Zscaler Internet Access v1.0.1, Jun 6 25

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zia.IPSFirewallRule

Explore with Pulumi AI

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

Example Usage

data "zia_firewall_filtering_network_service" "zscaler_proxy_nw_services" {
    name = "ZSCALER_PROXY_NW_SERVICES"
}

data "zia_department_management" "engineering" {
 name = "Engineering"
}

data "zia_group_management" "normal_internet" {
    name = "Normal_Internet"
}

data "zia_firewall_filtering_time_window" "work_hours" {
    name = "Work hours"
}

resource "zia_firewall_ips_rule" "example" {
    name = "Example_IPS_Rule01"
    description = "Example_IPS_Rule01"
    action = "ALLOW"
    state = "ENABLED"
    order = 1
    enable_full_logging = true
    dest_countries = ["CA", "US"]
    source_countries = ["CA", "US"]
    threat_categories {
        id = [ 66 ]
    }
    nw_services {
        id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]
    }
    departments {
        id = [ data.zia_department_management.engineering.id ]
    }
    groups {
        id = [ data.zia_group_management.normal_internet.id ]
    }
    time_windows {
        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]
    }
}

Create IPSFirewallRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IPSFirewallRule(name: string, args: IPSFirewallRuleArgs, opts?: CustomResourceOptions);

@overload
def IPSFirewallRule(resource_name: str,
                    args: IPSFirewallRuleArgs,
                    opts: Optional[ResourceOptions] = None)

@overload
def IPSFirewallRule(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    order: Optional[int] = None,
                    locations: Optional[IPSFirewallRuleLocationsArgs] = None,
                    nw_service_groups: Optional[IPSFirewallRuleNwServiceGroupsArgs] = None,
                    departments: Optional[IPSFirewallRuleDepartmentsArgs] = None,
                    description: Optional[str] = None,
                    dest_addresses: Optional[Sequence[str]] = None,
                    dest_countries: Optional[Sequence[str]] = None,
                    dest_ip_categories: Optional[Sequence[str]] = None,
                    dest_ip_groups: Optional[IPSFirewallRuleDestIpGroupsArgs] = None,
                    name: Optional[str] = None,
                    device_groups: Optional[IPSFirewallRuleDeviceGroupsArgs] = None,
                    devices: Optional[IPSFirewallRuleDevicesArgs] = None,
                    enable_full_logging: Optional[bool] = None,
                    groups: Optional[IPSFirewallRuleGroupsArgs] = None,
                    labels: Optional[IPSFirewallRuleLabelsArgs] = None,
                    default_rule: Optional[bool] = None,
                    location_groups: Optional[IPSFirewallRuleLocationGroupsArgs] = None,
                    dest_ipv6_groups: Optional[IPSFirewallRuleDestIpv6GroupsArgs] = None,
                    action: Optional[str] = None,
                    nw_services: Optional[IPSFirewallRuleNwServicesArgs] = None,
                    capture_pcap: Optional[bool] = None,
                    predefined: Optional[bool] = None,
                    rank: Optional[int] = None,
                    res_categories: Optional[Sequence[str]] = None,
                    source_countries: Optional[Sequence[str]] = None,
                    src_ip_groups: Optional[IPSFirewallRuleSrcIpGroupsArgs] = None,
                    src_ips: Optional[Sequence[str]] = None,
                    src_ipv6_groups: Optional[IPSFirewallRuleSrcIpv6GroupsArgs] = None,
                    state: Optional[str] = None,
                    threat_categories: Optional[IPSFirewallRuleThreatCategoriesArgs] = None,
                    time_windows: Optional[IPSFirewallRuleTimeWindowsArgs] = None,
                    users: Optional[IPSFirewallRuleUsersArgs] = None,
                    zpa_app_segments: Optional[Sequence[IPSFirewallRuleZpaAppSegmentArgs]] = None)

func NewIPSFirewallRule(ctx *Context, name string, args IPSFirewallRuleArgs, opts ...ResourceOption) (*IPSFirewallRule, error)

public IPSFirewallRule(string name, IPSFirewallRuleArgs args, CustomResourceOptions? opts = null)

public IPSFirewallRule(String name, IPSFirewallRuleArgs args)
public IPSFirewallRule(String name, IPSFirewallRuleArgs args, CustomResourceOptions options)

type: zia:IPSFirewallRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IPSFirewallRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IPSFirewallRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IPSFirewallRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IPSFirewallRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IPSFirewallRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ipsfirewallRuleResource = new Zia.IPSFirewallRule("ipsfirewallRuleResource", new()
{
    Order = 0,
    Locations = new Zia.Inputs.IPSFirewallRuleLocationsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    NwServiceGroups = new Zia.Inputs.IPSFirewallRuleNwServiceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Departments = new Zia.Inputs.IPSFirewallRuleDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Description = "string",
    DestAddresses = new[]
    {
        "string",
    },
    DestCountries = new[]
    {
        "string",
    },
    DestIpCategories = new[]
    {
        "string",
    },
    DestIpGroups = new Zia.Inputs.IPSFirewallRuleDestIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Name = "string",
    DeviceGroups = new Zia.Inputs.IPSFirewallRuleDeviceGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Devices = new Zia.Inputs.IPSFirewallRuleDevicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    EnableFullLogging = false,
    Groups = new Zia.Inputs.IPSFirewallRuleGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Labels = new Zia.Inputs.IPSFirewallRuleLabelsArgs
    {
        Id = 0,
    },
    DefaultRule = false,
    LocationGroups = new Zia.Inputs.IPSFirewallRuleLocationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    DestIpv6Groups = new Zia.Inputs.IPSFirewallRuleDestIpv6GroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Action = "string",
    NwServices = new Zia.Inputs.IPSFirewallRuleNwServicesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    CapturePcap = false,
    Predefined = false,
    Rank = 0,
    ResCategories = new[]
    {
        "string",
    },
    SourceCountries = new[]
    {
        "string",
    },
    SrcIpGroups = new Zia.Inputs.IPSFirewallRuleSrcIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    SrcIps = new[]
    {
        "string",
    },
    SrcIpv6Groups = new Zia.Inputs.IPSFirewallRuleSrcIpv6GroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    State = "string",
    ThreatCategories = new Zia.Inputs.IPSFirewallRuleThreatCategoriesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    TimeWindows = new Zia.Inputs.IPSFirewallRuleTimeWindowsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Users = new Zia.Inputs.IPSFirewallRuleUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ZpaAppSegments = new[]
    {
        new Zia.Inputs.IPSFirewallRuleZpaAppSegmentArgs
        {
            ExternalId = "string",
            Name = "string",
        },
    },
});

example, err := zia.NewIPSFirewallRule(ctx, "ipsfirewallRuleResource", &zia.IPSFirewallRuleArgs{
	Order: pulumi.Int(0),
	Locations: &zia.IPSFirewallRuleLocationsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	NwServiceGroups: &zia.IPSFirewallRuleNwServiceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Departments: &zia.IPSFirewallRuleDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Description: pulumi.String("string"),
	DestAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpGroups: &zia.IPSFirewallRuleDestIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Name: pulumi.String("string"),
	DeviceGroups: &zia.IPSFirewallRuleDeviceGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Devices: &zia.IPSFirewallRuleDevicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	EnableFullLogging: pulumi.Bool(false),
	Groups: &zia.IPSFirewallRuleGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Labels: &zia.IPSFirewallRuleLabelsArgs{
		Id: pulumi.Int(0),
	},
	DefaultRule: pulumi.Bool(false),
	LocationGroups: &zia.IPSFirewallRuleLocationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	DestIpv6Groups: &zia.IPSFirewallRuleDestIpv6GroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Action: pulumi.String("string"),
	NwServices: &zia.IPSFirewallRuleNwServicesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	CapturePcap: pulumi.Bool(false),
	Predefined:  pulumi.Bool(false),
	Rank:        pulumi.Int(0),
	ResCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpGroups: &zia.IPSFirewallRuleSrcIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	SrcIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpv6Groups: &zia.IPSFirewallRuleSrcIpv6GroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	State: pulumi.String("string"),
	ThreatCategories: &zia.IPSFirewallRuleThreatCategoriesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	TimeWindows: &zia.IPSFirewallRuleTimeWindowsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Users: &zia.IPSFirewallRuleUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ZpaAppSegments: zia.IPSFirewallRuleZpaAppSegmentArray{
		&zia.IPSFirewallRuleZpaAppSegmentArgs{
			ExternalId: pulumi.String("string"),
			Name:       pulumi.String("string"),
		},
	},
})

var ipsfirewallRuleResource = new IPSFirewallRule("ipsfirewallRuleResource", IPSFirewallRuleArgs.builder()
    .order(0)
    .locations(IPSFirewallRuleLocationsArgs.builder()
        .ids(0)
        .build())
    .nwServiceGroups(IPSFirewallRuleNwServiceGroupsArgs.builder()
        .ids(0)
        .build())
    .departments(IPSFirewallRuleDepartmentsArgs.builder()
        .ids(0)
        .build())
    .description("string")
    .destAddresses("string")
    .destCountries("string")
    .destIpCategories("string")
    .destIpGroups(IPSFirewallRuleDestIpGroupsArgs.builder()
        .ids(0)
        .build())
    .name("string")
    .deviceGroups(IPSFirewallRuleDeviceGroupsArgs.builder()
        .ids(0)
        .build())
    .devices(IPSFirewallRuleDevicesArgs.builder()
        .ids(0)
        .build())
    .enableFullLogging(false)
    .groups(IPSFirewallRuleGroupsArgs.builder()
        .ids(0)
        .build())
    .labels(IPSFirewallRuleLabelsArgs.builder()
        .id(0)
        .build())
    .defaultRule(false)
    .locationGroups(IPSFirewallRuleLocationGroupsArgs.builder()
        .ids(0)
        .build())
    .destIpv6Groups(IPSFirewallRuleDestIpv6GroupsArgs.builder()
        .ids(0)
        .build())
    .action("string")
    .nwServices(IPSFirewallRuleNwServicesArgs.builder()
        .ids(0)
        .build())
    .capturePcap(false)
    .predefined(false)
    .rank(0)
    .resCategories("string")
    .sourceCountries("string")
    .srcIpGroups(IPSFirewallRuleSrcIpGroupsArgs.builder()
        .ids(0)
        .build())
    .srcIps("string")
    .srcIpv6Groups(IPSFirewallRuleSrcIpv6GroupsArgs.builder()
        .ids(0)
        .build())
    .state("string")
    .threatCategories(IPSFirewallRuleThreatCategoriesArgs.builder()
        .ids(0)
        .build())
    .timeWindows(IPSFirewallRuleTimeWindowsArgs.builder()
        .ids(0)
        .build())
    .users(IPSFirewallRuleUsersArgs.builder()
        .ids(0)
        .build())
    .zpaAppSegments(IPSFirewallRuleZpaAppSegmentArgs.builder()
        .externalId("string")
        .name("string")
        .build())
    .build());

ipsfirewall_rule_resource = zia.IPSFirewallRule("ipsfirewallRuleResource",
    order=0,
    locations={
        "ids": [0],
    },
    nw_service_groups={
        "ids": [0],
    },
    departments={
        "ids": [0],
    },
    description="string",
    dest_addresses=["string"],
    dest_countries=["string"],
    dest_ip_categories=["string"],
    dest_ip_groups={
        "ids": [0],
    },
    name="string",
    device_groups={
        "ids": [0],
    },
    devices={
        "ids": [0],
    },
    enable_full_logging=False,
    groups={
        "ids": [0],
    },
    labels={
        "id": 0,
    },
    default_rule=False,
    location_groups={
        "ids": [0],
    },
    dest_ipv6_groups={
        "ids": [0],
    },
    action="string",
    nw_services={
        "ids": [0],
    },
    capture_pcap=False,
    predefined=False,
    rank=0,
    res_categories=["string"],
    source_countries=["string"],
    src_ip_groups={
        "ids": [0],
    },
    src_ips=["string"],
    src_ipv6_groups={
        "ids": [0],
    },
    state="string",
    threat_categories={
        "ids": [0],
    },
    time_windows={
        "ids": [0],
    },
    users={
        "ids": [0],
    },
    zpa_app_segments=[{
        "external_id": "string",
        "name": "string",
    }])

const ipsfirewallRuleResource = new zia.IPSFirewallRule("ipsfirewallRuleResource", {
    order: 0,
    locations: {
        ids: [0],
    },
    nwServiceGroups: {
        ids: [0],
    },
    departments: {
        ids: [0],
    },
    description: "string",
    destAddresses: ["string"],
    destCountries: ["string"],
    destIpCategories: ["string"],
    destIpGroups: {
        ids: [0],
    },
    name: "string",
    deviceGroups: {
        ids: [0],
    },
    devices: {
        ids: [0],
    },
    enableFullLogging: false,
    groups: {
        ids: [0],
    },
    labels: {
        id: 0,
    },
    defaultRule: false,
    locationGroups: {
        ids: [0],
    },
    destIpv6Groups: {
        ids: [0],
    },
    action: "string",
    nwServices: {
        ids: [0],
    },
    capturePcap: false,
    predefined: false,
    rank: 0,
    resCategories: ["string"],
    sourceCountries: ["string"],
    srcIpGroups: {
        ids: [0],
    },
    srcIps: ["string"],
    srcIpv6Groups: {
        ids: [0],
    },
    state: "string",
    threatCategories: {
        ids: [0],
    },
    timeWindows: {
        ids: [0],
    },
    users: {
        ids: [0],
    },
    zpaAppSegments: [{
        externalId: "string",
        name: "string",
    }],
});

type: zia:IPSFirewallRule
properties:
    action: string
    capturePcap: false
    defaultRule: false
    departments:
        ids:
            - 0
    description: string
    destAddresses:
        - string
    destCountries:
        - string
    destIpCategories:
        - string
    destIpGroups:
        ids:
            - 0
    destIpv6Groups:
        ids:
            - 0
    deviceGroups:
        ids:
            - 0
    devices:
        ids:
            - 0
    enableFullLogging: false
    groups:
        ids:
            - 0
    labels:
        id: 0
    locationGroups:
        ids:
            - 0
    locations:
        ids:
            - 0
    name: string
    nwServiceGroups:
        ids:
            - 0
    nwServices:
        ids:
            - 0
    order: 0
    predefined: false
    rank: 0
    resCategories:
        - string
    sourceCountries:
        - string
    srcIpGroups:
        ids:
            - 0
    srcIps:
        - string
    srcIpv6Groups:
        ids:
            - 0
    state: string
    threatCategories:
        ids:
            - 0
    timeWindows:
        ids:
            - 0
    users:
        ids:
            - 0
    zpaAppSegments:
        - externalId: string
          name: string

IPSFirewallRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IPSFirewallRule resource accepts the following input properties:

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments IPSFirewallRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups IPSFirewallRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups IPSFirewallRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups IPSFirewallRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices IPSFirewallRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups IPSFirewallRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels IPSFirewallRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups IPSFirewallRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations IPSFirewallRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups IPSFirewallRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices IPSFirewallRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups IPSFirewallRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups IPSFirewallRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories IPSFirewallRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows IPSFirewallRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users IPSFirewallRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments []IPSFirewallRuleZpaAppSegmentArgs: (List of Objects) The ZPA application segments to which the rule applies

order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups IPSFirewallRuleDestIpv6Groups: list of destination ip groups
deviceGroups IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<IPSFirewallRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups IPSFirewallRuleDestIpv6Groups: list of destination ip groups
deviceGroups IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: The name of the IPS Control rule
nwServiceGroups IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments IPSFirewallRuleZpaAppSegment[]: (List of Objects) The ZPA application segments to which the rule applies

order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups IPSFirewallRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups IPSFirewallRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups IPSFirewallRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enable_full_logging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups IPSFirewallRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: The name of the IPS Control rule
nw_service_groups IPSFirewallRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nw_services IPSFirewallRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups IPSFirewallRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups IPSFirewallRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threat_categories IPSFirewallRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
time_windows IPSFirewallRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_app_segments Sequence[IPSFirewallRuleZpaAppSegmentArgs]: (List of Objects) The ZPA application segments to which the rule applies

order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups Property Map: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories Property Map: (List of Objects) Advanced threat categories to which the rule applies
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<Property Map>: (List of Objects) The ZPA application segments to which the rule applies

Outputs

All input properties are implicitly available as output properties. Additionally, the IPSFirewallRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing IPSFirewallRule Resource

Get an existing IPSFirewallRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IPSFirewallRuleState, opts?: CustomResourceOptions): IPSFirewallRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        capture_pcap: Optional[bool] = None,
        default_rule: Optional[bool] = None,
        departments: Optional[IPSFirewallRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dest_addresses: Optional[Sequence[str]] = None,
        dest_countries: Optional[Sequence[str]] = None,
        dest_ip_categories: Optional[Sequence[str]] = None,
        dest_ip_groups: Optional[IPSFirewallRuleDestIpGroupsArgs] = None,
        dest_ipv6_groups: Optional[IPSFirewallRuleDestIpv6GroupsArgs] = None,
        device_groups: Optional[IPSFirewallRuleDeviceGroupsArgs] = None,
        devices: Optional[IPSFirewallRuleDevicesArgs] = None,
        enable_full_logging: Optional[bool] = None,
        groups: Optional[IPSFirewallRuleGroupsArgs] = None,
        labels: Optional[IPSFirewallRuleLabelsArgs] = None,
        location_groups: Optional[IPSFirewallRuleLocationGroupsArgs] = None,
        locations: Optional[IPSFirewallRuleLocationsArgs] = None,
        name: Optional[str] = None,
        nw_service_groups: Optional[IPSFirewallRuleNwServiceGroupsArgs] = None,
        nw_services: Optional[IPSFirewallRuleNwServicesArgs] = None,
        order: Optional[int] = None,
        predefined: Optional[bool] = None,
        rank: Optional[int] = None,
        res_categories: Optional[Sequence[str]] = None,
        rule_id: Optional[int] = None,
        source_countries: Optional[Sequence[str]] = None,
        src_ip_groups: Optional[IPSFirewallRuleSrcIpGroupsArgs] = None,
        src_ips: Optional[Sequence[str]] = None,
        src_ipv6_groups: Optional[IPSFirewallRuleSrcIpv6GroupsArgs] = None,
        state: Optional[str] = None,
        threat_categories: Optional[IPSFirewallRuleThreatCategoriesArgs] = None,
        time_windows: Optional[IPSFirewallRuleTimeWindowsArgs] = None,
        users: Optional[IPSFirewallRuleUsersArgs] = None,
        zpa_app_segments: Optional[Sequence[IPSFirewallRuleZpaAppSegmentArgs]] = None) -> IPSFirewallRule

func GetIPSFirewallRule(ctx *Context, name string, id IDInput, state *IPSFirewallRuleState, opts ...ResourceOption) (*IPSFirewallRule, error)

public static IPSFirewallRule Get(string name, Input<string> id, IPSFirewallRuleState? state, CustomResourceOptions? opts = null)

public static IPSFirewallRule get(String name, Output<String> id, IPSFirewallRuleState state, CustomResourceOptions options)

resources:  _:    type: zia:IPSFirewallRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses List<string>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries List<string>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories List<string>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDestIpv6Groups: list of destination ip groups
DeviceGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
LocationGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories List<string>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries List<string>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps List<string>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments List<zscaler.PulumiPackage.Zia.Inputs.IPSFirewallRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

Action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
CapturePcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
DefaultRule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
Departments IPSFirewallRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
Description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
DestAddresses []string: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
DestCountries []string: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
DestIpCategories []string: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
DestIpGroups IPSFirewallRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
DestIpv6Groups IPSFirewallRuleDestIpv6GroupsArgs: list of destination ip groups
DeviceGroups IPSFirewallRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
Devices IPSFirewallRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
EnableFullLogging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
Groups IPSFirewallRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
Labels IPSFirewallRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
LocationGroups IPSFirewallRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
Locations IPSFirewallRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
Name string: The name of the IPS Control rule
NwServiceGroups IPSFirewallRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
NwServices IPSFirewallRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
Order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
Predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
Rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
ResCategories []string: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
RuleId int
SourceCountries []string: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
SrcIpGroups IPSFirewallRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
SrcIps []string: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
SrcIpv6Groups IPSFirewallRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
State string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
ThreatCategories IPSFirewallRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
TimeWindows IPSFirewallRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
Users IPSFirewallRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
ZpaAppSegments []IPSFirewallRuleZpaAppSegmentArgs: (List of Objects) The ZPA application segments to which the rule applies

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups IPSFirewallRuleDestIpv6Groups: list of destination ip groups
deviceGroups IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Integer: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Integer: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Integer
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<IPSFirewallRuleZpaAppSegment>: (List of Objects) The ZPA application segments to which the rule applies

action string: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartments: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description string: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses string[]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries string[]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories string[]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups IPSFirewallRuleDestIpGroups: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups IPSFirewallRuleDestIpv6Groups: list of destination ip groups
deviceGroups IPSFirewallRuleDeviceGroups: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevices: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroups: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabels: (List of Objects) Labels that are applicable to the rule.
locationGroups IPSFirewallRuleLocationGroups: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocations: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name string: The name of the IPS Control rule
nwServiceGroups IPSFirewallRuleNwServiceGroups: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices IPSFirewallRuleNwServices: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories string[]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId number
sourceCountries string[]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups IPSFirewallRuleSrcIpGroups: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps string[]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups IPSFirewallRuleSrcIpv6Groups: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories IPSFirewallRuleThreatCategories: (List of Objects) Advanced threat categories to which the rule applies
timeWindows IPSFirewallRuleTimeWindows: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsers: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments IPSFirewallRuleZpaAppSegment[]: (List of Objects) The ZPA application segments to which the rule applies

action str: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capture_pcap bool: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
default_rule bool: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments IPSFirewallRuleDepartmentsArgs: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description str: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
dest_addresses Sequence[str]: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
dest_countries Sequence[str]: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
dest_ip_categories Sequence[str]: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
dest_ip_groups IPSFirewallRuleDestIpGroupsArgs: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
dest_ipv6_groups IPSFirewallRuleDestIpv6GroupsArgs: list of destination ip groups
device_groups IPSFirewallRuleDeviceGroupsArgs: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices IPSFirewallRuleDevicesArgs: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enable_full_logging bool: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups IPSFirewallRuleGroupsArgs: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels IPSFirewallRuleLabelsArgs: (List of Objects) Labels that are applicable to the rule.
location_groups IPSFirewallRuleLocationGroupsArgs: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations IPSFirewallRuleLocationsArgs: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name str: The name of the IPS Control rule
nw_service_groups IPSFirewallRuleNwServiceGroupsArgs: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nw_services IPSFirewallRuleNwServicesArgs: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order int: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined bool: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank int: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
res_categories Sequence[str]: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
rule_id int
source_countries Sequence[str]: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
src_ip_groups IPSFirewallRuleSrcIpGroupsArgs: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips Sequence[str]: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
src_ipv6_groups IPSFirewallRuleSrcIpv6GroupsArgs: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state str: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threat_categories IPSFirewallRuleThreatCategoriesArgs: (List of Objects) Advanced threat categories to which the rule applies
time_windows IPSFirewallRuleTimeWindowsArgs: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users IPSFirewallRuleUsersArgs: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpa_app_segments Sequence[IPSFirewallRuleZpaAppSegmentArgs]: (List of Objects) The ZPA application segments to which the rule applies

action String: (String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS
capturePcap Boolean: (Boolean) Value that indicates whether packet capture (PCAP) is enabled or not
defaultRule Boolean: (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not
departments Property Map: (List of Objects) Apply to any number of departments When not used it implies Any to apply the rule to all departments.
description String: (String) Enter additional notes or information. The description cannot exceed 10,240 characters.
destAddresses List<String>: (Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
destCountries List<String>: (Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
destIpCategories List<String>: (Set of String) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
destIpGroups Property Map: ** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.
destIpv6Groups Property Map: list of destination ip groups
deviceGroups Property Map: (List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
devices Property Map: (List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
enableFullLogging Boolean: (Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.
groups Property Map: (List of Objects) You can manually select up to 8 groups. When not used it implies Any to apply the rule to all groups.
labels Property Map: (List of Objects) Labels that are applicable to the rule.
locationGroups Property Map: (List of Objects)You can manually select up to 32 location groups. When not used it implies Any to apply the rule to all location groups.
locations Property Map: (List of Objects) You can manually select up to 8 locations. When not used it implies Any to apply the rule to all groups.
name String: The name of the IPS Control rule
nwServiceGroups Property Map: (List of Objects) Any number of predefined or custom network service groups to which the rule applies.
nwServices Property Map: (List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to 1,024 additional custom services.
order Number: (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.
predefined Boolean: (Boolean) A Boolean field that indicates that the rule is predefined by using a true value
rank Number: (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is 7.
resCategories List<String>: (Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.
ruleId Number
sourceCountries List<String>: (Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries. NOTE: Provide a 2 letter ISO3166 Alpha2 Country code. i.e "US", "CA"
srcIpGroups Property Map: (List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
srcIps List<String>: (Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).
srcIpv6Groups Property Map: (List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state String: (String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
threatCategories Property Map: (List of Objects) Advanced threat categories to which the rule applies
timeWindows Property Map: (List of Objects) You can manually select up to 1 time intervals. When not used it implies always to apply the rule to all time intervals.
users Property Map: (List of Objects) You can manually select up to 4 general and/or special users. When not used it implies Any to apply the rule to all users.
zpaAppSegments List<Property Map>: (List of Objects) The ZPA application segments to which the rule applies

Supporting Types

IPSFirewallRuleDepartments, IPSFirewallRuleDepartmentsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleDestIpGroups, IPSFirewallRuleDestIpGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleDestIpv6Groups, IPSFirewallRuleDestIpv6GroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleDeviceGroups, IPSFirewallRuleDeviceGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleDevices, IPSFirewallRuleDevicesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleGroups, IPSFirewallRuleGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleLabels, IPSFirewallRuleLabelsArgs

Id int: (Integer) Identifier that uniquely identifies an entity

Id int: (Integer) Identifier that uniquely identifies an entity

id Integer: (Integer) Identifier that uniquely identifies an entity

id number: (Integer) Identifier that uniquely identifies an entity

id int: (Integer) Identifier that uniquely identifies an entity

id Number: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleLocationGroups, IPSFirewallRuleLocationGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleLocations, IPSFirewallRuleLocationsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleNwServiceGroups, IPSFirewallRuleNwServiceGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleNwServices, IPSFirewallRuleNwServicesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleSrcIpGroups, IPSFirewallRuleSrcIpGroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleSrcIpv6Groups, IPSFirewallRuleSrcIpv6GroupsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleThreatCategories, IPSFirewallRuleThreatCategoriesArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleTimeWindows, IPSFirewallRuleTimeWindowsArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleUsers, IPSFirewallRuleUsersArgs

Ids List<int>: (Integer) Identifier that uniquely identifies an entity

Ids []int: (Integer) Identifier that uniquely identifies an entity

ids List<Integer>: (Integer) Identifier that uniquely identifies an entity

ids number[]: (Integer) Identifier that uniquely identifies an entity

ids Sequence[int]: (Integer) Identifier that uniquely identifies an entity

ids List<Number>: (Integer) Identifier that uniquely identifies an entity

IPSFirewallRuleZpaAppSegment, IPSFirewallRuleZpaAppSegmentArgs

ExternalId string: External ID of the application segment.
Name string: Name of the application segment.

ExternalId string: External ID of the application segment.
Name string: Name of the application segment.

externalId String: External ID of the application segment.
name String: Name of the application segment.

externalId string: External ID of the application segment.
name string: Name of the application segment.

external_id str: External ID of the application segment.
name str: Name of the application segment.

externalId String: External ID of the application segment.
name String: Name of the application segment.

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler

zscaler/pulumi-zia

zia.IPSFirewallRule

On this page

On this page

Example Usage

Create IPSFirewallRule Resource

Constructor syntax

Parameters

Constructor example

IPSFirewallRule Resource Properties

Inputs

Outputs

Look up Existing IPSFirewallRule Resource

Supporting Types

IPSFirewallRuleDepartments, IPSFirewallRuleDepartmentsArgs

IPSFirewallRuleDestIpGroups, IPSFirewallRuleDestIpGroupsArgs

IPSFirewallRuleDestIpv6Groups, IPSFirewallRuleDestIpv6GroupsArgs

IPSFirewallRuleDeviceGroups, IPSFirewallRuleDeviceGroupsArgs

IPSFirewallRuleDevices, IPSFirewallRuleDevicesArgs

IPSFirewallRuleGroups, IPSFirewallRuleGroupsArgs

IPSFirewallRuleLabels, IPSFirewallRuleLabelsArgs

IPSFirewallRuleLocationGroups, IPSFirewallRuleLocationGroupsArgs

IPSFirewallRuleLocations, IPSFirewallRuleLocationsArgs

IPSFirewallRuleNwServiceGroups, IPSFirewallRuleNwServiceGroupsArgs

IPSFirewallRuleNwServices, IPSFirewallRuleNwServicesArgs

IPSFirewallRuleSrcIpGroups, IPSFirewallRuleSrcIpGroupsArgs

IPSFirewallRuleSrcIpv6Groups, IPSFirewallRuleSrcIpv6GroupsArgs

IPSFirewallRuleThreatCategories, IPSFirewallRuleThreatCategoriesArgs

IPSFirewallRuleTimeWindows, IPSFirewallRuleTimeWindowsArgs

IPSFirewallRuleUsers, IPSFirewallRuleUsersArgs

IPSFirewallRuleZpaAppSegment, IPSFirewallRuleZpaAppSegmentArgs

Package Details

On this page

On this page