Zscaler Internet Access v1.0.1, Jun 6 25

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zia.getFirewallDNSRules

Explore with Pulumi AI

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

Example Usage

# ZIA Firewall DNS Rule by name
data "zia_firewall_dns_rule" "this" {
    name = "Default Cloud IPS Rule"
}

# ZIA Firewall DNS Rule by ID
data "zia_firewall_dns_rule" "this" {
    id = "12365478"
}

Using getFirewallDNSRules

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getFirewallDNSRules(args: GetFirewallDNSRulesArgs, opts?: InvokeOptions): Promise<GetFirewallDNSRulesResult>
function getFirewallDNSRulesOutput(args: GetFirewallDNSRulesOutputArgs, opts?: InvokeOptions): Output<GetFirewallDNSRulesResult>

def get_firewall_dns_rules(id: Optional[int] = None,
                           name: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetFirewallDNSRulesResult
def get_firewall_dns_rules_output(id: Optional[pulumi.Input[int]] = None,
                           name: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetFirewallDNSRulesResult]

func GetFirewallDNSRules(ctx *Context, args *GetFirewallDNSRulesArgs, opts ...InvokeOption) (*GetFirewallDNSRulesResult, error)
func GetFirewallDNSRulesOutput(ctx *Context, args *GetFirewallDNSRulesOutputArgs, opts ...InvokeOption) GetFirewallDNSRulesResultOutput

> Note: This function is named GetFirewallDNSRules in the Go SDK.

public static class GetFirewallDNSRules 
{
    public static Task<GetFirewallDNSRulesResult> InvokeAsync(GetFirewallDNSRulesArgs args, InvokeOptions? opts = null)
    public static Output<GetFirewallDNSRulesResult> Invoke(GetFirewallDNSRulesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetFirewallDNSRulesResult> getFirewallDNSRules(GetFirewallDNSRulesArgs args, InvokeOptions options)
public static Output<GetFirewallDNSRulesResult> getFirewallDNSRules(GetFirewallDNSRulesArgs args, InvokeOptions options)

fn::invoke:
  function: zia:index/getFirewallDNSRules:getFirewallDNSRules
  arguments:
    # arguments dictionary

The following arguments are supported:

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

getFirewallDNSRules Result

The following output properties are available:

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesApplicationGroup>: (List of Objects) DNS application groups to which the rule applies
Applications List<string>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesDepartment>: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesDestIpGroup>: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesDestIpv6Group>
DeviceGroups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesDeviceGroup>: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesDevice>: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsRuleRequestTypes List<string>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
Groups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesGroup>: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (Integer) Identifier that uniquely identifies an entity
Labels List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesLabel>: (List of Objects) Labels that are applicable to the rule.
LastModifiedBies List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesLastModifiedBy>
LastModifiedTime int
LocationGroups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesLocationGroup>: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesLocation>: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (string) The configured name of the entity
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols List<string>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesSrcIpGroup>: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesSrcIpv6Group>: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesTimeWindow>: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users List<zscaler.PulumiPackage.Zia.Outputs.GetFirewallDNSRulesUser>: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
ApplicationGroups []GetFirewallDNSRulesApplicationGroup: (List of Objects) DNS application groups to which the rule applies
Applications []string: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
BlockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
Departments []GetFirewallDNSRulesDepartment: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups []GetFirewallDNSRulesDestIpGroup: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups []GetFirewallDNSRulesDestIpv6Group
DeviceGroups []GetFirewallDNSRulesDeviceGroup: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices []GetFirewallDNSRulesDevice: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
DnsRuleRequestTypes []string: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
Groups []GetFirewallDNSRulesGroup: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (Integer) Identifier that uniquely identifies an entity
Labels []GetFirewallDNSRulesLabel: (List of Objects) Labels that are applicable to the rule.
LastModifiedBies []GetFirewallDNSRulesLastModifiedBy
LastModifiedTime int
LocationGroups []GetFirewallDNSRulesLocationGroup: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations []GetFirewallDNSRulesLocation: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (string) The configured name of the entity
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Protocols []string: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
RedirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups []GetFirewallDNSRulesSrcIpGroup: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups []GetFirewallDNSRulesSrcIpv6Group: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
TimeWindows []GetFirewallDNSRulesTimeWindow: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users []GetFirewallDNSRulesUser: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups List<GetFirewallDNSRulesApplicationGroup>: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments List<GetFirewallDNSRulesDepartment>: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups List<GetFirewallDNSRulesDestIpGroup>: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups List<GetFirewallDNSRulesDestIpv6Group>
deviceGroups List<GetFirewallDNSRulesDeviceGroup>: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices List<GetFirewallDNSRulesDevice>: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
groups List<GetFirewallDNSRulesGroup>: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Integer: (Integer) Identifier that uniquely identifies an entity
labels List<GetFirewallDNSRulesLabel>: (List of Objects) Labels that are applicable to the rule.
lastModifiedBies List<GetFirewallDNSRulesLastModifiedBy>
lastModifiedTime Integer
locationGroups List<GetFirewallDNSRulesLocationGroup>: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<GetFirewallDNSRulesLocation>: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (string) The configured name of the entity
order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups List<GetFirewallDNSRulesSrcIpGroup>: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups List<GetFirewallDNSRulesSrcIpv6Group>: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows List<GetFirewallDNSRulesTimeWindow>: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<GetFirewallDNSRulesUser>: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups GetFirewallDNSRulesApplicationGroup[]: (List of Objects) DNS application groups to which the rule applies
applications string[]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode string: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments GetFirewallDNSRulesDepartment[]: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups GetFirewallDNSRulesDestIpGroup[]: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups GetFirewallDNSRulesDestIpv6Group[]
deviceGroups GetFirewallDNSRulesDeviceGroup[]: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices GetFirewallDNSRulesDevice[]: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsRuleRequestTypes string[]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
groups GetFirewallDNSRulesGroup[]: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id number: (Integer) Identifier that uniquely identifies an entity
labels GetFirewallDNSRulesLabel[]: (List of Objects) Labels that are applicable to the rule.
lastModifiedBies GetFirewallDNSRulesLastModifiedBy[]
lastModifiedTime number
locationGroups GetFirewallDNSRulesLocationGroup[]: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations GetFirewallDNSRulesLocation[]: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: (string) The configured name of the entity
order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols string[]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp string: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups GetFirewallDNSRulesSrcIpGroup[]: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups GetFirewallDNSRulesSrcIpv6Group[]: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows GetFirewallDNSRulesTimeWindow[]: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users GetFirewallDNSRulesUser[]: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
application_groups Sequence[GetFirewallDNSRulesApplicationGroup]: (List of Objects) DNS application groups to which the rule applies
applications Sequence[str]: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
block_response_code str: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments Sequence[GetFirewallDNSRulesDepartment]: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups Sequence[GetFirewallDNSRulesDestIpGroup]: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups Sequence[GetFirewallDNSRulesDestIpv6Group]
device_groups Sequence[GetFirewallDNSRulesDeviceGroup]: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Sequence[GetFirewallDNSRulesDevice]: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dns_rule_request_types Sequence[str]: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
groups Sequence[GetFirewallDNSRulesGroup]: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id int: (Integer) Identifier that uniquely identifies an entity
labels Sequence[GetFirewallDNSRulesLabel]: (List of Objects) Labels that are applicable to the rule.
last_modified_bies Sequence[GetFirewallDNSRulesLastModifiedBy]
last_modified_time int
location_groups Sequence[GetFirewallDNSRulesLocationGroup]: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Sequence[GetFirewallDNSRulesLocation]: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: (string) The configured name of the entity
order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols Sequence[str]: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirect_ip str: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups Sequence[GetFirewallDNSRulesSrcIpGroup]: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups Sequence[GetFirewallDNSRulesSrcIpv6Group]: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
time_windows Sequence[GetFirewallDNSRulesTimeWindow]: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Sequence[GetFirewallDNSRulesUser]: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK, REDIR_REQ, REDIR_RES, REDIR_ZPA, REDIR_REQ_DOH, REDIR_REQ_KEEP_SENDER, REDIR_REQ_TCP, REDIR_REQ_UDP, BLOCK_WITH_RESPONSE
applicationGroups List<Property Map>: (List of Objects) DNS application groups to which the rule applies
applications List<String>: (Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: zia.getCloudApplications with the app_class value DNS_OVER_HTTPS. See example:
blockResponseCode String: (String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: ANY, NONE, FORMERR, SERVFAIL, NXDOMAIN, NOTIMP, REFUSED, YXDOMAIN, YXRRSET, NXRRSET, NOTAUTH, NOTZONE, BADVERS, BADKEY, BADTIME, BADMODE, BADNAME, BADALG, BADTRUNC, UNSUPPORTED, BYPASS, INT_ERROR, SRV_TIMEOUT, EMPTY_RESP, REQ_BLOCKED, ADMIN_DROP, WCDN_TIMEOUT, IPS_BLOCK, FQDN_RESOLV_FAIL
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not
departments List<Property Map>: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups List<Property Map>: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups List<Property Map>
deviceGroups List<Property Map>: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices List<Property Map>: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
dnsRuleRequestTypes List<String>: (Set of Strings) DNS request types to which the rule applies. Supportedn values are: A, NS, MD, MF, CNAME, SOA, MB, MG, MR, NULL, WKS, PTR, HINFO, MINFO, MX, TXT, RP, AFSDB, X25, ISDN, RT, NSAP, NSAP_PTR, SIG, KEY, PX, GPOS, AAAA, LOC, NXT, EID, NIMLOC, SRV, ATMA, NAPTR, KX, CERT, A6, DNAME, SINK, OPT, APL, DS, SSHFP, PSECKEF, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, NINFO, RKEY, TALINK, CDS, CDNSKEY, OPENPGPKEY, CSYNC, ZONEMD, SVCB, HTTPS,
groups List<Property Map>: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Number: (Integer) Identifier that uniquely identifies an entity
labels List<Property Map>: (List of Objects) Labels that are applicable to the rule.
lastModifiedBies List<Property Map>
lastModifiedTime Number
locationGroups List<Property Map>: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<Property Map>: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (string) The configured name of the entity
order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
protocols List<String>: (Set of Strings) The protocols to which the rules applies. Supported Values: ANY_RULE, SMRULEF_CASCADING_ALLOWED, TCP_RULE, UDP_RULE, DOHTTPS_RULE
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
redirectIp String: (String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the action is REDIR_REQ
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups List<Property Map>: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups List<Property Map>: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
timeWindows List<Property Map>: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<Property Map>: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.

Supporting Types

GetFirewallDNSRulesApplicationGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesDepartment

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesDestIpGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesDestIpv6Group

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesDevice

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesDeviceGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesLabel

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesLastModifiedBy

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesLocation

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesLocationGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesSrcIpGroup

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesSrcIpv6Group

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesTimeWindow

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

GetFirewallDNSRulesUser

Extensions Dictionary<string, string>
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

Extensions map[string]string
Id int: Unique identifier for the Firewall Filtering policy rule
Name string: Name of the Firewall Filtering policy rule

extensions Map<String,String>
id Integer: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

extensions {[key: string]: string}
id number: Unique identifier for the Firewall Filtering policy rule
name string: Name of the Firewall Filtering policy rule

extensions Mapping[str, str]
id int: Unique identifier for the Firewall Filtering policy rule
name str: Name of the Firewall Filtering policy rule

extensions Map<String>
id Number: Unique identifier for the Firewall Filtering policy rule
name String: Name of the Firewall Filtering policy rule

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zscaler/pulumi-zia

zia.getFirewallDNSRules

On this page

On this page

Example Usage

Using getFirewallDNSRules

getFirewallDNSRules Result

Supporting Types

GetFirewallDNSRulesApplicationGroup

GetFirewallDNSRulesDepartment

GetFirewallDNSRulesDestIpGroup

GetFirewallDNSRulesDestIpv6Group

GetFirewallDNSRulesDevice

GetFirewallDNSRulesDeviceGroup

GetFirewallDNSRulesGroup

GetFirewallDNSRulesLabel

GetFirewallDNSRulesLastModifiedBy

GetFirewallDNSRulesLocation

GetFirewallDNSRulesLocationGroup

GetFirewallDNSRulesSrcIpGroup

GetFirewallDNSRulesSrcIpv6Group

GetFirewallDNSRulesTimeWindow

GetFirewallDNSRulesUser

Package Details

On this page

On this page