Zscaler Internet Access v1.0.1, Jun 6 25

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zia.FirewallIPSRule

Explore with Pulumi AI

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

Example Usage

data "zia_firewall_filtering_network_service" "zscaler_proxy_nw_services" {
    name = "ZSCALER_PROXY_NW_SERVICES"
}

data "zia_department_management" "engineering" {
 name = "Engineering"
}

data "zia_group_management" "normal_internet" {
    name = "Normal_Internet"
}

data "zia_firewall_filtering_time_window" "work_hours" {
    name = "Work hours"
}

resource "zia_firewall_ips_rule" "example" {
    name = "Example_IPS_Rule01"
    description = "Example_IPS_Rule01"
    action = "ALLOW"
    state = "ENABLED"
    order = 1
    enable_full_logging = true
    dest_countries = ["CA", "US"]
    source_countries = ["CA", "US"]
    threat_categories {
        id = [ 66 ]
    }
    nw_services {
        id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]
    }
    departments {
        id = [ data.zia_department_management.engineering.id ]
    }
    groups {
        id = [ data.zia_group_management.normal_internet.id ]
    }
    time_windows {
        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]
    }
}

Create FirewallIPSRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallIPSRule(name: string, args: FirewallIPSRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallIPSRule(resource_name: str,
                    args: FirewallIPSRuleArgs,
                    opts: Optional[ResourceOptions] = None)

@overload
def FirewallIPSRule(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    action: Optional[str] = None,
                    capture_pcap: Optional[bool] = None,
                    default_rule: Optional[bool] = None,
                    departments: Optional[FirewallIPSRuleDepartmentsArgs] = None,
                    description: Optional[str] = None,
                    dest_addresses: Optional[Sequence[str]] = None,
                    dest_countries: Optional[Sequence[str]] = None,
                    dest_ip_categories: Optional[Sequence[str]] = None,
                    dest_ip_groups: Optional[FirewallIPSRuleDestIpGroupsArgs] = None,
                    dest_ipv6_groups: Optional[FirewallIPSRuleDestIpv6GroupsArgs] = None,
                    device_groups: Optional[FirewallIPSRuleDeviceGroupsArgs] = None,
                    devices: Optional[FirewallIPSRuleDevicesArgs] = None,
                    enable_full_logging: Optional[bool] = None,
                    groups: Optional[FirewallIPSRuleGroupsArgs] = None,
                    labels: Optional[FirewallIPSRuleLabelsArgs] = None,
                    location_groups: Optional[FirewallIPSRuleLocationGroupsArgs] = None,
                    locations: Optional[FirewallIPSRuleLocationsArgs] = None,
                    name: Optional[str] = None,
                    nw_service_groups: Optional[FirewallIPSRuleNwServiceGroupsArgs] = None,
                    nw_services: Optional[FirewallIPSRuleNwServicesArgs] = None,
                    order: Optional[int] = None,
                    predefined: Optional[bool] = None,
                    rank: Optional[int] = None,
                    res_categories: Optional[Sequence[str]] = None,
                    source_countries: Optional[Sequence[str]] = None,
                    src_ip_groups: Optional[FirewallIPSRuleSrcIpGroupsArgs] = None,
                    src_ips: Optional[Sequence[str]] = None,
                    src_ipv6_groups: Optional[FirewallIPSRuleSrcIpv6GroupsArgs] = None,
                    state: Optional[str] = None,
                    threat_categories: Optional[FirewallIPSRuleThreatCategoriesArgs] = None,
                    time_windows: Optional[FirewallIPSRuleTimeWindowsArgs] = None,
                    users: Optional[FirewallIPSRuleUsersArgs] = None,
                    zpa_app_segments: Optional[Sequence[FirewallIPSRuleZpaAppSegmentArgs]] = None)

func NewFirewallIPSRule(ctx *Context, name string, args FirewallIPSRuleArgs, opts ...ResourceOption) (*FirewallIPSRule, error)

public FirewallIPSRule(string name, FirewallIPSRuleArgs args, CustomResourceOptions? opts = null)

public FirewallIPSRule(String name, FirewallIPSRuleArgs args)
public FirewallIPSRule(String name, FirewallIPSRuleArgs args, CustomResourceOptions options)

type: zia:FirewallIPSRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallIPSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallIPSRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallIPSRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallIPSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallIPSRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

FirewallIPSRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallIPSRule resource accepts the following input properties:

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments FirewallIPSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallIPSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups FirewallIPSRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups FirewallIPSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices FirewallIPSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups FirewallIPSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallIPSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups FirewallIPSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallIPSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups FirewallIPSRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices FirewallIPSRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups FirewallIPSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups FirewallIPSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories FirewallIPSRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows FirewallIPSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallIPSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments []FirewallIPSRuleZpaAppSegmentArgs: (List of Objects) The ZPA application segments to which the rule applies

order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallIPSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<FirewallIPSRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallIPSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: The name of the IPS Control rule
nwServiceGroups FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments FirewallIPSRuleZpaAppSegment[]: (List of Objects) The ZPA application segments to which the rule applies

order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallIPSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups FirewallIPSRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups FirewallIPSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enable_full_logging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups FirewallIPSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: The name of the IPS Control rule
nw_service_groups FirewallIPSRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nw_services FirewallIPSRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups FirewallIPSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups FirewallIPSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threat_categories FirewallIPSRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
time_windows FirewallIPSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_app_segments Sequence[FirewallIPSRuleZpaAppSegmentArgs]: (List of Objects) The ZPA application segments to which the rule applies

order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups Property Map: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories Property Map: (List of Objects) Advanced threat categories to which the rule applies
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<Property Map>: (List of Objects) The ZPA application segments to which the rule applies

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallIPSRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing FirewallIPSRule Resource

Get an existing FirewallIPSRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallIPSRuleState, opts?: CustomResourceOptions): FirewallIPSRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        capture_pcap: Optional[bool] = None,
        default_rule: Optional[bool] = None,
        departments: Optional[FirewallIPSRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dest_addresses: Optional[Sequence[str]] = None,
        dest_countries: Optional[Sequence[str]] = None,
        dest_ip_categories: Optional[Sequence[str]] = None,
        dest_ip_groups: Optional[FirewallIPSRuleDestIpGroupsArgs] = None,
        dest_ipv6_groups: Optional[FirewallIPSRuleDestIpv6GroupsArgs] = None,
        device_groups: Optional[FirewallIPSRuleDeviceGroupsArgs] = None,
        devices: Optional[FirewallIPSRuleDevicesArgs] = None,
        enable_full_logging: Optional[bool] = None,
        groups: Optional[FirewallIPSRuleGroupsArgs] = None,
        labels: Optional[FirewallIPSRuleLabelsArgs] = None,
        location_groups: Optional[FirewallIPSRuleLocationGroupsArgs] = None,
        locations: Optional[FirewallIPSRuleLocationsArgs] = None,
        name: Optional[str] = None,
        nw_service_groups: Optional[FirewallIPSRuleNwServiceGroupsArgs] = None,
        nw_services: Optional[FirewallIPSRuleNwServicesArgs] = None,
        order: Optional[int] = None,
        predefined: Optional[bool] = None,
        rank: Optional[int] = None,
        res_categories: Optional[Sequence[str]] = None,
        rule_id: Optional[int] = None,
        source_countries: Optional[Sequence[str]] = None,
        src_ip_groups: Optional[FirewallIPSRuleSrcIpGroupsArgs] = None,
        src_ips: Optional[Sequence[str]] = None,
        src_ipv6_groups: Optional[FirewallIPSRuleSrcIpv6GroupsArgs] = None,
        state: Optional[str] = None,
        threat_categories: Optional[FirewallIPSRuleThreatCategoriesArgs] = None,
        time_windows: Optional[FirewallIPSRuleTimeWindowsArgs] = None,
        users: Optional[FirewallIPSRuleUsersArgs] = None,
        zpa_app_segments: Optional[Sequence[FirewallIPSRuleZpaAppSegmentArgs]] = None) -> FirewallIPSRule

func GetFirewallIPSRule(ctx *Context, name string, id IDInput, state *FirewallIPSRuleState, opts ...ResourceOption) (*FirewallIPSRule, error)

public static FirewallIPSRule Get(string name, Input<string> id, FirewallIPSRuleState? state, CustomResourceOptions? opts = null)

public static FirewallIPSRule get(String name, Output<String> id, FirewallIPSRuleState state, CustomResourceOptions options)

resources:  _:    type: zia:FirewallIPSRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.FirewallIPSRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments FirewallIPSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups FirewallIPSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups FirewallIPSRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups FirewallIPSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices FirewallIPSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups FirewallIPSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels FirewallIPSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups FirewallIPSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations FirewallIPSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups FirewallIPSRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices FirewallIPSRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups FirewallIPSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups FirewallIPSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories FirewallIPSRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows FirewallIPSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users FirewallIPSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments []FirewallIPSRuleZpaAppSegmentArgs: (List of Objects) The ZPA application segments to which the rule applies

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallIPSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Integer
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<FirewallIPSRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups FirewallIPSRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups FirewallIPSRuleDestIpv6Groups: list of destination ip groups
deviceGroups FirewallIPSRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups FirewallIPSRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: The name of the IPS Control rule
nwServiceGroups FirewallIPSRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices FirewallIPSRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId number
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups FirewallIPSRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups FirewallIPSRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories FirewallIPSRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows FirewallIPSRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments FirewallIPSRuleZpaAppSegment[]: (List of Objects) The ZPA application segments to which the rule applies

action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments FirewallIPSRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups FirewallIPSRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups FirewallIPSRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups FirewallIPSRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices FirewallIPSRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enable_full_logging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups FirewallIPSRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels FirewallIPSRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups FirewallIPSRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations FirewallIPSRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: The name of the IPS Control rule
nw_service_groups FirewallIPSRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nw_services FirewallIPSRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
rule_id int
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups FirewallIPSRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups FirewallIPSRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threat_categories FirewallIPSRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
time_windows FirewallIPSRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users FirewallIPSRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_app_segments Sequence[FirewallIPSRuleZpaAppSegmentArgs]: (List of Objects) The ZPA application segments to which the rule applies

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups Property Map: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Number
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories Property Map: (List of Objects) Advanced threat categories to which the rule applies
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<Property Map>: (List of Objects) The ZPA application segments to which the rule applies

Supporting Types

FirewallIPSRuleDepartments, FirewallIPSRuleDepartmentsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleDestIpGroups, FirewallIPSRuleDestIpGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleDestIpv6Groups, FirewallIPSRuleDestIpv6GroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleDeviceGroups, FirewallIPSRuleDeviceGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleDevices, FirewallIPSRuleDevicesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleGroups, FirewallIPSRuleGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleLabels, FirewallIPSRuleLabelsArgs

Id int: (Integer) Identifier that uniquely identifies an entity

Id int: (Integer) Identifier that uniquely identifies an entity

id Integer: (Integer) Identifier that uniquely identifies an entity

id number: (Integer) Identifier that uniquely identifies an entity

id int: (Integer) Identifier that uniquely identifies an entity

id Number: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleLocationGroups, FirewallIPSRuleLocationGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleLocations, FirewallIPSRuleLocationsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleNwServiceGroups, FirewallIPSRuleNwServiceGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleNwServices, FirewallIPSRuleNwServicesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleSrcIpGroups, FirewallIPSRuleSrcIpGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleSrcIpv6Groups, FirewallIPSRuleSrcIpv6GroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleThreatCategories, FirewallIPSRuleThreatCategoriesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleTimeWindows, FirewallIPSRuleTimeWindowsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleUsers, FirewallIPSRuleUsersArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

FirewallIPSRuleZpaAppSegment, FirewallIPSRuleZpaAppSegmentArgs

ExternalId string: External ID of the application segment.
Name string: Name of the application segment.

ExternalId string: External ID of the application segment.
Name string: Name of the application segment.

externalId String: External ID of the application segment.
name String: Name of the application segment.

externalId string: External ID of the application segment.
name string: Name of the application segment.

external_id str: External ID of the application segment.
name str: Name of the application segment.

externalId String: External ID of the application segment.
name String: Name of the application segment.

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zscaler/pulumi-zia

zia.FirewallIPSRule

On this page

On this page

Example Usage

Create FirewallIPSRule Resource

Constructor syntax

Parameters

FirewallIPSRule Resource Properties

Inputs

Outputs

Look up Existing FirewallIPSRule Resource

Supporting Types

FirewallIPSRuleDepartments, FirewallIPSRuleDepartmentsArgs

FirewallIPSRuleDestIpGroups, FirewallIPSRuleDestIpGroupsArgs

FirewallIPSRuleDestIpv6Groups, FirewallIPSRuleDestIpv6GroupsArgs

FirewallIPSRuleDeviceGroups, FirewallIPSRuleDeviceGroupsArgs

FirewallIPSRuleDevices, FirewallIPSRuleDevicesArgs

FirewallIPSRuleGroups, FirewallIPSRuleGroupsArgs

FirewallIPSRuleLabels, FirewallIPSRuleLabelsArgs

FirewallIPSRuleLocationGroups, FirewallIPSRuleLocationGroupsArgs

FirewallIPSRuleLocations, FirewallIPSRuleLocationsArgs

FirewallIPSRuleNwServiceGroups, FirewallIPSRuleNwServiceGroupsArgs

FirewallIPSRuleNwServices, FirewallIPSRuleNwServicesArgs

FirewallIPSRuleSrcIpGroups, FirewallIPSRuleSrcIpGroupsArgs

FirewallIPSRuleSrcIpv6Groups, FirewallIPSRuleSrcIpv6GroupsArgs

FirewallIPSRuleThreatCategories, FirewallIPSRuleThreatCategoriesArgs

FirewallIPSRuleTimeWindows, FirewallIPSRuleTimeWindowsArgs

FirewallIPSRuleUsers, FirewallIPSRuleUsersArgs

FirewallIPSRuleZpaAppSegment, FirewallIPSRuleZpaAppSegmentArgs

Package Details

On this page

On this page