Zscaler Internet Access v1.1.1, Jun 24 25

Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler

zia.getNatControlRules

Explore with Pulumi AI

Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler

zscaler/pulumi-zia

Example Usage

By Name


data "zia_nat_control_rules" "this" {
  name = "DNAT_01"
}

By ID


data "zia_nat_control_rules" "this" {
  id = 154658
}

Using getNatControlRules

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNatControlRules(args: GetNatControlRulesArgs, opts?: InvokeOptions): Promise<GetNatControlRulesResult>
function getNatControlRulesOutput(args: GetNatControlRulesOutputArgs, opts?: InvokeOptions): Output<GetNatControlRulesResult>

def get_nat_control_rules(id: Optional[int] = None,
                          name: Optional[str] = None,
                          redirect_fqdn: Optional[str] = None,
                          redirect_ip: Optional[str] = None,
                          redirect_port: Optional[int] = None,
                          opts: Optional[InvokeOptions] = None) -> GetNatControlRulesResult
def get_nat_control_rules_output(id: Optional[pulumi.Input[int]] = None,
                          name: Optional[pulumi.Input[str]] = None,
                          redirect_fqdn: Optional[pulumi.Input[str]] = None,
                          redirect_ip: Optional[pulumi.Input[str]] = None,
                          redirect_port: Optional[pulumi.Input[int]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetNatControlRulesResult]

func LookupNatControlRules(ctx *Context, args *LookupNatControlRulesArgs, opts ...InvokeOption) (*LookupNatControlRulesResult, error)
func LookupNatControlRulesOutput(ctx *Context, args *LookupNatControlRulesOutputArgs, opts ...InvokeOption) LookupNatControlRulesResultOutput

> Note: This function is named LookupNatControlRules in the Go SDK.

public static class GetNatControlRules 
{
    public static Task<GetNatControlRulesResult> InvokeAsync(GetNatControlRulesArgs args, InvokeOptions? opts = null)
    public static Output<GetNatControlRulesResult> Invoke(GetNatControlRulesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetNatControlRulesResult> getNatControlRules(GetNatControlRulesArgs args, InvokeOptions options)
public static Output<GetNatControlRulesResult> getNatControlRules(GetNatControlRulesArgs args, InvokeOptions options)

fn::invoke:
  function: zia:index/getNatControlRules:getNatControlRules
  arguments:
    # arguments dictionary

The following arguments are supported:

Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.
RedirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
RedirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
RedirectPort int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.
RedirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
RedirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
RedirectPort int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.
redirectFqdn String: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp String: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort Integer: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.
redirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort number: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.
redirect_fqdn str: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirect_ip str: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirect_port int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.
redirectFqdn String: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp String: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort Number: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

getNatControlRules Result

The following output properties are available:

DefaultRule bool: (Boolean) If set to true, the default rule is applied
Departments List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesDepartment>: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (string) - Additional information about the forwarding rule
DestAddresses List<string>: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries List<string>: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
DestIpCategories List<string>: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
DestIpGroups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesDestIpGroup>: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesDestIpv6Group>: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
DeviceGroups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesDeviceGroup>
Devices List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesDevice>
EnableFullLogging bool: (Boolean)
Groups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesGroup>: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (int) The ID of this resource.
Labels List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesLabel>: (Block List, Max: 1) Labels that are applicable to the rule.
LastModifiedBies List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesLastModifiedBy>
LastModifiedTime int: (Number)
LocationGroups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesLocationGroup>: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesLocation>: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (String) The configured name of the entity
NwServiceGroups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesNwServiceGroup>: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
NwServices List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesNwService>: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (string) - The order of execution for the forwarding rule order.
Predefined bool: (Boolean) If set to true, a predefined rule is applied
Rank int
ResCategories List<string>
SrcIpGroups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesSrcIpGroup>: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
SrcIps List<string>: (List of String) You can enter individual IP addresses, subnets, or address ranges.
SrcIpv6Groups List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesSrcIpv6Group>: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
State string
TimeWindows List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesTimeWindow>: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users List<zscaler.PulumiPackage.Zia.Outputs.GetNatControlRulesUser>: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
RedirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
RedirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
RedirectPort int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

DefaultRule bool: (Boolean) If set to true, the default rule is applied
Departments []GetNatControlRulesDepartment: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (string) - Additional information about the forwarding rule
DestAddresses []string: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
DestCountries []string: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
DestIpCategories []string: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
DestIpGroups []GetNatControlRulesDestIpGroup: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups []GetNatControlRulesDestIpv6Group: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
DeviceGroups []GetNatControlRulesDeviceGroup
Devices []GetNatControlRulesDevice
EnableFullLogging bool: (Boolean)
Groups []GetNatControlRulesGroup: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Id int: (int) The ID of this resource.
Labels []GetNatControlRulesLabel: (Block List, Max: 1) Labels that are applicable to the rule.
LastModifiedBies []GetNatControlRulesLastModifiedBy
LastModifiedTime int: (Number)
LocationGroups []GetNatControlRulesLocationGroup: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations []GetNatControlRulesLocation: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: (String) The configured name of the entity
NwServiceGroups []GetNatControlRulesNwServiceGroup: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
NwServices []GetNatControlRulesNwService: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (string) - The order of execution for the forwarding rule order.
Predefined bool: (Boolean) If set to true, a predefined rule is applied
Rank int
ResCategories []string
SrcIpGroups []GetNatControlRulesSrcIpGroup: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
SrcIps []string: (List of String) You can enter individual IP addresses, subnets, or address ranges.
SrcIpv6Groups []GetNatControlRulesSrcIpv6Group: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
State string
TimeWindows []GetNatControlRulesTimeWindow: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
Users []GetNatControlRulesUser: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
RedirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
RedirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
RedirectPort int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

defaultRule Boolean: (Boolean) If set to true, the default rule is applied
departments List<GetNatControlRulesDepartment>: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (string) - Additional information about the forwarding rule
destAddresses List<String>: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
destIpCategories List<String>: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
destIpGroups List<GetNatControlRulesDestIpGroup>: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups List<GetNatControlRulesDestIpv6Group>: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
deviceGroups List<GetNatControlRulesDeviceGroup>
devices List<GetNatControlRulesDevice>
enableFullLogging Boolean: (Boolean)
groups List<GetNatControlRulesGroup>: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Integer: (int) The ID of this resource.
labels List<GetNatControlRulesLabel>: (Block List, Max: 1) Labels that are applicable to the rule.
lastModifiedBies List<GetNatControlRulesLastModifiedBy>
lastModifiedTime Integer: (Number)
locationGroups List<GetNatControlRulesLocationGroup>: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<GetNatControlRulesLocation>: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (String) The configured name of the entity
nwServiceGroups List<GetNatControlRulesNwServiceGroup>: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
nwServices List<GetNatControlRulesNwService>: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: (string) - The order of execution for the forwarding rule order.
predefined Boolean: (Boolean) If set to true, a predefined rule is applied
rank Integer
resCategories List<String>
srcIpGroups List<GetNatControlRulesSrcIpGroup>: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: (List of String) You can enter individual IP addresses, subnets, or address ranges.
srcIpv6Groups List<GetNatControlRulesSrcIpv6Group>: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
state String
timeWindows List<GetNatControlRulesTimeWindow>: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<GetNatControlRulesUser>: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
redirectFqdn String: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp String: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort Integer: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

defaultRule boolean: (Boolean) If set to true, the default rule is applied
departments GetNatControlRulesDepartment[]: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (string) - Additional information about the forwarding rule
destAddresses string[]: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries string[]: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
destIpCategories string[]: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
destIpGroups GetNatControlRulesDestIpGroup[]: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups GetNatControlRulesDestIpv6Group[]: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
deviceGroups GetNatControlRulesDeviceGroup[]
devices GetNatControlRulesDevice[]
enableFullLogging boolean: (Boolean)
groups GetNatControlRulesGroup[]: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id number: (int) The ID of this resource.
labels GetNatControlRulesLabel[]: (Block List, Max: 1) Labels that are applicable to the rule.
lastModifiedBies GetNatControlRulesLastModifiedBy[]
lastModifiedTime number: (Number)
locationGroups GetNatControlRulesLocationGroup[]: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations GetNatControlRulesLocation[]: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: (String) The configured name of the entity
nwServiceGroups GetNatControlRulesNwServiceGroup[]: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
nwServices GetNatControlRulesNwService[]: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: (string) - The order of execution for the forwarding rule order.
predefined boolean: (Boolean) If set to true, a predefined rule is applied
rank number
resCategories string[]
srcIpGroups GetNatControlRulesSrcIpGroup[]: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
srcIps string[]: (List of String) You can enter individual IP addresses, subnets, or address ranges.
srcIpv6Groups GetNatControlRulesSrcIpv6Group[]: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
state string
timeWindows GetNatControlRulesTimeWindow[]: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users GetNatControlRulesUser[]: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
redirectFqdn string: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp string: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort number: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

default_rule bool: (Boolean) If set to true, the default rule is applied
departments Sequence[GetNatControlRulesDepartment]: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (string) - Additional information about the forwarding rule
dest_addresses Sequence[str]: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
dest_countries Sequence[str]: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
dest_ip_categories Sequence[str]: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
dest_ip_groups Sequence[GetNatControlRulesDestIpGroup]: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups Sequence[GetNatControlRulesDestIpv6Group]: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
device_groups Sequence[GetNatControlRulesDeviceGroup]
devices Sequence[GetNatControlRulesDevice]
enable_full_logging bool: (Boolean)
groups Sequence[GetNatControlRulesGroup]: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id int: (int) The ID of this resource.
labels Sequence[GetNatControlRulesLabel]: (Block List, Max: 1) Labels that are applicable to the rule.
last_modified_bies Sequence[GetNatControlRulesLastModifiedBy]
last_modified_time int: (Number)
location_groups Sequence[GetNatControlRulesLocationGroup]: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Sequence[GetNatControlRulesLocation]: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: (String) The configured name of the entity
nw_service_groups Sequence[GetNatControlRulesNwServiceGroup]: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
nw_services Sequence[GetNatControlRulesNwService]: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: (string) - The order of execution for the forwarding rule order.
predefined bool: (Boolean) If set to true, a predefined rule is applied
rank int
res_categories Sequence[str]
src_ip_groups Sequence[GetNatControlRulesSrcIpGroup]: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
src_ips Sequence[str]: (List of String) You can enter individual IP addresses, subnets, or address ranges.
src_ipv6_groups Sequence[GetNatControlRulesSrcIpv6Group]: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
state str
time_windows Sequence[GetNatControlRulesTimeWindow]: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users Sequence[GetNatControlRulesUser]: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
redirect_fqdn str: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirect_ip str: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirect_port int: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

defaultRule Boolean: (Boolean) If set to true, the default rule is applied
departments List<Property Map>: (Block List, Max: 1) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (string) - Additional information about the forwarding rule
destAddresses List<String>: ** - (List of String) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
destCountries List<String>: ** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
destIpCategories List<String>: ** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
destIpGroups List<Property Map>: ** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups List<Property Map>: ** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.
deviceGroups List<Property Map>
devices List<Property Map>
enableFullLogging Boolean: (Boolean)
groups List<Property Map>: (Block List, Max: 1) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
id Number: (int) The ID of this resource.
labels List<Property Map>: (Block List, Max: 1) Labels that are applicable to the rule.
lastModifiedBies List<Property Map>
lastModifiedTime Number: (Number)
locationGroups List<Property Map>: (Block List, Max: 1) You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations List<Property Map>: (Block List, Max: 1) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: (String) The configured name of the entity
nwServiceGroups List<Property Map>: (Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.
nwServices List<Property Map>: (Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: (string) - The order of execution for the forwarding rule order.
predefined Boolean: (Boolean) If set to true, a predefined rule is applied
rank Number
resCategories List<String>
srcIpGroups List<Property Map>: (Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.
srcIps List<String>: (List of String) You can enter individual IP addresses, subnets, or address ranges.
srcIpv6Groups List<Property Map>: (Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.
state String
timeWindows List<Property Map>: (Block List, Max: 1) You can manually select up to 2 time intervals. When not used it implies always to apply the rule to all time intervals.
users List<Property Map>: (Block List, Max: 1) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
redirectFqdn String: (string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.
redirectIp String: (string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.
redirectPort Number: (string) - Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.

Supporting Types

GetNatControlRulesDepartment

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesDestIpGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesDestIpv6Group

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesDevice

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesDeviceGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesLabel

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesLastModifiedBy

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesLocation

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesLocationGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesNwService

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesNwServiceGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesSrcIpGroup

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesSrcIpv6Group

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesTimeWindow

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

GetNatControlRulesUser

Extensions Dictionary<string, string>: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

Extensions map[string]string: (Map of String)
Id int: A unique identifier assigned to the forwarding rule.
Name string: The name of the forwarding rule.

extensions Map<String,String>: (Map of String)
id Integer: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

extensions {[key: string]: string}: (Map of String)
id number: A unique identifier assigned to the forwarding rule.
name string: The name of the forwarding rule.

extensions Mapping[str, str]: (Map of String)
id int: A unique identifier assigned to the forwarding rule.
name str: The name of the forwarding rule.

extensions Map<String>: (Map of String)
id Number: A unique identifier assigned to the forwarding rule.
name String: The name of the forwarding rule.

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler

zscaler/pulumi-zia

zia.getNatControlRules

On this page

On this page

Example Usage

By Name

By ID

Using getNatControlRules

getNatControlRules Result

Supporting Types

GetNatControlRulesDepartment

GetNatControlRulesDestIpGroup

GetNatControlRulesDestIpv6Group

GetNatControlRulesDevice

GetNatControlRulesDeviceGroup

GetNatControlRulesGroup

GetNatControlRulesLabel

GetNatControlRulesLastModifiedBy

GetNatControlRulesLocation

GetNatControlRulesLocationGroup

GetNatControlRulesNwService

GetNatControlRulesNwServiceGroup

GetNatControlRulesSrcIpGroup

GetNatControlRulesSrcIpv6Group

GetNatControlRulesTimeWindow

GetNatControlRulesUser

Package Details

On this page

On this page