Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_firewall_ips_rule resource manages firewall IPS (Intrusion Prevention System) rules in the Zscaler Internet Access (ZIA) cloud service. IPS rules allow you to detect and prevent network intrusions by inspecting traffic for known threat signatures and anomalous patterns.
For more information, see the ZIA IPS Control Policies documentation.
Example Usage
Basic Firewall IPS Rule
Example coming soon!
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zia.NewFirewallIPSRule(ctx, "example", &zia.FirewallIPSRuleArgs{
Name: pulumi.String("Example IPS Rule"),
Description: pulumi.StringRef("Block intrusion attempts"),
Order: pulumi.Int(1),
State: pulumi.StringRef("ENABLED"),
Action: pulumi.StringRef("BLOCK_DROP"),
})
return err
})
}
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.FirewallIPSRule("example", {
name: "Example IPS Rule",
description: "Block intrusion attempts",
order: 1,
state: "ENABLED",
action: "BLOCK_DROP",
});
import zscaler_pulumi_zia as zia
example = zia.FirewallIPSRule("example",
name="Example IPS Rule",
description="Block intrusion attempts",
order=1,
state="ENABLED",
action="BLOCK_DROP",
)
resources:
example:
type: zia:FirewallIPSRule
properties:
name: Example IPS Rule
description: Block intrusion attempts
order: 1
state: ENABLED
action: BLOCK_DROP
Create FirewallIPSRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallIPSRule(name: string, args: FirewallIPSRuleArgs, opts?: CustomResourceOptions);@overload
def FirewallIPSRule(resource_name: str,
args: FirewallIPSRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallIPSRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
order: Optional[int] = None,
labels: Optional[Sequence[int]] = None,
default_rule: Optional[bool] = None,
description: Optional[str] = None,
dest_addresses: Optional[Sequence[str]] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[Sequence[int]] = None,
dest_ipv6_groups: Optional[Sequence[int]] = None,
device_groups: Optional[Sequence[int]] = None,
devices: Optional[Sequence[int]] = None,
enable_full_logging: Optional[bool] = None,
eun_template_id: Optional[int] = None,
groups: Optional[Sequence[int]] = None,
is_eun_enabled: Optional[bool] = None,
action: Optional[str] = None,
location_groups: Optional[Sequence[int]] = None,
departments: Optional[Sequence[int]] = None,
nw_service_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
nw_services: Optional[Sequence[int]] = None,
capture_pcap: Optional[bool] = None,
predefined: Optional[bool] = None,
rank: Optional[int] = None,
res_categories: Optional[Sequence[str]] = None,
source_countries: Optional[Sequence[str]] = None,
src_ip_groups: Optional[Sequence[int]] = None,
src_ips: Optional[Sequence[str]] = None,
src_ipv6_groups: Optional[Sequence[int]] = None,
state: Optional[str] = None,
threat_categories: Optional[Sequence[int]] = None,
time_windows: Optional[Sequence[int]] = None,
users: Optional[Sequence[int]] = None,
zpa_app_segments: Optional[Sequence[ZPAAppSegmentInputArgs]] = None)func NewFirewallIPSRule(ctx *Context, name string, args FirewallIPSRuleArgs, opts ...ResourceOption) (*FirewallIPSRule, error)public FirewallIPSRule(string name, FirewallIPSRuleArgs args, CustomResourceOptions? opts = null)
public FirewallIPSRule(String name, FirewallIPSRuleArgs args)
public FirewallIPSRule(String name, FirewallIPSRuleArgs args, CustomResourceOptions options)
type: zia:FirewallIPSRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallIPSRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallIPSRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallIPSRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallIPSRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallIPSRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallIPSRuleResource = new Zia.FirewallIPSRule("firewallIPSRuleResource", new()
{
Name = "string",
Order = 0,
Labels = new[]
{
0,
},
DefaultRule = false,
Description = "string",
DestAddresses = new[]
{
"string",
},
DestCountries = new[]
{
"string",
},
DestIpCategories = new[]
{
"string",
},
DestIpGroups = new[]
{
0,
},
DestIpv6Groups = new[]
{
0,
},
DeviceGroups = new[]
{
0,
},
Devices = new[]
{
0,
},
EnableFullLogging = false,
EunTemplateId = 0,
Groups = new[]
{
0,
},
IsEunEnabled = false,
Action = "string",
LocationGroups = new[]
{
0,
},
Departments = new[]
{
0,
},
NwServiceGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
NwServices = new[]
{
0,
},
CapturePcap = false,
Predefined = false,
Rank = 0,
ResCategories = new[]
{
"string",
},
SourceCountries = new[]
{
"string",
},
SrcIpGroups = new[]
{
0,
},
SrcIps = new[]
{
"string",
},
SrcIpv6Groups = new[]
{
0,
},
State = "string",
ThreatCategories = new[]
{
0,
},
TimeWindows = new[]
{
0,
},
Users = new[]
{
0,
},
ZpaAppSegments = new[]
{
new Zia.Inputs.ZPAAppSegmentInputArgs
{
ExternalId = "string",
Name = "string",
},
},
});
example, err := zia.NewFirewallIPSRule(ctx, "firewallIPSRuleResource", &zia.FirewallIPSRuleArgs{
Name: pulumi.String("string"),
Order: pulumi.Int(0),
Labels: pulumi.IntArray{
pulumi.Int(0),
},
DefaultRule: pulumi.Bool(false),
Description: pulumi.String("string"),
DestAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestCountries: pulumi.StringArray{
pulumi.String("string"),
},
DestIpCategories: pulumi.StringArray{
pulumi.String("string"),
},
DestIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
DestIpv6Groups: pulumi.IntArray{
pulumi.Int(0),
},
DeviceGroups: pulumi.IntArray{
pulumi.Int(0),
},
Devices: pulumi.IntArray{
pulumi.Int(0),
},
EnableFullLogging: pulumi.Bool(false),
EunTemplateId: pulumi.Int(0),
Groups: pulumi.IntArray{
pulumi.Int(0),
},
IsEunEnabled: pulumi.Bool(false),
Action: pulumi.String("string"),
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Departments: pulumi.IntArray{
pulumi.Int(0),
},
NwServiceGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
NwServices: pulumi.IntArray{
pulumi.Int(0),
},
CapturePcap: pulumi.Bool(false),
Predefined: pulumi.Bool(false),
Rank: pulumi.Int(0),
ResCategories: pulumi.StringArray{
pulumi.String("string"),
},
SourceCountries: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
SrcIps: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpv6Groups: pulumi.IntArray{
pulumi.Int(0),
},
State: pulumi.String("string"),
ThreatCategories: pulumi.IntArray{
pulumi.Int(0),
},
TimeWindows: pulumi.IntArray{
pulumi.Int(0),
},
Users: pulumi.IntArray{
pulumi.Int(0),
},
ZpaAppSegments: pulumizia.ZPAAppSegmentInputArray{
&pulumizia.ZPAAppSegmentInputArgs{
ExternalId: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
})
var firewallIPSRuleResource = new FirewallIPSRule("firewallIPSRuleResource", FirewallIPSRuleArgs.builder()
.name("string")
.order(0)
.labels(0)
.defaultRule(false)
.description("string")
.destAddresses("string")
.destCountries("string")
.destIpCategories("string")
.destIpGroups(0)
.destIpv6Groups(0)
.deviceGroups(0)
.devices(0)
.enableFullLogging(false)
.eunTemplateId(0)
.groups(0)
.isEunEnabled(false)
.action("string")
.locationGroups(0)
.departments(0)
.nwServiceGroups(0)
.locations(0)
.nwServices(0)
.capturePcap(false)
.predefined(false)
.rank(0)
.resCategories("string")
.sourceCountries("string")
.srcIpGroups(0)
.srcIps("string")
.srcIpv6Groups(0)
.state("string")
.threatCategories(0)
.timeWindows(0)
.users(0)
.zpaAppSegments(ZPAAppSegmentInputArgs.builder()
.externalId("string")
.name("string")
.build())
.build());
firewall_ips_rule_resource = zia.FirewallIPSRule("firewallIPSRuleResource",
name="string",
order=0,
labels=[0],
default_rule=False,
description="string",
dest_addresses=["string"],
dest_countries=["string"],
dest_ip_categories=["string"],
dest_ip_groups=[0],
dest_ipv6_groups=[0],
device_groups=[0],
devices=[0],
enable_full_logging=False,
eun_template_id=0,
groups=[0],
is_eun_enabled=False,
action="string",
location_groups=[0],
departments=[0],
nw_service_groups=[0],
locations=[0],
nw_services=[0],
capture_pcap=False,
predefined=False,
rank=0,
res_categories=["string"],
source_countries=["string"],
src_ip_groups=[0],
src_ips=["string"],
src_ipv6_groups=[0],
state="string",
threat_categories=[0],
time_windows=[0],
users=[0],
zpa_app_segments=[{
"external_id": "string",
"name": "string",
}])
const firewallIPSRuleResource = new zia.FirewallIPSRule("firewallIPSRuleResource", {
name: "string",
order: 0,
labels: [0],
defaultRule: false,
description: "string",
destAddresses: ["string"],
destCountries: ["string"],
destIpCategories: ["string"],
destIpGroups: [0],
destIpv6Groups: [0],
deviceGroups: [0],
devices: [0],
enableFullLogging: false,
eunTemplateId: 0,
groups: [0],
isEunEnabled: false,
action: "string",
locationGroups: [0],
departments: [0],
nwServiceGroups: [0],
locations: [0],
nwServices: [0],
capturePcap: false,
predefined: false,
rank: 0,
resCategories: ["string"],
sourceCountries: ["string"],
srcIpGroups: [0],
srcIps: ["string"],
srcIpv6Groups: [0],
state: "string",
threatCategories: [0],
timeWindows: [0],
users: [0],
zpaAppSegments: [{
externalId: "string",
name: "string",
}],
});
type: zia:FirewallIPSRule
properties:
action: string
capturePcap: false
defaultRule: false
departments:
- 0
description: string
destAddresses:
- string
destCountries:
- string
destIpCategories:
- string
destIpGroups:
- 0
destIpv6Groups:
- 0
deviceGroups:
- 0
devices:
- 0
enableFullLogging: false
eunTemplateId: 0
groups:
- 0
isEunEnabled: false
labels:
- 0
locationGroups:
- 0
locations:
- 0
name: string
nwServiceGroups:
- 0
nwServices:
- 0
order: 0
predefined: false
rank: 0
resCategories:
- string
sourceCountries:
- string
srcIpGroups:
- 0
srcIps:
- string
srcIpv6Groups:
- 0
state: string
threatCategories:
- 0
timeWindows:
- 0
users:
- 0
zpaAppSegments:
- externalId: string
name: string
FirewallIPSRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallIPSRule resource accepts the following input properties:
- Name string
- The name of the firewall IPS rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other firewall IPS rules.
- Action string
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - Capture
Pcap bool - If set to true, enables packet capture (PCAP) for the rule.
- Default
Rule bool - Indicates whether this is the default firewall IPS rule.
- Departments List<int>
- IDs of departments to which the rule must be applied.
- Description string
- Additional information about the firewall IPS rule.
- Dest
Addresses List<string> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- Dest
Countries List<string> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- Dest
Ip List<string>Categories - Destination IP address URL categories for the rule.
- Dest
Ip List<int>Groups - IDs of destination IP address groups for the rule.
- Dest
Ipv6Groups List<int> - IDs of destination IPv6 address groups for the rule.
- Device
Groups List<int> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- Devices List<int>
- IDs of devices for which the rule must be applied.
- Enable
Full boolLogging - If set to true, enables full logging for the rule.
- Eun
Template intId - The ID of the end user notification template associated with the rule.
- Groups List<int>
- IDs of groups to which the rule must be applied.
- Is
Eun boolEnabled - If set to true, enables end user notification for the rule.
- Labels List<int>
- IDs of labels associated with the rule.
- Location
Groups List<int> - IDs of location groups to which the rule must be applied.
- Locations List<int>
- IDs of locations to which the rule must be applied.
- Nw
Service List<int>Groups - IDs of network service groups to which the rule applies.
- Nw
Services List<int> - IDs of network services to which the rule applies.
- Predefined bool
- Indicates whether this is a predefined rule.
- Rank int
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- Res
Categories List<string> - URL categories that apply to the response for the rule.
- Source
Countries List<string> - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- Src
Ip List<int>Groups - IDs of source IP address groups for the rule.
- Src
Ips List<string> - Source IP addresses or CIDR ranges for the rule.
- Src
Ipv6Groups List<int> - IDs of source IPv6 address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Threat
Categories List<int> - IDs of threat categories to which the rule applies.
- Time
Windows List<int> - IDs of time intervals during which the rule must be enforced.
- Users List<int>
- IDs of users to which the rule must be applied.
- Zpa
App List<zscaler.Segments Pulumi Package. Zia. Inputs. ZPAApp Segment Input> - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
- Name string
- The name of the firewall IPS rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other firewall IPS rules.
- Action string
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - Capture
Pcap bool - If set to true, enables packet capture (PCAP) for the rule.
- Default
Rule bool - Indicates whether this is the default firewall IPS rule.
- Departments []int
- IDs of departments to which the rule must be applied.
- Description string
- Additional information about the firewall IPS rule.
- Dest
Addresses []string - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- Dest
Countries []string - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- Dest
Ip []stringCategories - Destination IP address URL categories for the rule.
- Dest
Ip []intGroups - IDs of destination IP address groups for the rule.
- Dest
Ipv6Groups []int - IDs of destination IPv6 address groups for the rule.
- Device
Groups []int - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- Devices []int
- IDs of devices for which the rule must be applied.
- Enable
Full boolLogging - If set to true, enables full logging for the rule.
- Eun
Template intId - The ID of the end user notification template associated with the rule.
- Groups []int
- IDs of groups to which the rule must be applied.
- Is
Eun boolEnabled - If set to true, enables end user notification for the rule.
- Labels []int
- IDs of labels associated with the rule.
- Location
Groups []int - IDs of location groups to which the rule must be applied.
- Locations []int
- IDs of locations to which the rule must be applied.
- Nw
Service []intGroups - IDs of network service groups to which the rule applies.
- Nw
Services []int - IDs of network services to which the rule applies.
- Predefined bool
- Indicates whether this is a predefined rule.
- Rank int
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- Res
Categories []string - URL categories that apply to the response for the rule.
- Source
Countries []string - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- Src
Ip []intGroups - IDs of source IP address groups for the rule.
- Src
Ips []string - Source IP addresses or CIDR ranges for the rule.
- Src
Ipv6Groups []int - IDs of source IPv6 address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Threat
Categories []int - IDs of threat categories to which the rule applies.
- Time
Windows []int - IDs of time intervals during which the rule must be enforced.
- Users []int
- IDs of users to which the rule must be applied.
- Zpa
App []ZPAAppSegments Segment Input Args - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
- name String
- The name of the firewall IPS rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other firewall IPS rules.
- action String
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - capture
Pcap Boolean - If set to true, enables packet capture (PCAP) for the rule.
- default
Rule Boolean - Indicates whether this is the default firewall IPS rule.
- departments List<Integer>
- IDs of departments to which the rule must be applied.
- description String
- Additional information about the firewall IPS rule.
- dest
Addresses List<String> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries List<String> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip List<String>Categories - Destination IP address URL categories for the rule.
- dest
Ip List<Integer>Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups List<Integer> - IDs of destination IPv6 address groups for the rule.
- device
Groups List<Integer> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- devices List<Integer>
- IDs of devices for which the rule must be applied.
- enable
Full BooleanLogging - If set to true, enables full logging for the rule.
- eun
Template IntegerId - The ID of the end user notification template associated with the rule.
- groups List<Integer>
- IDs of groups to which the rule must be applied.
- is
Eun BooleanEnabled - If set to true, enables end user notification for the rule.
- labels List<Integer>
- IDs of labels associated with the rule.
- location
Groups List<Integer> - IDs of location groups to which the rule must be applied.
- locations List<Integer>
- IDs of locations to which the rule must be applied.
- nw
Service List<Integer>Groups - IDs of network service groups to which the rule applies.
- nw
Services List<Integer> - IDs of network services to which the rule applies.
- predefined Boolean
- Indicates whether this is a predefined rule.
- rank Integer
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- res
Categories List<String> - URL categories that apply to the response for the rule.
- source
Countries List<String> - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- src
Ip List<Integer>Groups - IDs of source IP address groups for the rule.
- src
Ips List<String> - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups List<Integer> - IDs of source IPv6 address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - threat
Categories List<Integer> - IDs of threat categories to which the rule applies.
- time
Windows List<Integer> - IDs of time intervals during which the rule must be enforced.
- users List<Integer>
- IDs of users to which the rule must be applied.
- zpa
App List<ZPAAppSegments Segment Input> - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
- name string
- The name of the firewall IPS rule. Must be unique.
- order number
- The order of execution of the rule with respect to other firewall IPS rules.
- action string
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - capture
Pcap boolean - If set to true, enables packet capture (PCAP) for the rule.
- default
Rule boolean - Indicates whether this is the default firewall IPS rule.
- departments number[]
- IDs of departments to which the rule must be applied.
- description string
- Additional information about the firewall IPS rule.
- dest
Addresses string[] - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries string[] - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip string[]Categories - Destination IP address URL categories for the rule.
- dest
Ip number[]Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups number[] - IDs of destination IPv6 address groups for the rule.
- device
Groups number[] - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- devices number[]
- IDs of devices for which the rule must be applied.
- enable
Full booleanLogging - If set to true, enables full logging for the rule.
- eun
Template numberId - The ID of the end user notification template associated with the rule.
- groups number[]
- IDs of groups to which the rule must be applied.
- is
Eun booleanEnabled - If set to true, enables end user notification for the rule.
- labels number[]
- IDs of labels associated with the rule.
- location
Groups number[] - IDs of location groups to which the rule must be applied.
- locations number[]
- IDs of locations to which the rule must be applied.
- nw
Service number[]Groups - IDs of network service groups to which the rule applies.
- nw
Services number[] - IDs of network services to which the rule applies.
- predefined boolean
- Indicates whether this is a predefined rule.
- rank number
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- res
Categories string[] - URL categories that apply to the response for the rule.
- source
Countries string[] - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- src
Ip number[]Groups - IDs of source IP address groups for the rule.
- src
Ips string[] - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups number[] - IDs of source IPv6 address groups for the rule.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - threat
Categories number[] - IDs of threat categories to which the rule applies.
- time
Windows number[] - IDs of time intervals during which the rule must be enforced.
- users number[]
- IDs of users to which the rule must be applied.
- zpa
App ZPAAppSegments Segment Input[] - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
- name str
- The name of the firewall IPS rule. Must be unique.
- order int
- The order of execution of the rule with respect to other firewall IPS rules.
- action str
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - capture_
pcap bool - If set to true, enables packet capture (PCAP) for the rule.
- default_
rule bool - Indicates whether this is the default firewall IPS rule.
- departments Sequence[int]
- IDs of departments to which the rule must be applied.
- description str
- Additional information about the firewall IPS rule.
- dest_
addresses Sequence[str] - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest_
countries Sequence[str] - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest_
ip_ Sequence[str]categories - Destination IP address URL categories for the rule.
- dest_
ip_ Sequence[int]groups - IDs of destination IP address groups for the rule.
- dest_
ipv6_ Sequence[int]groups - IDs of destination IPv6 address groups for the rule.
- device_
groups Sequence[int] - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- devices Sequence[int]
- IDs of devices for which the rule must be applied.
- enable_
full_ boollogging - If set to true, enables full logging for the rule.
- eun_
template_ intid - The ID of the end user notification template associated with the rule.
- groups Sequence[int]
- IDs of groups to which the rule must be applied.
- is_
eun_ boolenabled - If set to true, enables end user notification for the rule.
- labels Sequence[int]
- IDs of labels associated with the rule.
- location_
groups Sequence[int] - IDs of location groups to which the rule must be applied.
- locations Sequence[int]
- IDs of locations to which the rule must be applied.
- nw_
service_ Sequence[int]groups - IDs of network service groups to which the rule applies.
- nw_
services Sequence[int] - IDs of network services to which the rule applies.
- predefined bool
- Indicates whether this is a predefined rule.
- rank int
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- res_
categories Sequence[str] - URL categories that apply to the response for the rule.
- source_
countries Sequence[str] - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- src_
ip_ Sequence[int]groups - IDs of source IP address groups for the rule.
- src_
ips Sequence[str] - Source IP addresses or CIDR ranges for the rule.
- src_
ipv6_ Sequence[int]groups - IDs of source IPv6 address groups for the rule.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - threat_
categories Sequence[int] - IDs of threat categories to which the rule applies.
- time_
windows Sequence[int] - IDs of time intervals during which the rule must be enforced.
- users Sequence[int]
- IDs of users to which the rule must be applied.
- zpa_
app_ Sequence[ZPAAppsegments Segment Input Args] - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
- name String
- The name of the firewall IPS rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other firewall IPS rules.
- action String
- The action the rule takes when traffic matches. Valid values:
ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP. - capture
Pcap Boolean - If set to true, enables packet capture (PCAP) for the rule.
- default
Rule Boolean - Indicates whether this is the default firewall IPS rule.
- departments List<Number>
- IDs of departments to which the rule must be applied.
- description String
- Additional information about the firewall IPS rule.
- dest
Addresses List<String> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries List<String> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip List<String>Categories - Destination IP address URL categories for the rule.
- dest
Ip List<Number>Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups List<Number> - IDs of destination IPv6 address groups for the rule.
- device
Groups List<Number> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- devices List<Number>
- IDs of devices for which the rule must be applied.
- enable
Full BooleanLogging - If set to true, enables full logging for the rule.
- eun
Template NumberId - The ID of the end user notification template associated with the rule.
- groups List<Number>
- IDs of groups to which the rule must be applied.
- is
Eun BooleanEnabled - If set to true, enables end user notification for the rule.
- labels List<Number>
- IDs of labels associated with the rule.
- location
Groups List<Number> - IDs of location groups to which the rule must be applied.
- locations List<Number>
- IDs of locations to which the rule must be applied.
- nw
Service List<Number>Groups - IDs of network service groups to which the rule applies.
- nw
Services List<Number> - IDs of network services to which the rule applies.
- predefined Boolean
- Indicates whether this is a predefined rule.
- rank Number
- Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7.
- res
Categories List<String> - URL categories that apply to the response for the rule.
- source
Countries List<String> - Source countries (ISO 3166-1 alpha-2 codes) for the rule.
- src
Ip List<Number>Groups - IDs of source IP address groups for the rule.
- src
Ips List<String> - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups List<Number> - IDs of source IPv6 address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - threat
Categories List<Number> - IDs of threat categories to which the rule applies.
- time
Windows List<Number> - IDs of time intervals during which the rule must be enforced.
- users List<Number>
- IDs of users to which the rule must be applied.
- zpa
App List<Property Map>Segments - List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallIPSRule resource produces the following output properties:
Supporting Types
ZPAAppSegmentInput, ZPAAppSegmentInputArgs
- External
Id string - Name string
- External
Id string - Name string
- external
Id String - name String
- external
Id string - name string
- external_
id str - name str
- external
Id String - name String
Import
An existing Firewall IPS Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:FirewallIPSRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
