Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_ssl_inspection_rules resource manages SSL inspection rules in the Zscaler Internet Access (ZIA) cloud service. SSL inspection rules determine whether to decrypt, not decrypt, or block SSL/TLS traffic based on criteria such as locations, departments, groups, users, URL categories, cloud applications, and platforms.
For more information, see the ZIA SSL Inspection documentation.
Example Usage
Basic SSL Inspection Rule
Example coming soon!
Example coming soon!
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.SslInspectionRule("example", {
name: "Example SSL Inspection Rule",
description: "Decrypt corporate traffic",
order: 1,
state: "ENABLED",
action: {
type: "DECRYPT",
showEun: false,
decryptSubActions: {
serverCertificates: "ALLOW",
ocspCheck: true,
http2Enabled: true,
},
},
urlCategories: ["ANY"],
});
import zscaler_pulumi_zia as zia
example = zia.SslInspectionRule("example",
name="Example SSL Inspection Rule",
description="Decrypt corporate traffic",
order=1,
state="ENABLED",
action={
"type": "DECRYPT",
"show_eun": False,
"decrypt_sub_actions": {
"server_certificates": "ALLOW",
"ocsp_check": True,
"http2_enabled": True,
},
},
url_categories=["ANY"],
)
resources:
example:
type: zia:SslInspectionRule
properties:
name: Example SSL Inspection Rule
description: Decrypt corporate traffic
order: 1
state: ENABLED
action:
type: DECRYPT
showEun: false
decryptSubActions:
serverCertificates: ALLOW
ocspCheck: true
http2Enabled: true
urlCategories:
- ANY
Create SslInspectionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SslInspectionRule(name: string, args: SslInspectionRuleArgs, opts?: CustomResourceOptions);@overload
def SslInspectionRule(resource_name: str,
args: SslInspectionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SslInspectionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[SslInspectionActionInputArgs] = None,
order: Optional[int] = None,
name: Optional[str] = None,
device_trust_levels: Optional[Sequence[str]] = None,
platforms: Optional[Sequence[str]] = None,
device_groups: Optional[Sequence[int]] = None,
description: Optional[str] = None,
devices: Optional[Sequence[int]] = None,
groups: Optional[Sequence[int]] = None,
labels: Optional[Sequence[int]] = None,
location_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
departments: Optional[Sequence[int]] = None,
cloud_applications: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[Sequence[int]] = None,
proxy_gateways: Optional[Sequence[int]] = None,
rank: Optional[int] = None,
road_warrior_for_kerberos: Optional[bool] = None,
source_ip_groups: Optional[Sequence[int]] = None,
state: Optional[str] = None,
time_windows: Optional[Sequence[int]] = None,
url_categories: Optional[Sequence[str]] = None,
user_agent_types: Optional[Sequence[str]] = None,
users: Optional[Sequence[int]] = None,
workload_groups: Optional[Sequence[WorkloadGroupInputArgs]] = None)func NewSslInspectionRule(ctx *Context, name string, args SslInspectionRuleArgs, opts ...ResourceOption) (*SslInspectionRule, error)public SslInspectionRule(string name, SslInspectionRuleArgs args, CustomResourceOptions? opts = null)
public SslInspectionRule(String name, SslInspectionRuleArgs args)
public SslInspectionRule(String name, SslInspectionRuleArgs args, CustomResourceOptions options)
type: zia:SslInspectionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SslInspectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SslInspectionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SslInspectionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SslInspectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SslInspectionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sslInspectionRuleResource = new Zia.SslInspectionRule("sslInspectionRuleResource", new()
{
Action = new Zia.Inputs.SslInspectionActionInputArgs
{
DecryptSubActions = new Zia.Inputs.DecryptSubActionsInputArgs
{
BlockSslTrafficWithNoSniEnabled = false,
BlockUndecrypt = false,
Http2Enabled = false,
MinClientTlsVersion = "string",
MinServerTlsVersion = "string",
OcspCheck = false,
ServerCertificates = "string",
},
DoNotDecryptSubActions = new Zia.Inputs.DoNotDecryptSubActionsInputArgs
{
BlockSslTrafficWithNoSniEnabled = false,
BypassOtherPolicies = false,
MinTlsVersion = "string",
OcspCheck = false,
ServerCertificates = "string",
},
OverrideDefaultCertificate = false,
ShowEun = false,
ShowEunatp = false,
SslInterceptionCert = new Zia.Inputs.SslInterceptionCertInputArgs
{
Id = 0,
},
Type = "string",
},
Order = 0,
Name = "string",
DeviceTrustLevels = new[]
{
"string",
},
Platforms = new[]
{
"string",
},
DeviceGroups = new[]
{
0,
},
Description = "string",
Devices = new[]
{
0,
},
Groups = new[]
{
0,
},
Labels = new[]
{
0,
},
LocationGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
Departments = new[]
{
0,
},
CloudApplications = new[]
{
"string",
},
DestIpGroups = new[]
{
0,
},
ProxyGateways = new[]
{
0,
},
Rank = 0,
RoadWarriorForKerberos = false,
SourceIpGroups = new[]
{
0,
},
State = "string",
TimeWindows = new[]
{
0,
},
UrlCategories = new[]
{
"string",
},
UserAgentTypes = new[]
{
"string",
},
Users = new[]
{
0,
},
WorkloadGroups = new[]
{
new Zia.Inputs.WorkloadGroupInputArgs
{
ResourceId = 0,
Name = "string",
},
},
});
example, err := zia.NewSslInspectionRule(ctx, "sslInspectionRuleResource", &zia.SslInspectionRuleArgs{
Action: &pulumizia.SslInspectionActionInputArgs{
DecryptSubActions: &pulumizia.DecryptSubActionsInputArgs{
BlockSslTrafficWithNoSniEnabled: pulumi.Bool(false),
BlockUndecrypt: pulumi.Bool(false),
Http2Enabled: pulumi.Bool(false),
MinClientTlsVersion: pulumi.String("string"),
MinServerTlsVersion: pulumi.String("string"),
OcspCheck: pulumi.Bool(false),
ServerCertificates: pulumi.String("string"),
},
DoNotDecryptSubActions: &pulumizia.DoNotDecryptSubActionsInputArgs{
BlockSslTrafficWithNoSniEnabled: pulumi.Bool(false),
BypassOtherPolicies: pulumi.Bool(false),
MinTlsVersion: pulumi.String("string"),
OcspCheck: pulumi.Bool(false),
ServerCertificates: pulumi.String("string"),
},
OverrideDefaultCertificate: pulumi.Bool(false),
ShowEun: pulumi.Bool(false),
ShowEunatp: pulumi.Bool(false),
SslInterceptionCert: &pulumizia.SslInterceptionCertInputArgs{
Id: pulumi.Int(0),
},
Type: pulumi.String("string"),
},
Order: pulumi.Int(0),
Name: pulumi.String("string"),
DeviceTrustLevels: pulumi.StringArray{
pulumi.String("string"),
},
Platforms: pulumi.StringArray{
pulumi.String("string"),
},
DeviceGroups: pulumi.IntArray{
pulumi.Int(0),
},
Description: pulumi.String("string"),
Devices: pulumi.IntArray{
pulumi.Int(0),
},
Groups: pulumi.IntArray{
pulumi.Int(0),
},
Labels: pulumi.IntArray{
pulumi.Int(0),
},
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
Departments: pulumi.IntArray{
pulumi.Int(0),
},
CloudApplications: pulumi.StringArray{
pulumi.String("string"),
},
DestIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
ProxyGateways: pulumi.IntArray{
pulumi.Int(0),
},
Rank: pulumi.Int(0),
RoadWarriorForKerberos: pulumi.Bool(false),
SourceIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
State: pulumi.String("string"),
TimeWindows: pulumi.IntArray{
pulumi.Int(0),
},
UrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
UserAgentTypes: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.IntArray{
pulumi.Int(0),
},
WorkloadGroups: pulumizia.WorkloadGroupInputTypeArray{
&pulumizia.WorkloadGroupInputTypeArgs{
ResourceId: pulumi.Int(0),
Name: pulumi.String("string"),
},
},
})
var sslInspectionRuleResource = new SslInspectionRule("sslInspectionRuleResource", SslInspectionRuleArgs.builder()
.action(SslInspectionActionInputArgs.builder()
.decryptSubActions(DecryptSubActionsInputArgs.builder()
.blockSslTrafficWithNoSniEnabled(false)
.blockUndecrypt(false)
.http2Enabled(false)
.minClientTlsVersion("string")
.minServerTlsVersion("string")
.ocspCheck(false)
.serverCertificates("string")
.build())
.doNotDecryptSubActions(DoNotDecryptSubActionsInputArgs.builder()
.blockSslTrafficWithNoSniEnabled(false)
.bypassOtherPolicies(false)
.minTlsVersion("string")
.ocspCheck(false)
.serverCertificates("string")
.build())
.overrideDefaultCertificate(false)
.showEun(false)
.showEunatp(false)
.sslInterceptionCert(SslInterceptionCertInputArgs.builder()
.id(0)
.build())
.type("string")
.build())
.order(0)
.name("string")
.deviceTrustLevels("string")
.platforms("string")
.deviceGroups(0)
.description("string")
.devices(0)
.groups(0)
.labels(0)
.locationGroups(0)
.locations(0)
.departments(0)
.cloudApplications("string")
.destIpGroups(0)
.proxyGateways(0)
.rank(0)
.roadWarriorForKerberos(false)
.sourceIpGroups(0)
.state("string")
.timeWindows(0)
.urlCategories("string")
.userAgentTypes("string")
.users(0)
.workloadGroups(WorkloadGroupInputArgs.builder()
.resourceId(0)
.name("string")
.build())
.build());
ssl_inspection_rule_resource = zia.SslInspectionRule("sslInspectionRuleResource",
action={
"decrypt_sub_actions": {
"block_ssl_traffic_with_no_sni_enabled": False,
"block_undecrypt": False,
"http2_enabled": False,
"min_client_tls_version": "string",
"min_server_tls_version": "string",
"ocsp_check": False,
"server_certificates": "string",
},
"do_not_decrypt_sub_actions": {
"block_ssl_traffic_with_no_sni_enabled": False,
"bypass_other_policies": False,
"min_tls_version": "string",
"ocsp_check": False,
"server_certificates": "string",
},
"override_default_certificate": False,
"show_eun": False,
"show_eunatp": False,
"ssl_interception_cert": {
"id": 0,
},
"type": "string",
},
order=0,
name="string",
device_trust_levels=["string"],
platforms=["string"],
device_groups=[0],
description="string",
devices=[0],
groups=[0],
labels=[0],
location_groups=[0],
locations=[0],
departments=[0],
cloud_applications=["string"],
dest_ip_groups=[0],
proxy_gateways=[0],
rank=0,
road_warrior_for_kerberos=False,
source_ip_groups=[0],
state="string",
time_windows=[0],
url_categories=["string"],
user_agent_types=["string"],
users=[0],
workload_groups=[{
"resource_id": 0,
"name": "string",
}])
const sslInspectionRuleResource = new zia.SslInspectionRule("sslInspectionRuleResource", {
action: {
decryptSubActions: {
blockSslTrafficWithNoSniEnabled: false,
blockUndecrypt: false,
http2Enabled: false,
minClientTlsVersion: "string",
minServerTlsVersion: "string",
ocspCheck: false,
serverCertificates: "string",
},
doNotDecryptSubActions: {
blockSslTrafficWithNoSniEnabled: false,
bypassOtherPolicies: false,
minTlsVersion: "string",
ocspCheck: false,
serverCertificates: "string",
},
overrideDefaultCertificate: false,
showEun: false,
showEunatp: false,
sslInterceptionCert: {
id: 0,
},
type: "string",
},
order: 0,
name: "string",
deviceTrustLevels: ["string"],
platforms: ["string"],
deviceGroups: [0],
description: "string",
devices: [0],
groups: [0],
labels: [0],
locationGroups: [0],
locations: [0],
departments: [0],
cloudApplications: ["string"],
destIpGroups: [0],
proxyGateways: [0],
rank: 0,
roadWarriorForKerberos: false,
sourceIpGroups: [0],
state: "string",
timeWindows: [0],
urlCategories: ["string"],
userAgentTypes: ["string"],
users: [0],
workloadGroups: [{
resourceId: 0,
name: "string",
}],
});
type: zia:SslInspectionRule
properties:
action:
decryptSubActions:
blockSslTrafficWithNoSniEnabled: false
blockUndecrypt: false
http2Enabled: false
minClientTlsVersion: string
minServerTlsVersion: string
ocspCheck: false
serverCertificates: string
doNotDecryptSubActions:
blockSslTrafficWithNoSniEnabled: false
bypassOtherPolicies: false
minTlsVersion: string
ocspCheck: false
serverCertificates: string
overrideDefaultCertificate: false
showEun: false
showEunatp: false
sslInterceptionCert:
id: 0
type: string
cloudApplications:
- string
departments:
- 0
description: string
destIpGroups:
- 0
deviceGroups:
- 0
deviceTrustLevels:
- string
devices:
- 0
groups:
- 0
labels:
- 0
locationGroups:
- 0
locations:
- 0
name: string
order: 0
platforms:
- string
proxyGateways:
- 0
rank: 0
roadWarriorForKerberos: false
sourceIpGroups:
- 0
state: string
timeWindows:
- 0
urlCategories:
- string
userAgentTypes:
- string
users:
- 0
workloadGroups:
- name: string
resourceId: 0
SslInspectionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SslInspectionRule resource accepts the following input properties:
- Action
zscaler.
Pulumi Package. Zia. Inputs. Ssl Inspection Action Input - The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- Name string
- The name of the SSL inspection rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other SSL inspection rules.
- Cloud
Applications List<string> - List of cloud application names to which the rule applies.
- Departments List<int>
- IDs of departments to which the rule applies.
- Description string
- Additional information about the SSL inspection rule.
- Dest
Ip List<int>Groups - IDs of destination IP address groups for the rule.
- Device
Groups List<int> - IDs of device groups to which the rule applies.
- Device
Trust List<string>Levels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - Devices List<int>
- IDs of devices to which the rule applies.
- Groups List<int>
- IDs of groups to which the rule applies.
- Labels List<int>
- IDs of labels associated with the rule.
- Location
Groups List<int> - IDs of location groups to which the rule applies.
- Locations List<int>
- IDs of locations to which the rule applies.
- Platforms List<string>
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - Proxy
Gateways List<int> - IDs of proxy gateway configurations for the rule.
- Rank int
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- Road
Warrior boolFor Kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- Source
Ip List<int>Groups - IDs of source IP address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Time
Windows List<int> - IDs of time intervals during which the rule must be enforced.
- Url
Categories List<string> - List of URL categories to which the rule applies.
- User
Agent List<string>Types - User agent types the rule applies to.
- Users List<int>
- IDs of users to which the rule applies.
- Workload
Groups List<zscaler.Pulumi Package. Zia. Inputs. Workload Group Input> - List of preconfigured workload groups to which the policy must be applied.
- Action
Ssl
Inspection Action Input Args - The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- Name string
- The name of the SSL inspection rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other SSL inspection rules.
- Cloud
Applications []string - List of cloud application names to which the rule applies.
- Departments []int
- IDs of departments to which the rule applies.
- Description string
- Additional information about the SSL inspection rule.
- Dest
Ip []intGroups - IDs of destination IP address groups for the rule.
- Device
Groups []int - IDs of device groups to which the rule applies.
- Device
Trust []stringLevels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - Devices []int
- IDs of devices to which the rule applies.
- Groups []int
- IDs of groups to which the rule applies.
- Labels []int
- IDs of labels associated with the rule.
- Location
Groups []int - IDs of location groups to which the rule applies.
- Locations []int
- IDs of locations to which the rule applies.
- Platforms []string
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - Proxy
Gateways []int - IDs of proxy gateway configurations for the rule.
- Rank int
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- Road
Warrior boolFor Kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- Source
Ip []intGroups - IDs of source IP address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Time
Windows []int - IDs of time intervals during which the rule must be enforced.
- Url
Categories []string - List of URL categories to which the rule applies.
- User
Agent []stringTypes - User agent types the rule applies to.
- Users []int
- IDs of users to which the rule applies.
- Workload
Groups []WorkloadGroup Input Type Args - List of preconfigured workload groups to which the policy must be applied.
- action
Ssl
Inspection Action Input - The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- name String
- The name of the SSL inspection rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other SSL inspection rules.
- cloud
Applications List<String> - List of cloud application names to which the rule applies.
- departments List<Integer>
- IDs of departments to which the rule applies.
- description String
- Additional information about the SSL inspection rule.
- dest
Ip List<Integer>Groups - IDs of destination IP address groups for the rule.
- device
Groups List<Integer> - IDs of device groups to which the rule applies.
- device
Trust List<String>Levels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - devices List<Integer>
- IDs of devices to which the rule applies.
- groups List<Integer>
- IDs of groups to which the rule applies.
- labels List<Integer>
- IDs of labels associated with the rule.
- location
Groups List<Integer> - IDs of location groups to which the rule applies.
- locations List<Integer>
- IDs of locations to which the rule applies.
- platforms List<String>
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - proxy
Gateways List<Integer> - IDs of proxy gateway configurations for the rule.
- rank Integer
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- road
Warrior BooleanFor Kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- source
Ip List<Integer>Groups - IDs of source IP address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows List<Integer> - IDs of time intervals during which the rule must be enforced.
- url
Categories List<String> - List of URL categories to which the rule applies.
- user
Agent List<String>Types - User agent types the rule applies to.
- users List<Integer>
- IDs of users to which the rule applies.
- workload
Groups List<WorkloadGroup Input> - List of preconfigured workload groups to which the policy must be applied.
- action
Ssl
Inspection Action Input - The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- name string
- The name of the SSL inspection rule. Must be unique.
- order number
- The order of execution of the rule with respect to other SSL inspection rules.
- cloud
Applications string[] - List of cloud application names to which the rule applies.
- departments number[]
- IDs of departments to which the rule applies.
- description string
- Additional information about the SSL inspection rule.
- dest
Ip number[]Groups - IDs of destination IP address groups for the rule.
- device
Groups number[] - IDs of device groups to which the rule applies.
- device
Trust string[]Levels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - devices number[]
- IDs of devices to which the rule applies.
- groups number[]
- IDs of groups to which the rule applies.
- labels number[]
- IDs of labels associated with the rule.
- location
Groups number[] - IDs of location groups to which the rule applies.
- locations number[]
- IDs of locations to which the rule applies.
- platforms string[]
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - proxy
Gateways number[] - IDs of proxy gateway configurations for the rule.
- rank number
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- road
Warrior booleanFor Kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- source
Ip number[]Groups - IDs of source IP address groups for the rule.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows number[] - IDs of time intervals during which the rule must be enforced.
- url
Categories string[] - List of URL categories to which the rule applies.
- user
Agent string[]Types - User agent types the rule applies to.
- users number[]
- IDs of users to which the rule applies.
- workload
Groups WorkloadGroup Input[] - List of preconfigured workload groups to which the policy must be applied.
- action
Ssl
Inspection Action Input Args - The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- name str
- The name of the SSL inspection rule. Must be unique.
- order int
- The order of execution of the rule with respect to other SSL inspection rules.
- cloud_
applications Sequence[str] - List of cloud application names to which the rule applies.
- departments Sequence[int]
- IDs of departments to which the rule applies.
- description str
- Additional information about the SSL inspection rule.
- dest_
ip_ Sequence[int]groups - IDs of destination IP address groups for the rule.
- device_
groups Sequence[int] - IDs of device groups to which the rule applies.
- device_
trust_ Sequence[str]levels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - devices Sequence[int]
- IDs of devices to which the rule applies.
- groups Sequence[int]
- IDs of groups to which the rule applies.
- labels Sequence[int]
- IDs of labels associated with the rule.
- location_
groups Sequence[int] - IDs of location groups to which the rule applies.
- locations Sequence[int]
- IDs of locations to which the rule applies.
- platforms Sequence[str]
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - proxy_
gateways Sequence[int] - IDs of proxy gateway configurations for the rule.
- rank int
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- road_
warrior_ boolfor_ kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- source_
ip_ Sequence[int]groups - IDs of source IP address groups for the rule.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - time_
windows Sequence[int] - IDs of time intervals during which the rule must be enforced.
- url_
categories Sequence[str] - List of URL categories to which the rule applies.
- user_
agent_ Sequence[str]types - User agent types the rule applies to.
- users Sequence[int]
- IDs of users to which the rule applies.
- workload_
groups Sequence[WorkloadGroup Input Args] - List of preconfigured workload groups to which the policy must be applied.
- action Property Map
- The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions.
- name String
- The name of the SSL inspection rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other SSL inspection rules.
- cloud
Applications List<String> - List of cloud application names to which the rule applies.
- departments List<Number>
- IDs of departments to which the rule applies.
- description String
- Additional information about the SSL inspection rule.
- dest
Ip List<Number>Groups - IDs of destination IP address groups for the rule.
- device
Groups List<Number> - IDs of device groups to which the rule applies.
- device
Trust List<String>Levels - Device trust levels for the rule. Valid values:
ANY,UNKNOWN_DEVICETRUSTLEVEL,LOW_TRUST,MEDIUM_TRUST,HIGH_TRUST. - devices List<Number>
- IDs of devices to which the rule applies.
- groups List<Number>
- IDs of groups to which the rule applies.
- labels List<Number>
- IDs of labels associated with the rule.
- location
Groups List<Number> - IDs of location groups to which the rule applies.
- locations List<Number>
- IDs of locations to which the rule applies.
- platforms List<String>
- Platforms to which the rule applies (e.g.,
SCAN_IOS,SCAN_ANDROID,SCAN_MACOS,SCAN_WINDOWS,SCAN_LINUX). - proxy
Gateways List<Number> - IDs of proxy gateway configurations for the rule.
- rank Number
- Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7.
- road
Warrior BooleanFor Kerberos - Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication.
- source
Ip List<Number>Groups - IDs of source IP address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows List<Number> - IDs of time intervals during which the rule must be enforced.
- url
Categories List<String> - List of URL categories to which the rule applies.
- user
Agent List<String>Types - User agent types the rule applies to.
- users List<Number>
- IDs of users to which the rule applies.
- workload
Groups List<Property Map> - List of preconfigured workload groups to which the policy must be applied.
Outputs
All input properties are implicitly available as output properties. Additionally, the SslInspectionRule resource produces the following output properties:
Supporting Types
DecryptSubActionsInput, DecryptSubActionsInputArgs
- Block
Ssl boolTraffic With No Sni Enabled - Block
Undecrypt bool - Http2Enabled bool
- Min
Client stringTls Version - Min
Server stringTls Version - Ocsp
Check bool - Server
Certificates string
- Block
Ssl boolTraffic With No Sni Enabled - Block
Undecrypt bool - Http2Enabled bool
- Min
Client stringTls Version - Min
Server stringTls Version - Ocsp
Check bool - Server
Certificates string
- block
Ssl BooleanTraffic With No Sni Enabled - block
Undecrypt Boolean - http2Enabled Boolean
- min
Client StringTls Version - min
Server StringTls Version - ocsp
Check Boolean - server
Certificates String
- block
Ssl booleanTraffic With No Sni Enabled - block
Undecrypt boolean - http2Enabled boolean
- min
Client stringTls Version - min
Server stringTls Version - ocsp
Check boolean - server
Certificates string
- block
Ssl BooleanTraffic With No Sni Enabled - block
Undecrypt Boolean - http2Enabled Boolean
- min
Client StringTls Version - min
Server StringTls Version - ocsp
Check Boolean - server
Certificates String
DoNotDecryptSubActionsInput, DoNotDecryptSubActionsInputArgs
- Block
Ssl boolTraffic With No Sni Enabled - Bypass
Other boolPolicies - Min
Tls stringVersion - Ocsp
Check bool - Server
Certificates string
- Block
Ssl boolTraffic With No Sni Enabled - Bypass
Other boolPolicies - Min
Tls stringVersion - Ocsp
Check bool - Server
Certificates string
- block
Ssl BooleanTraffic With No Sni Enabled - bypass
Other BooleanPolicies - min
Tls StringVersion - ocsp
Check Boolean - server
Certificates String
- block
Ssl booleanTraffic With No Sni Enabled - bypass
Other booleanPolicies - min
Tls stringVersion - ocsp
Check boolean - server
Certificates string
- block
Ssl BooleanTraffic With No Sni Enabled - bypass
Other BooleanPolicies - min
Tls StringVersion - ocsp
Check Boolean - server
Certificates String
SslInspectionActionInput, SslInspectionActionInputArgs
- Decrypt
Sub zscaler.Actions Pulumi Package. Zia. Inputs. Decrypt Sub Actions Input - Do
Not zscaler.Decrypt Sub Actions Pulumi Package. Zia. Inputs. Do Not Decrypt Sub Actions Input - Override
Default boolCertificate - Show
Eun bool - Show
Eunatp bool - Ssl
Interception zscaler.Cert Pulumi Package. Zia. Inputs. Ssl Interception Cert Input - Type string
SslInterceptionCertInput, SslInterceptionCertInputArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
WorkloadGroupInput, WorkloadGroupInputArgs
- Resource
Id int - Name string
- Resource
Id int - Name string
- resource
Id Integer - name String
- resource
Id number - name string
- resource_
id int - name str
- resource
Id Number - name String
Import
An existing SSL Inspection Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:SslInspectionRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
