeWindow.Invoke(new()
    {
        Name = "Work hours",
    });

    var example = new Zia.FirewallFilteringRule("example", new()
    {
        Description = "Example",
        Action = "ALLOW",
        State = "ENABLED",
        Order = 1,
        EnableFullLogging = true,
        NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
        {
            Ids = new[]
            {
                zscalerProxyNwServices.Apply(getFirewallFilteringNetworkServicesResult => getFirewallFilteringNetworkServicesResult.Id),
            },
        },
        Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
        {
            Ids = new[]
            {
                engineering.Apply(getDepartmentManagementResult => getDepartmentManagementResult.Id),
            },
        },
        Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
        {
            Ids = new[]
            {
                normalInternet.Apply(getGroupManagementResult => getGroupManagementResult.Id),
            },
        },
        TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
        {
            Ids = new[]
            {
                workHours.Apply(getTimeWindowResult => getTimeWindowResult.Id),
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.ZiaFunctions;
import com.pulumi.zia.inputs.GetFirewallFilteringNetworkServicesArgs;
import com.pulumi.zia.inputs.GetDepartmentManagementArgs;
import com.pulumi.zia.inputs.GetGroupManagementArgs;
import com.pulumi.zia.inputs.GetTimeWindowArgs;
import com.pulumi.zia.FirewallFilteringRule;
import com.pulumi.zia.FirewallFilteringRuleArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleNwServicesArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleDepartmentsArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleGroupsArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleTimeWindowsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var zscalerProxyNwServices = ZiaFunctions.getFirewallFilteringNetworkServices(GetFirewallFilteringNetworkServicesArgs.builder()
            .name("ZSCALER_PROXY_NW_SERVICES")
            .build());

        final var engineering = ZiaFunctions.getDepartmentManagement(GetDepartmentManagementArgs.builder()
            .name("Engineering")
            .build());

        final var normalInternet = ZiaFunctions.getGroupManagement(GetGroupManagementArgs.builder()
            .name("Normal_Internet")
            .build());

        final var workHours = ZiaFunctions.getTimeWindow(GetTimeWindowArgs.builder()
            .name("Work hours")
            .build());

        var example = new FirewallFilteringRule("example", FirewallFilteringRuleArgs.builder()        
            .description("Example")
            .action("ALLOW")
            .state("ENABLED")
            .order(1)
            .enableFullLogging(true)
            .nwServices(FirewallFilteringRuleNwServicesArgs.builder()
                .ids(zscalerProxyNwServices.applyValue(getFirewallFilteringNetworkServicesResult -> getFirewallFilteringNetworkServicesResult.id()))
                .build())
            .departments(FirewallFilteringRuleDepartmentsArgs.builder()
                .ids(engineering.applyValue(getDepartmentManagementResult -> getDepartmentManagementResult.id()))
                .build())
            .groups(FirewallFilteringRuleGroupsArgs.builder()
                .ids(normalInternet.applyValue(getGroupManagementResult -> getGroupManagementResult.id()))
                .build())
            .timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
                .ids(workHours.applyValue(getTimeWindowResult -> getTimeWindowResult.id()))
                .build())
            .build());

    }
}

resources:
  example:
    type: zia:FirewallFilteringRule
    properties:
      description: Example
      action: ALLOW
      state: ENABLED
      order: 1
      enableFullLogging: true
      nwServices:
        ids:
          - ${zscalerProxyNwServices.id}
      departments:
        ids:
          - ${engineering.id}
      groups:
        ids:
          - ${normalInternet.id}
      timeWindows:
        ids:
          - ${workHours.id}
variables:
  zscalerProxyNwServices:
    fn::invoke:
      Function: zia:getFirewallFilteringNetworkServices
      Arguments:
        name: ZSCALER_PROXY_NW_SERVICES
  engineering:
    fn::invoke:
      Function: zia:getDepartmentManagement
      Arguments:
        name: Engineering
  normalInternet:
    fn::invoke:
      Function: zia:getGroupManagement
      Arguments:
        name: Normal_Internet
  workHours:
    fn::invoke:
      Function: zia:getTimeWindow
      Arguments:
        name: Work hours

Create FirewallFilteringRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallFilteringRule(name: string, args?: FirewallFilteringRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallFilteringRule(resource_name: str,
                          args: Optional[FirewallFilteringRuleArgs] = None,
                          opts: Optional[ResourceOptions] = None)

@overload
def FirewallFilteringRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          action: Optional[str] = None,
                          app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
                          app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
                          default_rule: Optional[bool] = None,
                          departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
                          description: Optional[str] = None,
                          dest_addresses: Optional[Sequence[str]] = None,
                          dest_countries: Optional[Sequence[str]] = None,
                          dest_ip_categories: Optional[Sequence[str]] = None,
                          dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
                          device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
                          device_trust_levels: Optional[Sequence[str]] = None,
                          devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
                          enable_full_logging: Optional[bool] = None,
                          groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
                          labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
                          location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
                          locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
                          name: Optional[str] = None,
                          nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
                          nw_applications: Optional[Sequence[str]] = None,
                          nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
                          nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
                          order: Optional[int] = None,
                          predefined: Optional[bool] = None,
                          rank: Optional[int] = None,
                          src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
                          src_ips: Optional[Sequence[str]] = None,
                          state: Optional[str] = None,
                          time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
                          users: Optional[FirewallFilteringRuleUsersArgs] = None,
                          workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
                          zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None)

func NewFirewallFilteringRule(ctx *Context, name string, args *FirewallFilteringRuleArgs, opts ...ResourceOption) (*FirewallFilteringRule, error)

public FirewallFilteringRule(string name, FirewallFilteringRuleArgs? args = null, CustomResourceOptions? opts = null)

public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args)
public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args, CustomResourceOptions options)

type: zia:FirewallFilteringRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallFilteringRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallFilteringRuleResource = new Zia.FirewallFilteringRule("firewallFilteringRuleResource", new()
{
    Action = "string",
    AppServiceGroups = new Zia.Inputs.FirewallFilteringRuleAppServiceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    AppServices = new Zia.Inputs.FirewallFilteringRuleAppServicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DefaultRule = false,
    Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Description = "string",
    DestAddresses = new[]
    {
        "string",
    },
    DestCountries = new[]
    {
        "string",
    },
    DestIpCategories = new[]
    {
        "string",
    },
    DestIpGroups = new Zia.Inputs.FirewallFilteringRuleDestIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DeviceGroups = new Zia.Inputs.FirewallFilteringRuleDeviceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DeviceTrustLevels = new[]
    {
        "string",
    },
    Devices = new Zia.Inputs.FirewallFilteringRuleDevicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    EnableFullLogging = false,
    Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Labels = new Zia.Inputs.FirewallFilteringRuleLabelsArgs
    {
        Id = 0,
    },
    LocationGroups = new Zia.Inputs.FirewallFilteringRuleLocationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Locations = new Zia.Inputs.FirewallFilteringRuleLocationsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Name = "string",
    NwApplicationGroups = new Zia.Inputs.FirewallFilteringRuleNwApplicationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    NwApplications = new[]
    {
        "string",
    },
    NwServiceGroups = new Zia.Inputs.FirewallFilteringRuleNwServiceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Order = 0,
    Predefined = false,
    Rank = 0,
    SrcIpGroups = new Zia.Inputs.FirewallFilteringRuleSrcIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    SrcIps = new[]
    {
        "string",
    },
    State = "string",
    TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Users = new Zia.Inputs.FirewallFilteringRuleUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    WorkloadGroups = new[]
    {
        new Zia.Inputs.FirewallFilteringRuleWorkloadGroupArgs
        {
            Id = 0,
            Name = "string",
        },
    },
    ZpaAppSegments = new[]
    {
        new Zia.Inputs.FirewallFilteringRuleZpaAppSegmentArgs
        {
            ExternalId = "string",
            Name = "string",
        },
    },
});

example, err := zia.NewFirewallFilteringRule(ctx, "firewallFilteringRuleResource", &zia.FirewallFilteringRuleArgs{
	Action: pulumi.String("string"),
	AppServiceGroups: &zia.FirewallFilteringRuleAppServiceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	AppServices: &zia.FirewallFilteringRuleAppServicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DefaultRule: pulumi.Bool(false),
	Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Description: pulumi.String("string"),
	DestAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpGroups: &zia.FirewallFilteringRuleDestIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DeviceGroups: &zia.FirewallFilteringRuleDeviceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DeviceTrustLevels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Devices: &zia.FirewallFilteringRuleDevicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	EnableFullLogging: pulumi.Bool(false),
	Groups: &zia.FirewallFilteringRuleGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Labels: &zia.FirewallFilteringRuleLabelsArgs{
		Id: pulumi.Int(0),
	},
	LocationGroups: &zia.FirewallFilteringRuleLocationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Locations: &zia.FirewallFilteringRuleLocationsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Name: pulumi.String("string"),
	NwApplicationGroups: &zia.FirewallFilteringRuleNwApplicationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	NwApplications: pulumi.StringArray{
		pulumi.String("string"),
	},
	NwServiceGroups: &zia.FirewallFilteringRuleNwServiceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Order:      pulumi.Int(0),
	Predefined: pulumi.Bool(false),
	Rank:       pulumi.Int(0),
	SrcIpGroups: &zia.FirewallFilteringRuleSrcIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	SrcIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	State: pulumi.String("string"),
	TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Users: &zia.FirewallFilteringRuleUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	WorkloadGroups: zia.FirewallFilteringRuleWorkloadGroupArray{
		&zia.FirewallFilteringRuleWorkloadGroupArgs{
			Id:   pulumi.Int(0),
			Name: pulumi.String("string"),
		},
	},
	ZpaAppSegments: zia.FirewallFilteringRuleZpaAppSegmentArray{
		&zia.FirewallFilteringRuleZpaAppSegmentArgs{
			ExternalId: pulumi.String("string"),
			Name:       pulumi.String("string"),
		},
	},
})

var firewallFilteringRuleResource = new FirewallFilteringRule("firewallFilteringRuleResource", FirewallFilteringRuleArgs.builder()
    .action("string")
    .appServiceGroups(FirewallFilteringRuleAppServiceGroupsArgs.builder()
        .ids(0)
        .build())
    .appServices(FirewallFilteringRuleAppServicesArgs.builder()
        .ids(0)
        .build())
    .defaultRule(false)
    .departments(FirewallFilteringRuleDepartmentsArgs.builder()
        .ids(0)
        .build())
    .description("string")
    .destAddresses("string")
    .destCountries("string")
    .destIpCategories("string")
    .destIpGroups(FirewallFilteringRuleDestIpGroupsArgs.builder()
        .ids(0)
        .build())
    .deviceGroups(FirewallFilteringRuleDeviceGroupsArgs.builder()
        .ids(0)
        .build())
    .deviceTrustLevels("string")
    .devices(FirewallFilteringRuleDevicesArgs.builder()
        .ids(0)
        .build())
    .enableFullLogging(false)
    .groups(FirewallFilteringRuleGroupsArgs.builder()
        .ids(0)
        .build())
    .labels(FirewallFilteringRuleLabelsArgs.builder()
        .id(0)
        .build())
    .locationGroups(FirewallFilteringRuleLocationGroupsArgs.builder()
        .ids(0)
        .build())
    .locations(FirewallFilteringRuleLocationsArgs.builder()
        .ids(0)
        .build())
    .name("string")
    .nwApplicationGroups(FirewallFilteringRuleNwApplicationGroupsArgs.builder()
        .ids(0)
        .build())
    .nwApplications("string")
    .nwServiceGroups(FirewallFilteringRuleNwServiceGroupsArgs.builder()
        .ids(0)
        .build())
    .nwServices(FirewallFilteringRuleNwServicesArgs.builder()
        .ids(0)
        .build())
    .order(0)
    .predefined(false)
    .rank(0)
    .srcIpGroups(FirewallFilteringRuleSrcIpGroupsArgs.builder()
        .ids(0)
        .build())
    .srcIps("string")
    .state("string")
    .timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
        .ids(0)
        .build())
    .users(FirewallFilteringRuleUsersArgs.builder()
        .ids(0)
        .build())
    .workloadGroups(FirewallFilteringRuleWorkloadGroupArgs.builder()
        .id(0)
        .name("string")
        .build())
    .zpaAppSegments(FirewallFilteringRuleZpaAppSegmentArgs.builder()
        .externalId("string")
        .name("string")
        .build())
    .build());

firewall_filtering_rule_resource = zia.FirewallFilteringRule("firewallFilteringRuleResource",
    action="string",
    app_service_groups=zia.FirewallFilteringRuleAppServiceGroupsArgs(
        ids=[0],
    ),
    app_services=zia.FirewallFilteringRuleAppServicesArgs(
        ids=[0],
    ),
    default_rule=False,
    departments=zia.FirewallFilteringRuleDepartmentsArgs(
        ids=[0],
    ),
    description="string",
    dest_addresses=["string"],
    dest_countries=["string"],
    dest_ip_categories=["string"],
    dest_ip_groups=zia.FirewallFilteringRuleDestIpGroupsArgs(
        ids=[0],
    ),
    device_groups=zia.FirewallFilteringRuleDeviceGroupsArgs(
        ids=[0],
    ),
    device_trust_levels=["string"],
    devices=zia.FirewallFilteringRuleDevicesArgs(
        ids=[0],
    ),
    enable_full_logging=False,
    groups=zia.FirewallFilteringRuleGroupsArgs(
        ids=[0],
    ),
    labels=zia.FirewallFilteringRuleLabelsArgs(
        id=0,
    ),
    location_groups=zia.FirewallFilteringRuleLocationGroupsArgs(
        ids=[0],
    ),
    locations=zia.FirewallFilteringRuleLocationsArgs(
        ids=[0],
    ),
    name="string",
    nw_application_groups=zia.FirewallFilteringRuleNwApplicationGroupsArgs(
        ids=[0],
    ),
    nw_applications=["string"],
    nw_service_groups=zia.FirewallFilteringRuleNwServiceGroupsArgs(
        ids=[0],
    ),
    nw_services=zia.FirewallFilteringRuleNwServicesArgs(
        ids=[0],
    ),
    order=0,
    predefined=False,
    rank=0,
    src_ip_groups=zia.FirewallFilteringRuleSrcIpGroupsArgs(
        ids=[0],
    ),
    src_ips=["string"],
    state="string",
    time_windows=zia.FirewallFilteringRuleTimeWindowsArgs(
        ids=[0],
    ),
    users=zia.FirewallFilteringRuleUsersArgs(
        ids=[0],
    ),
    workload_groups=[zia.FirewallFilteringRuleWorkloadGroupArgs(
        id=0,
        name="string",
    )],
    zpa_app_segments=[zia.FirewallFilteringRuleZpaAppSegmentArgs(
        external_id="string",
        name="string",
    )])

const firewallFilteringRuleResource = new zia.FirewallFilteringRule("firewallFilteringRuleResource", {
    action: "string",
    appServiceGroups: {
        ids: [0],
    },
    appServices: {
        ids: [0],
    },
    defaultRule: false,
    departments: {
        ids: [0],
    },
    description: "string",
    destAddresses: ["string"],
    destCountries: ["string"],
    destIpCategories: ["string"],
    destIpGroups: {
        ids: [0],
    },
    deviceGroups: {
        ids: [0],
    },
    deviceTrustLevels: ["string"],
    devices: {
        ids: [0],
    },
    enableFullLogging: false,
    groups: {
        ids: [0],
    },
    labels: {
        id: 0,
    },
    locationGroups: {
        ids: [0],
    },
    locations: {
        ids: [0],
    },
    name: "string",
    nwApplicationGroups: {
        ids: [0],
    },
    nwApplications: ["string"],
    nwServiceGroups: {
        ids: [0],
    },
    nwServices: {
        ids: [0],
    },
    order: 0,
    predefined: false,
    rank: 0,
    srcIpGroups: {
        ids: [0],
    },
    srcIps: ["string"],
    state: "string",
    timeWindows: {
        ids: [0],
    },
    users: {
        ids: [0],
    },
    workloadGroups: [{
        id: 0,
        name: "string",
    }],
    zpaAppSegments: [{
        externalId: "string",
        name: "string",
    }],
});

type: zia:FirewallFilteringRule
properties:
    action: string
    appServiceGroups:
        ids:
            - 0
    appServices:
        ids:
            - 0
    defaultRule: false
    departments:
        ids:
            - 0
    description: string
    destAddresses:
        - string
    destCountries:
        - string
    destIpCategories:
        - string
    destIpGroups:
        ids:
            - 0
    deviceGroups:
        ids:
            - 0
    deviceTrustLevels:
        - string
    devices:
        ids:
            - 0
    enableFullLogging: false
    groups:
        ids:
            - 0
    labels:
        id: 0
    locationGroups:
        ids:
            - 0
    locations:
        ids:
            - 0
    name: string
    nwApplicationGroups:
        ids:
            - 0
    nwApplications:
        - string
    nwServiceGroups:
        ids:
            - 0
    nwServices:
        ids:
            - 0
    order: 0
    predefined: false
    rank: 0
    srcIpGroups:
        ids:
            - 0
    srcIps:
        - string
    state: string
    timeWindows:
        ids:
            - 0
    users:
        ids:
            - 0
    workloadGroups:
        - id: 0
          name: string
    zpaAppSegments:
        - externalId: string
          name: string

FirewallFilteringRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallFilteringRule resource accepts the following input properties:

Action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

AppServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

AppServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServices

Application services on which this rule is applied

DefaultRule bool

If set to true, the default rule is applied

Departments zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

Description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

DestAddresses List<string>

** - (Optional) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.

DestCountries List<string>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

DestIpCategories List<string>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

DeviceTrustLevels List<string>

List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.

Devices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

EnableFullLogging bool

Groups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

Labels zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLabels

Labels that are applicable to the rule.

LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

Locations zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

Name string

The name of the workload group

Other Exported Arguments

NwApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

NwApplications List<string>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServices

When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.

network applications supports the following attributes:

Order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

Predefined bool

If set to true, a predefined rule is applied

Rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

SrcIps List<string>

You can enter individual IP addresses, subnets, or address ranges.

State string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

Users zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleWorkloadGroup>

The list of preconfigured workload groups to which the policy must be applied

ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleZpaAppSegment>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

Action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs

Application service groups on which this rule is applied

AppServices FirewallFilteringRuleAppServicesArgs

Application services on which this rule is applied

DefaultRule bool

If set to true, the default rule is applied

Departments FirewallFilteringRuleDepartmentsArgs

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

Description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

DestAddresses []string

DestCountries []string

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

DestIpCategories []string

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

DestIpGroups FirewallFilteringRuleDestIpGroupsArgs

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

DeviceGroups FirewallFilteringRuleDeviceGroupsArgs

This field is applicable for devices that are managed using Zscaler Client Connector.

DeviceTrustLevels []string

Devices FirewallFilteringRuleDevicesArgs

Name-ID pairs of devices for which rule must be applied.

EnableFullLogging bool

Groups FirewallFilteringRuleGroupsArgs

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

Labels FirewallFilteringRuleLabelsArgs

Labels that are applicable to the rule.

LocationGroups FirewallFilteringRuleLocationGroupsArgs

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

Locations FirewallFilteringRuleLocationsArgs

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

Name string

The name of the workload group

Other Exported Arguments

NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

NwApplications []string

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs

Any number of predefined or custom network service groups to which the rule applies.

NwServices FirewallFilteringRuleNwServicesArgs

network applications supports the following attributes:

Order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

Predefined bool

If set to true, a predefined rule is applied

Rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs

Any number of source IP address groups that you want to control with this rule.

SrcIps []string

You can enter individual IP addresses, subnets, or address ranges.

State string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

TimeWindows FirewallFilteringRuleTimeWindowsArgs

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

Users FirewallFilteringRuleUsersArgs

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

WorkloadGroups []FirewallFilteringRuleWorkloadGroupArgs

The list of preconfigured workload groups to which the policy must be applied

ZpaAppSegments []FirewallFilteringRuleZpaAppSegmentArgs

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action String

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

appServices FirewallFilteringRuleAppServices

Application services on which this rule is applied

defaultRule Boolean

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description String

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses List<String>

destCountries List<String>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories List<String>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels List<String>

devices FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

enableFullLogging Boolean

groups FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabels

Labels that are applicable to the rule.

locationGroups FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name String

The name of the workload group

Other Exported Arguments

nwApplicationGroups FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications List<String>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

nwServices FirewallFilteringRuleNwServices

network applications supports the following attributes:

order Integer

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined Boolean

If set to true, a predefined rule is applied

rank Integer

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

srcIpGroups FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

srcIps List<String>

You can enter individual IP addresses, subnets, or address ranges.

state String

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups List<FirewallFilteringRuleWorkloadGroup>

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments List<FirewallFilteringRuleZpaAppSegment>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

appServices FirewallFilteringRuleAppServices

Application services on which this rule is applied

defaultRule boolean

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses string[]

destCountries string[]

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories string[]

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels string[]

devices FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

enableFullLogging boolean

groups FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabels

Labels that are applicable to the rule.

locationGroups FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name string

The name of the workload group

Other Exported Arguments

nwApplicationGroups FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications string[]

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

nwServices FirewallFilteringRuleNwServices

network applications supports the following attributes:

order number

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined boolean

If set to true, a predefined rule is applied

rank number

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

srcIpGroups FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

srcIps string[]

You can enter individual IP addresses, subnets, or address ranges.

state string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups FirewallFilteringRuleWorkloadGroup[]

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments FirewallFilteringRuleZpaAppSegment[]

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action str

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

app_service_groups FirewallFilteringRuleAppServiceGroupsArgs

Application service groups on which this rule is applied

app_services FirewallFilteringRuleAppServicesArgs

Application services on which this rule is applied

default_rule bool

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartmentsArgs

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description str

Enter additional notes or information. The description cannot exceed 10,240 characters.

dest_addresses Sequence[str]

dest_countries Sequence[str]

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

dest_ip_categories Sequence[str]

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

device_groups FirewallFilteringRuleDeviceGroupsArgs

This field is applicable for devices that are managed using Zscaler Client Connector.

device_trust_levels Sequence[str]

devices FirewallFilteringRuleDevicesArgs

Name-ID pairs of devices for which rule must be applied.

enable_full_logging bool

groups FirewallFilteringRuleGroupsArgs

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabelsArgs

Labels that are applicable to the rule.

location_groups FirewallFilteringRuleLocationGroupsArgs

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocationsArgs

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name str

The name of the workload group

Other Exported Arguments

nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nw_applications Sequence[str]

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs

Any number of predefined or custom network service groups to which the rule applies.

nw_services FirewallFilteringRuleNwServicesArgs

network applications supports the following attributes:

order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined bool

If set to true, a predefined rule is applied

rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs

Any number of source IP address groups that you want to control with this rule.

src_ips Sequence[str]

You can enter individual IP addresses, subnets, or address ranges.

state str

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

time_windows FirewallFilteringRuleTimeWindowsArgs

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsersArgs

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workload_groups Sequence[FirewallFilteringRuleWorkloadGroupArgs]

The list of preconfigured workload groups to which the policy must be applied

zpa_app_segments Sequence[FirewallFilteringRuleZpaAppSegmentArgs]

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action String

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups Property Map

Application service groups on which this rule is applied

appServices Property Map

Application services on which this rule is applied

defaultRule Boolean

If set to true, the default rule is applied

departments Property Map

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description String

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses List<String>

destCountries List<String>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories List<String>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups Property Map

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups Property Map

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels List<String>

devices Property Map

Name-ID pairs of devices for which rule must be applied.

enableFullLogging Boolean

groups Property Map

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels Property Map

Labels that are applicable to the rule.

locationGroups Property Map

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations Property Map

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name String

The name of the workload group

Other Exported Arguments

nwApplicationGroups Property Map

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications List<String>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups Property Map

Any number of predefined or custom network service groups to which the rule applies.

nwServices Property Map

network applications supports the following attributes:

order Number

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined Boolean

If set to true, a predefined rule is applied

rank Number

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

srcIpGroups Property Map

Any number of source IP address groups that you want to control with this rule.

srcIps List<String>

You can enter individual IP addresses, subnets, or address ranges.

state String

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows Property Map

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users Property Map

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups List<Property Map>

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments List<Property Map>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallFilteringRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing FirewallFilteringRule Resource

Get an existing FirewallFilteringRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallFilteringRuleState, opts?: CustomResourceOptions): FirewallFilteringRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
        app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
        default_rule: Optional[bool] = None,
        departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dest_addresses: Optional[Sequence[str]] = None,
        dest_countries: Optional[Sequence[str]] = None,
        dest_ip_categories: Optional[Sequence[str]] = None,
        dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
        device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
        device_trust_levels: Optional[Sequence[str]] = None,
        devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
        enable_full_logging: Optional[bool] = None,
        groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
        labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
        location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
        locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
        name: Optional[str] = None,
        nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
        nw_applications: Optional[Sequence[str]] = None,
        nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
        nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
        order: Optional[int] = None,
        predefined: Optional[bool] = None,
        rank: Optional[int] = None,
        rule_id: Optional[int] = None,
        src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
        src_ips: Optional[Sequence[str]] = None,
        state: Optional[str] = None,
        time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
        users: Optional[FirewallFilteringRuleUsersArgs] = None,
        workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
        zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None) -> FirewallFilteringRule

func GetFirewallFilteringRule(ctx *Context, name string, id IDInput, state *FirewallFilteringRuleState, opts ...ResourceOption) (*FirewallFilteringRule, error)

public static FirewallFilteringRule Get(string name, Input<string> id, FirewallFilteringRuleState? state, CustomResourceOptions? opts = null)

public static FirewallFilteringRule get(String name, Output<String> id, FirewallFilteringRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

AppServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

AppServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleAppServices

Application services on which this rule is applied

DefaultRule bool

If set to true, the default rule is applied

Departments zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

Description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

DestAddresses List<string>

DestCountries List<string>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

DestIpCategories List<string>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

DeviceTrustLevels List<string>

Devices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

EnableFullLogging bool

Groups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

Labels zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLabels

Labels that are applicable to the rule.

LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

Locations zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

Name string

The name of the workload group

Other Exported Arguments

NwApplicationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

NwApplications List<string>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleNwServices

network applications supports the following attributes:

Order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

Predefined bool

If set to true, a predefined rule is applied

Rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

RuleId int

SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

SrcIps List<string>

You can enter individual IP addresses, subnets, or address ranges.

State string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

Users zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleWorkloadGroup>

The list of preconfigured workload groups to which the policy must be applied

ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallFilteringRuleZpaAppSegment>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

Action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

AppServiceGroups FirewallFilteringRuleAppServiceGroupsArgs

Application service groups on which this rule is applied

AppServices FirewallFilteringRuleAppServicesArgs

Application services on which this rule is applied

DefaultRule bool

If set to true, the default rule is applied

Departments FirewallFilteringRuleDepartmentsArgs

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

Description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

DestAddresses []string

DestCountries []string

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

DestIpCategories []string

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

DestIpGroups FirewallFilteringRuleDestIpGroupsArgs

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

DeviceGroups FirewallFilteringRuleDeviceGroupsArgs

This field is applicable for devices that are managed using Zscaler Client Connector.

DeviceTrustLevels []string

Devices FirewallFilteringRuleDevicesArgs

Name-ID pairs of devices for which rule must be applied.

EnableFullLogging bool

Groups FirewallFilteringRuleGroupsArgs

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

Labels FirewallFilteringRuleLabelsArgs

Labels that are applicable to the rule.

LocationGroups FirewallFilteringRuleLocationGroupsArgs

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

Locations FirewallFilteringRuleLocationsArgs

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

Name string

The name of the workload group

Other Exported Arguments

NwApplicationGroups FirewallFilteringRuleNwApplicationGroupsArgs

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

NwApplications []string

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

NwServiceGroups FirewallFilteringRuleNwServiceGroupsArgs

Any number of predefined or custom network service groups to which the rule applies.

NwServices FirewallFilteringRuleNwServicesArgs

network applications supports the following attributes:

Order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

Predefined bool

If set to true, a predefined rule is applied

Rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

RuleId int

SrcIpGroups FirewallFilteringRuleSrcIpGroupsArgs

Any number of source IP address groups that you want to control with this rule.

SrcIps []string

You can enter individual IP addresses, subnets, or address ranges.

State string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

TimeWindows FirewallFilteringRuleTimeWindowsArgs

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

Users FirewallFilteringRuleUsersArgs

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

WorkloadGroups []FirewallFilteringRuleWorkloadGroupArgs

The list of preconfigured workload groups to which the policy must be applied

ZpaAppSegments []FirewallFilteringRuleZpaAppSegmentArgs

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action String

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

appServices FirewallFilteringRuleAppServices

Application services on which this rule is applied

defaultRule Boolean

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description String

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses List<String>

destCountries List<String>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories List<String>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels List<String>

devices FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

enableFullLogging Boolean

groups FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabels

Labels that are applicable to the rule.

locationGroups FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name String

The name of the workload group

Other Exported Arguments

nwApplicationGroups FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications List<String>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

nwServices FirewallFilteringRuleNwServices

network applications supports the following attributes:

order Integer

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined Boolean

If set to true, a predefined rule is applied

rank Integer

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

ruleId Integer

srcIpGroups FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

srcIps List<String>

You can enter individual IP addresses, subnets, or address ranges.

state String

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups List<FirewallFilteringRuleWorkloadGroup>

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments List<FirewallFilteringRuleZpaAppSegment>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action string

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups FirewallFilteringRuleAppServiceGroups

Application service groups on which this rule is applied

appServices FirewallFilteringRuleAppServices

Application services on which this rule is applied

defaultRule boolean

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartments

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description string

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses string[]

destCountries string[]

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories string[]

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups FirewallFilteringRuleDestIpGroups

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups FirewallFilteringRuleDeviceGroups

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels string[]

devices FirewallFilteringRuleDevices

Name-ID pairs of devices for which rule must be applied.

enableFullLogging boolean

groups FirewallFilteringRuleGroups

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabels

Labels that are applicable to the rule.

locationGroups FirewallFilteringRuleLocationGroups

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocations

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name string

The name of the workload group

Other Exported Arguments

nwApplicationGroups FirewallFilteringRuleNwApplicationGroups

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications string[]

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups FirewallFilteringRuleNwServiceGroups

Any number of predefined or custom network service groups to which the rule applies.

nwServices FirewallFilteringRuleNwServices

network applications supports the following attributes:

order number

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined boolean

If set to true, a predefined rule is applied

rank number

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

ruleId number

srcIpGroups FirewallFilteringRuleSrcIpGroups

Any number of source IP address groups that you want to control with this rule.

srcIps string[]

You can enter individual IP addresses, subnets, or address ranges.

state string

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows FirewallFilteringRuleTimeWindows

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsers

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups FirewallFilteringRuleWorkloadGroup[]

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments FirewallFilteringRuleZpaAppSegment[]

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action str

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

app_service_groups FirewallFilteringRuleAppServiceGroupsArgs

Application service groups on which this rule is applied

app_services FirewallFilteringRuleAppServicesArgs

Application services on which this rule is applied

default_rule bool

If set to true, the default rule is applied

departments FirewallFilteringRuleDepartmentsArgs

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description str

Enter additional notes or information. The description cannot exceed 10,240 characters.

dest_addresses Sequence[str]

dest_countries Sequence[str]

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

dest_ip_categories Sequence[str]

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

dest_ip_groups FirewallFilteringRuleDestIpGroupsArgs

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

device_groups FirewallFilteringRuleDeviceGroupsArgs

This field is applicable for devices that are managed using Zscaler Client Connector.

device_trust_levels Sequence[str]

devices FirewallFilteringRuleDevicesArgs

Name-ID pairs of devices for which rule must be applied.

enable_full_logging bool

groups FirewallFilteringRuleGroupsArgs

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels FirewallFilteringRuleLabelsArgs

Labels that are applicable to the rule.

location_groups FirewallFilteringRuleLocationGroupsArgs

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations FirewallFilteringRuleLocationsArgs

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name str

The name of the workload group

Other Exported Arguments

nw_application_groups FirewallFilteringRuleNwApplicationGroupsArgs

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nw_applications Sequence[str]

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nw_service_groups FirewallFilteringRuleNwServiceGroupsArgs

Any number of predefined or custom network service groups to which the rule applies.

nw_services FirewallFilteringRuleNwServicesArgs

network applications supports the following attributes:

order int

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined bool

If set to true, a predefined rule is applied

rank int

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

rule_id int

src_ip_groups FirewallFilteringRuleSrcIpGroupsArgs

Any number of source IP address groups that you want to control with this rule.

src_ips Sequence[str]

You can enter individual IP addresses, subnets, or address ranges.

state str

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

time_windows FirewallFilteringRuleTimeWindowsArgs

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users FirewallFilteringRuleUsersArgs

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workload_groups Sequence[FirewallFilteringRuleWorkloadGroupArgs]

The list of preconfigured workload groups to which the policy must be applied

zpa_app_segments Sequence[FirewallFilteringRuleZpaAppSegmentArgs]

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

action String

Choose the action of the service when packets match the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BLOCK_ICMP, EVAL_NWAPP

appServiceGroups Property Map

Application service groups on which this rule is applied

appServices Property Map

Application services on which this rule is applied

defaultRule Boolean

If set to true, the default rule is applied

departments Property Map

Apply to any number of departments When not used it implies Any to apply the rule to all departments.

description String

Enter additional notes or information. The description cannot exceed 10,240 characters.

destAddresses List<String>

destCountries List<String>

** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.

destIpCategories List<String>

** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.

destIpGroups Property Map

** - (Optional) Any number of destination IP address groups that you want to control with this rule.

deviceGroups Property Map

This field is applicable for devices that are managed using Zscaler Client Connector.

deviceTrustLevels List<String>

devices Property Map

Name-ID pairs of devices for which rule must be applied.

enableFullLogging Boolean

groups Property Map

You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.

labels Property Map

Labels that are applicable to the rule.

locationGroups Property Map

You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.

locations Property Map

You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.

name String

The name of the workload group

Other Exported Arguments

nwApplicationGroups Property Map

Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify

nwApplications List<String>

When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.

source ip addresses supports the following attributes:

nwServiceGroups Property Map

Any number of predefined or custom network service groups to which the rule applies.

nwServices Property Map

network applications supports the following attributes:

order Number

Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.

predefined Boolean

If set to true, a predefined rule is applied

rank Number

By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.

Who, Where and When supports the following attributes:

ruleId Number

srcIpGroups Property Map

Any number of source IP address groups that you want to control with this rule.

srcIps List<String>

You can enter individual IP addresses, subnets, or address ranges.

state String

An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.

timeWindows Property Map

You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.

users Property Map

You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

workloadGroups List<Property Map>

The list of preconfigured workload groups to which the policy must be applied

zpaAppSegments List<Property Map>

The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.

Supporting Types

FirewallFilteringRuleAppServiceGroups, FirewallFilteringRuleAppServiceGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleAppServices, FirewallFilteringRuleAppServicesArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleDepartments, FirewallFilteringRuleDepartmentsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleDestIpGroups, FirewallFilteringRuleDestIpGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleDeviceGroups, FirewallFilteringRuleDeviceGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleDevices, FirewallFilteringRuleDevicesArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleGroups, FirewallFilteringRuleGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleLabels, FirewallFilteringRuleLabelsArgs

Id int: A unique identifier assigned to the workload group

Id int: A unique identifier assigned to the workload group

id Integer: A unique identifier assigned to the workload group

id number: A unique identifier assigned to the workload group

id int: A unique identifier assigned to the workload group

id Number: A unique identifier assigned to the workload group

FirewallFilteringRuleLocationGroups, FirewallFilteringRuleLocationGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleLocations, FirewallFilteringRuleLocationsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleNwApplicationGroups, FirewallFilteringRuleNwApplicationGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleNwServiceGroups, FirewallFilteringRuleNwServiceGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleNwServices, FirewallFilteringRuleNwServicesArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleSrcIpGroups, FirewallFilteringRuleSrcIpGroupsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleTimeWindows, FirewallFilteringRuleTimeWindowsArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleUsers, FirewallFilteringRuleUsersArgs

Ids List<int>: A unique identifier assigned to the workload group

Ids []int: A unique identifier assigned to the workload group

ids List<Integer>: A unique identifier assigned to the workload group

ids number[]: A unique identifier assigned to the workload group

ids Sequence[int]: A unique identifier assigned to the workload group

ids List<Number>: A unique identifier assigned to the workload group

FirewallFilteringRuleWorkloadGroup, FirewallFilteringRuleWorkloadGroupArgs

Id int

A unique identifier assigned to the workload group

Name string

The name of the workload group

Other Exported Arguments

Id int

A unique identifier assigned to the workload group

Name string

The name of the workload group

Other Exported Arguments

id Integer

A unique identifier assigned to the workload group

name String

The name of the workload group

Other Exported Arguments

id number

A unique identifier assigned to the workload group

name string

The name of the workload group

Other Exported Arguments

id int

A unique identifier assigned to the workload group

name str

The name of the workload group

Other Exported Arguments

id Number

A unique identifier assigned to the workload group

name String

The name of the workload group

Other Exported Arguments

FirewallFilteringRuleZpaAppSegment, FirewallFilteringRuleZpaAppSegmentArgs

ExternalId string

External ID of the application segment.

Name string

The name of the workload group

Other Exported Arguments

ExternalId string

External ID of the application segment.

Name string

The name of the workload group

Other Exported Arguments

externalId String

External ID of the application segment.

name String

The name of the workload group

Other Exported Arguments

externalId string

External ID of the application segment.

name string

The name of the workload group

Other Exported Arguments

external_id str

External ID of the application segment.

name str

The name of the workload group

Other Exported Arguments

externalId String

External ID of the application segment.

name String

The name of the workload group

Other Exported Arguments

Import

Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.

Visit

zia_firewall_filtering_rule can be imported by using <RULE ID> or <RULE NAME> as the import ID.

For example:

$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_id>

$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_name>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler

zscaler/pulumi-zia

zia.FirewallFilteringRule

On this page

On this page

Example Usage

Create FirewallFilteringRule Resource

Constructor syntax

Parameters

Constructor example

FirewallFilteringRule Resource Properties

Inputs

Outputs

Look up Existing FirewallFilteringRule Resource

Supporting Types

FirewallFilteringRuleAppServiceGroups, FirewallFilteringRuleAppServiceGroupsArgs

FirewallFilteringRuleAppServices, FirewallFilteringRuleAppServicesArgs

FirewallFilteringRuleDepartments, FirewallFilteringRuleDepartmentsArgs

FirewallFilteringRuleDestIpGroups, FirewallFilteringRuleDestIpGroupsArgs

FirewallFilteringRuleDeviceGroups, FirewallFilteringRuleDeviceGroupsArgs

FirewallFilteringRuleDevices, FirewallFilteringRuleDevicesArgs

FirewallFilteringRuleGroups, FirewallFilteringRuleGroupsArgs

FirewallFilteringRuleLabels, FirewallFilteringRuleLabelsArgs

FirewallFilteringRuleLocationGroups, FirewallFilteringRuleLocationGroupsArgs

FirewallFilteringRuleLocations, FirewallFilteringRuleLocationsArgs

FirewallFilteringRuleNwApplicationGroups, FirewallFilteringRuleNwApplicationGroupsArgs

FirewallFilteringRuleNwServiceGroups, FirewallFilteringRuleNwServiceGroupsArgs

FirewallFilteringRuleNwServices, FirewallFilteringRuleNwServicesArgs

FirewallFilteringRuleSrcIpGroups, FirewallFilteringRuleSrcIpGroupsArgs

FirewallFilteringRuleTimeWindows, FirewallFilteringRuleTimeWindowsArgs

FirewallFilteringRuleUsers, FirewallFilteringRuleUsersArgs

FirewallFilteringRuleWorkloadGroup, FirewallFilteringRuleWorkloadGroupArgs

FirewallFilteringRuleZpaAppSegment, FirewallFilteringRuleZpaAppSegmentArgs

Import

Package Details

On this page

On this page