zia.FirewallFilteringRule
Explore with Pulumi AI
The zia_firewall_filtering_rule resource allows the creation and management of ZIA Cloud Firewall filtering rules in the Zscaler Internet Access.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
import * as zia from "@pulumi/zia";
const zscalerProxyNwServices = zia.getFirewallFilteringNetworkServices({
name: "ZSCALER_PROXY_NW_SERVICES",
});
const engineering = zia.getDepartmentManagement({
name: "Engineering",
});
const normalInternet = zia.getGroupManagement({
name: "Normal_Internet",
});
const workHours = zia.getTimeWindow({
name: "Work hours",
});
const example = new zia.FirewallFilteringRule("example", {
description: "Example",
action: "ALLOW",
state: "ENABLED",
order: 1,
enableFullLogging: true,
nwServices: {
ids: [zscalerProxyNwServices.then(zscalerProxyNwServices => zscalerProxyNwServices.id)],
},
departments: {
ids: [engineering.then(engineering => engineering.id)],
},
groups: {
ids: [normalInternet.then(normalInternet => normalInternet.id)],
},
timeWindows: {
ids: [workHours.then(workHours => workHours.id)],
},
});
import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia
zscaler_proxy_nw_services = zia.get_firewall_filtering_network_services(name="ZSCALER_PROXY_NW_SERVICES")
engineering = zia.get_department_management(name="Engineering")
normal_internet = zia.get_group_management(name="Normal_Internet")
work_hours = zia.get_time_window(name="Work hours")
example = zia.FirewallFilteringRule("example",
description="Example",
action="ALLOW",
state="ENABLED",
order=1,
enable_full_logging=True,
nw_services=zia.FirewallFilteringRuleNwServicesArgs(
ids=[zscaler_proxy_nw_services.id],
),
departments=zia.FirewallFilteringRuleDepartmentsArgs(
ids=[engineering.id],
),
groups=zia.FirewallFilteringRuleGroupsArgs(
ids=[normal_internet.id],
),
time_windows=zia.FirewallFilteringRuleTimeWindowsArgs(
ids=[work_hours.id],
))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
zscalerProxyNwServices, err := zia.LookupFirewallFilteringNetworkServices(ctx, &zia.LookupFirewallFilteringNetworkServicesArgs{
Name: pulumi.StringRef("ZSCALER_PROXY_NW_SERVICES"),
}, nil)
if err != nil {
return err
}
engineering, err := zia.GetDepartmentManagement(ctx, &zia.GetDepartmentManagementArgs{
Name: pulumi.StringRef("Engineering"),
}, nil)
if err != nil {
return err
}
normalInternet, err := zia.GetGroupManagement(ctx, &zia.GetGroupManagementArgs{
Name: pulumi.StringRef("Normal_Internet"),
}, nil)
if err != nil {
return err
}
workHours, err := zia.GetTimeWindow(ctx, &zia.GetTimeWindowArgs{
Name: pulumi.StringRef("Work hours"),
}, nil)
if err != nil {
return err
}
_, err = zia.NewFirewallFilteringRule(ctx, "example", &zia.FirewallFilteringRuleArgs{
Description: pulumi.String("Example"),
Action: pulumi.String("ALLOW"),
State: pulumi.String("ENABLED"),
Order: pulumi.Int(1),
EnableFullLogging: pulumi.Bool(true),
NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(zscalerProxyNwServices.Id),
},
},
Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
Ids: pulumi.IntArray{
pulumi.Int(engineering.Id),
},
},
Groups: &zia.FirewallFilteringRuleGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(normalInternet.Id),
},
},
TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
Ids: pulumi.IntArray{
pulumi.Int(workHours.Id),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var zscalerProxyNwServices = Zia.GetFirewallFilteringNetworkServices.Invoke(new()
{
Name = "ZSCALER_PROXY_NW_SERVICES",
});
var engineering = Zia.GetDepartmentManagement.Invoke(new()
{
Name = "Engineering",
});
var normalInternet = Zia.GetGroupManagement.Invoke(new()
{
Name = "Normal_Internet",
});
var workHours = Zia.GetTimeWindow.Invoke(new()
{
Name = "Work hours",
});
var example = new Zia.FirewallFilteringRule("example", new()
{
Description = "Example",
Action = "ALLOW",
State = "ENABLED",
Order = 1,
EnableFullLogging = true,
NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
{
Ids = new[]
{
zscalerProxyNwServices.Apply(getFirewallFilteringNetworkServicesResult => getFirewallFilteringNetworkServicesResult.Id),
},
},
Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
{
Ids = new[]
{
engineering.Apply(getDepartmentManagementResult => getDepartmentManagementResult.Id),
},
},
Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
{
Ids = new[]
{
normalInternet.Apply(getGroupManagementResult => getGroupManagementResult.Id),
},
},
TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
{
Ids = new[]
{
workHours.Apply(getTimeWindowResult => getTimeWindowResult.Id),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.ZiaFunctions;
import com.pulumi.zia.inputs.GetFirewallFilteringNetworkServicesArgs;
import com.pulumi.zia.inputs.GetDepartmentManagementArgs;
import com.pulumi.zia.inputs.GetGroupManagementArgs;
import com.pulumi.zia.inputs.GetTimeWindowArgs;
import com.pulumi.zia.FirewallFilteringRule;
import com.pulumi.zia.FirewallFilteringRuleArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleNwServicesArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleDepartmentsArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleGroupsArgs;
import com.pulumi.zia.inputs.FirewallFilteringRuleTimeWindowsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var zscalerProxyNwServices = ZiaFunctions.getFirewallFilteringNetworkServices(GetFirewallFilteringNetworkServicesArgs.builder()
.name("ZSCALER_PROXY_NW_SERVICES")
.build());
final var engineering = ZiaFunctions.getDepartmentManagement(GetDepartmentManagementArgs.builder()
.name("Engineering")
.build());
final var normalInternet = ZiaFunctions.getGroupManagement(GetGroupManagementArgs.builder()
.name("Normal_Internet")
.build());
final var workHours = ZiaFunctions.getTimeWindow(GetTimeWindowArgs.builder()
.name("Work hours")
.build());
var example = new FirewallFilteringRule("example", FirewallFilteringRuleArgs.builder()
.description("Example")
.action("ALLOW")
.state("ENABLED")
.order(1)
.enableFullLogging(true)
.nwServices(FirewallFilteringRuleNwServicesArgs.builder()
.ids(zscalerProxyNwServices.applyValue(getFirewallFilteringNetworkServicesResult -> getFirewallFilteringNetworkServicesResult.id()))
.build())
.departments(FirewallFilteringRuleDepartmentsArgs.builder()
.ids(engineering.applyValue(getDepartmentManagementResult -> getDepartmentManagementResult.id()))
.build())
.groups(FirewallFilteringRuleGroupsArgs.builder()
.ids(normalInternet.applyValue(getGroupManagementResult -> getGroupManagementResult.id()))
.build())
.timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
.ids(workHours.applyValue(getTimeWindowResult -> getTimeWindowResult.id()))
.build())
.build());
}
}
resources:
example:
type: zia:FirewallFilteringRule
properties:
description: Example
action: ALLOW
state: ENABLED
order: 1
enableFullLogging: true
nwServices:
ids:
- ${zscalerProxyNwServices.id}
departments:
ids:
- ${engineering.id}
groups:
ids:
- ${normalInternet.id}
timeWindows:
ids:
- ${workHours.id}
variables:
zscalerProxyNwServices:
fn::invoke:
Function: zia:getFirewallFilteringNetworkServices
Arguments:
name: ZSCALER_PROXY_NW_SERVICES
engineering:
fn::invoke:
Function: zia:getDepartmentManagement
Arguments:
name: Engineering
normalInternet:
fn::invoke:
Function: zia:getGroupManagement
Arguments:
name: Normal_Internet
workHours:
fn::invoke:
Function: zia:getTimeWindow
Arguments:
name: Work hours
Create FirewallFilteringRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallFilteringRule(name: string, args?: FirewallFilteringRuleArgs, opts?: CustomResourceOptions);
@overload
def FirewallFilteringRule(resource_name: str,
args: Optional[FirewallFilteringRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallFilteringRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
default_rule: Optional[bool] = None,
departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
description: Optional[str] = None,
dest_addresses: Optional[Sequence[str]] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
enable_full_logging: Optional[bool] = None,
groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
name: Optional[str] = None,
nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
nw_applications: Optional[Sequence[str]] = None,
nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
order: Optional[int] = None,
predefined: Optional[bool] = None,
rank: Optional[int] = None,
src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
src_ips: Optional[Sequence[str]] = None,
state: Optional[str] = None,
time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
users: Optional[FirewallFilteringRuleUsersArgs] = None,
workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None)
func NewFirewallFilteringRule(ctx *Context, name string, args *FirewallFilteringRuleArgs, opts ...ResourceOption) (*FirewallFilteringRule, error)
public FirewallFilteringRule(string name, FirewallFilteringRuleArgs? args = null, CustomResourceOptions? opts = null)
public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args)
public FirewallFilteringRule(String name, FirewallFilteringRuleArgs args, CustomResourceOptions options)
type: zia:FirewallFilteringRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallFilteringRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallFilteringRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallFilteringRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallFilteringRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallFilteringRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallFilteringRuleResource = new Zia.FirewallFilteringRule("firewallFilteringRuleResource", new()
{
Action = "string",
AppServiceGroups = new Zia.Inputs.FirewallFilteringRuleAppServiceGroupsArgs
{
Ids = new[]
{
0,
},
},
AppServices = new Zia.Inputs.FirewallFilteringRuleAppServicesArgs
{
Ids = new[]
{
0,
},
},
DefaultRule = false,
Departments = new Zia.Inputs.FirewallFilteringRuleDepartmentsArgs
{
Ids = new[]
{
0,
},
},
Description = "string",
DestAddresses = new[]
{
"string",
},
DestCountries = new[]
{
"string",
},
DestIpCategories = new[]
{
"string",
},
DestIpGroups = new Zia.Inputs.FirewallFilteringRuleDestIpGroupsArgs
{
Ids = new[]
{
0,
},
},
DeviceGroups = new Zia.Inputs.FirewallFilteringRuleDeviceGroupsArgs
{
Ids = new[]
{
0,
},
},
DeviceTrustLevels = new[]
{
"string",
},
Devices = new Zia.Inputs.FirewallFilteringRuleDevicesArgs
{
Ids = new[]
{
0,
},
},
EnableFullLogging = false,
Groups = new Zia.Inputs.FirewallFilteringRuleGroupsArgs
{
Ids = new[]
{
0,
},
},
Labels = new Zia.Inputs.FirewallFilteringRuleLabelsArgs
{
Id = 0,
},
LocationGroups = new Zia.Inputs.FirewallFilteringRuleLocationGroupsArgs
{
Ids = new[]
{
0,
},
},
Locations = new Zia.Inputs.FirewallFilteringRuleLocationsArgs
{
Ids = new[]
{
0,
},
},
Name = "string",
NwApplicationGroups = new Zia.Inputs.FirewallFilteringRuleNwApplicationGroupsArgs
{
Ids = new[]
{
0,
},
},
NwApplications = new[]
{
"string",
},
NwServiceGroups = new Zia.Inputs.FirewallFilteringRuleNwServiceGroupsArgs
{
Ids = new[]
{
0,
},
},
NwServices = new Zia.Inputs.FirewallFilteringRuleNwServicesArgs
{
Ids = new[]
{
0,
},
},
Order = 0,
Predefined = false,
Rank = 0,
SrcIpGroups = new Zia.Inputs.FirewallFilteringRuleSrcIpGroupsArgs
{
Ids = new[]
{
0,
},
},
SrcIps = new[]
{
"string",
},
State = "string",
TimeWindows = new Zia.Inputs.FirewallFilteringRuleTimeWindowsArgs
{
Ids = new[]
{
0,
},
},
Users = new Zia.Inputs.FirewallFilteringRuleUsersArgs
{
Ids = new[]
{
0,
},
},
WorkloadGroups = new[]
{
new Zia.Inputs.FirewallFilteringRuleWorkloadGroupArgs
{
Id = 0,
Name = "string",
},
},
ZpaAppSegments = new[]
{
new Zia.Inputs.FirewallFilteringRuleZpaAppSegmentArgs
{
ExternalId = "string",
Name = "string",
},
},
});
example, err := zia.NewFirewallFilteringRule(ctx, "firewallFilteringRuleResource", &zia.FirewallFilteringRuleArgs{
Action: pulumi.String("string"),
AppServiceGroups: &zia.FirewallFilteringRuleAppServiceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
AppServices: &zia.FirewallFilteringRuleAppServicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DefaultRule: pulumi.Bool(false),
Departments: &zia.FirewallFilteringRuleDepartmentsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Description: pulumi.String("string"),
DestAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestCountries: pulumi.StringArray{
pulumi.String("string"),
},
DestIpCategories: pulumi.StringArray{
pulumi.String("string"),
},
DestIpGroups: &zia.FirewallFilteringRuleDestIpGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DeviceGroups: &zia.FirewallFilteringRuleDeviceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DeviceTrustLevels: pulumi.StringArray{
pulumi.String("string"),
},
Devices: &zia.FirewallFilteringRuleDevicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
EnableFullLogging: pulumi.Bool(false),
Groups: &zia.FirewallFilteringRuleGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Labels: &zia.FirewallFilteringRuleLabelsArgs{
Id: pulumi.Int(0),
},
LocationGroups: &zia.FirewallFilteringRuleLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Locations: &zia.FirewallFilteringRuleLocationsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Name: pulumi.String("string"),
NwApplicationGroups: &zia.FirewallFilteringRuleNwApplicationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
NwApplications: pulumi.StringArray{
pulumi.String("string"),
},
NwServiceGroups: &zia.FirewallFilteringRuleNwServiceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
NwServices: &zia.FirewallFilteringRuleNwServicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Order: pulumi.Int(0),
Predefined: pulumi.Bool(false),
Rank: pulumi.Int(0),
SrcIpGroups: &zia.FirewallFilteringRuleSrcIpGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
SrcIps: pulumi.StringArray{
pulumi.String("string"),
},
State: pulumi.String("string"),
TimeWindows: &zia.FirewallFilteringRuleTimeWindowsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Users: &zia.FirewallFilteringRuleUsersArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
WorkloadGroups: zia.FirewallFilteringRuleWorkloadGroupArray{
&zia.FirewallFilteringRuleWorkloadGroupArgs{
Id: pulumi.Int(0),
Name: pulumi.String("string"),
},
},
ZpaAppSegments: zia.FirewallFilteringRuleZpaAppSegmentArray{
&zia.FirewallFilteringRuleZpaAppSegmentArgs{
ExternalId: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
})
var firewallFilteringRuleResource = new FirewallFilteringRule("firewallFilteringRuleResource", FirewallFilteringRuleArgs.builder()
.action("string")
.appServiceGroups(FirewallFilteringRuleAppServiceGroupsArgs.builder()
.ids(0)
.build())
.appServices(FirewallFilteringRuleAppServicesArgs.builder()
.ids(0)
.build())
.defaultRule(false)
.departments(FirewallFilteringRuleDepartmentsArgs.builder()
.ids(0)
.build())
.description("string")
.destAddresses("string")
.destCountries("string")
.destIpCategories("string")
.destIpGroups(FirewallFilteringRuleDestIpGroupsArgs.builder()
.ids(0)
.build())
.deviceGroups(FirewallFilteringRuleDeviceGroupsArgs.builder()
.ids(0)
.build())
.deviceTrustLevels("string")
.devices(FirewallFilteringRuleDevicesArgs.builder()
.ids(0)
.build())
.enableFullLogging(false)
.groups(FirewallFilteringRuleGroupsArgs.builder()
.ids(0)
.build())
.labels(FirewallFilteringRuleLabelsArgs.builder()
.id(0)
.build())
.locationGroups(FirewallFilteringRuleLocationGroupsArgs.builder()
.ids(0)
.build())
.locations(FirewallFilteringRuleLocationsArgs.builder()
.ids(0)
.build())
.name("string")
.nwApplicationGroups(FirewallFilteringRuleNwApplicationGroupsArgs.builder()
.ids(0)
.build())
.nwApplications("string")
.nwServiceGroups(FirewallFilteringRuleNwServiceGroupsArgs.builder()
.ids(0)
.build())
.nwServices(FirewallFilteringRuleNwServicesArgs.builder()
.ids(0)
.build())
.order(0)
.predefined(false)
.rank(0)
.srcIpGroups(FirewallFilteringRuleSrcIpGroupsArgs.builder()
.ids(0)
.build())
.srcIps("string")
.state("string")
.timeWindows(FirewallFilteringRuleTimeWindowsArgs.builder()
.ids(0)
.build())
.users(FirewallFilteringRuleUsersArgs.builder()
.ids(0)
.build())
.workloadGroups(FirewallFilteringRuleWorkloadGroupArgs.builder()
.id(0)
.name("string")
.build())
.zpaAppSegments(FirewallFilteringRuleZpaAppSegmentArgs.builder()
.externalId("string")
.name("string")
.build())
.build());
firewall_filtering_rule_resource = zia.FirewallFilteringRule("firewallFilteringRuleResource",
action="string",
app_service_groups={
"ids": [0],
},
app_services={
"ids": [0],
},
default_rule=False,
departments={
"ids": [0],
},
description="string",
dest_addresses=["string"],
dest_countries=["string"],
dest_ip_categories=["string"],
dest_ip_groups={
"ids": [0],
},
device_groups={
"ids": [0],
},
device_trust_levels=["string"],
devices={
"ids": [0],
},
enable_full_logging=False,
groups={
"ids": [0],
},
labels={
"id": 0,
},
location_groups={
"ids": [0],
},
locations={
"ids": [0],
},
name="string",
nw_application_groups={
"ids": [0],
},
nw_applications=["string"],
nw_service_groups={
"ids": [0],
},
nw_services={
"ids": [0],
},
order=0,
predefined=False,
rank=0,
src_ip_groups={
"ids": [0],
},
src_ips=["string"],
state="string",
time_windows={
"ids": [0],
},
users={
"ids": [0],
},
workload_groups=[{
"id": 0,
"name": "string",
}],
zpa_app_segments=[{
"external_id": "string",
"name": "string",
}])
const firewallFilteringRuleResource = new zia.FirewallFilteringRule("firewallFilteringRuleResource", {
action: "string",
appServiceGroups: {
ids: [0],
},
appServices: {
ids: [0],
},
defaultRule: false,
departments: {
ids: [0],
},
description: "string",
destAddresses: ["string"],
destCountries: ["string"],
destIpCategories: ["string"],
destIpGroups: {
ids: [0],
},
deviceGroups: {
ids: [0],
},
deviceTrustLevels: ["string"],
devices: {
ids: [0],
},
enableFullLogging: false,
groups: {
ids: [0],
},
labels: {
id: 0,
},
locationGroups: {
ids: [0],
},
locations: {
ids: [0],
},
name: "string",
nwApplicationGroups: {
ids: [0],
},
nwApplications: ["string"],
nwServiceGroups: {
ids: [0],
},
nwServices: {
ids: [0],
},
order: 0,
predefined: false,
rank: 0,
srcIpGroups: {
ids: [0],
},
srcIps: ["string"],
state: "string",
timeWindows: {
ids: [0],
},
users: {
ids: [0],
},
workloadGroups: [{
id: 0,
name: "string",
}],
zpaAppSegments: [{
externalId: "string",
name: "string",
}],
});
type: zia:FirewallFilteringRule
properties:
action: string
appServiceGroups:
ids:
- 0
appServices:
ids:
- 0
defaultRule: false
departments:
ids:
- 0
description: string
destAddresses:
- string
destCountries:
- string
destIpCategories:
- string
destIpGroups:
ids:
- 0
deviceGroups:
ids:
- 0
deviceTrustLevels:
- string
devices:
ids:
- 0
enableFullLogging: false
groups:
ids:
- 0
labels:
id: 0
locationGroups:
ids:
- 0
locations:
ids:
- 0
name: string
nwApplicationGroups:
ids:
- 0
nwApplications:
- string
nwServiceGroups:
ids:
- 0
nwServices:
ids:
- 0
order: 0
predefined: false
rank: 0
srcIpGroups:
ids:
- 0
srcIps:
- string
state: string
timeWindows:
ids:
- 0
users:
ids:
- 0
workloadGroups:
- id: 0
name: string
zpaAppSegments:
- externalId: string
name: string
FirewallFilteringRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallFilteringRule resource accepts the following input properties:
- Action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- App
Service zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule App Service Groups - list of application service groups
- App
Services zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule App Services - list of application services
- Default
Rule bool - If set to true, the default rule is applied
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Departments - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses List<string> - Dest
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip List<string>Categories - Dest
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Dest Ip Groups - list of destination ip groups
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- Enable
Full boolLogging - Groups
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Groups - list of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Labels - list of Labels that are applicable to the rule.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Location Groups - list of locations groups
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Locations - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Application Groups - list of nw application groups
- Nw
Applications List<string> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- Nw
Service zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Service Groups - list of nw service groups
- Nw
Services zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Services - list of nw services
- Order int
- Rule order number of the Firewall Filtering policy rule
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Src
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Src Ip Groups - list of source ip groups
- Src
Ips List<string> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- Users
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Users - list of users for which rule must be applied
- Workload
Groups List<zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- Zpa
App List<zscaler.Segments Pulumi Package. Zia. Inputs. Firewall Filtering Rule Zpa App Segment> - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- Action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- App
Service FirewallGroups Filtering Rule App Service Groups Args - list of application service groups
- App
Services FirewallFiltering Rule App Services Args - list of application services
- Default
Rule bool - If set to true, the default rule is applied
- Departments
Firewall
Filtering Rule Departments Args - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses []string - Dest
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip []stringCategories - Dest
Ip FirewallGroups Filtering Rule Dest Ip Groups Args - list of destination ip groups
- Device
Groups FirewallFiltering Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Firewall
Filtering Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- Enable
Full boolLogging - Groups
Firewall
Filtering Rule Groups Args - list of groups for which rule must be applied
- Labels
Firewall
Filtering Rule Labels Args - list of Labels that are applicable to the rule.
- Location
Groups FirewallFiltering Rule Location Groups Args - list of locations groups
- Locations
Firewall
Filtering Rule Locations Args - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application FirewallGroups Filtering Rule Nw Application Groups Args - list of nw application groups
- Nw
Applications []string - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- Nw
Service FirewallGroups Filtering Rule Nw Service Groups Args - list of nw service groups
- Nw
Services FirewallFiltering Rule Nw Services Args - list of nw services
- Order int
- Rule order number of the Firewall Filtering policy rule
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Src
Ip FirewallGroups Filtering Rule Src Ip Groups Args - list of source ip groups
- Src
Ips []string - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows FirewallFiltering Rule Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- Users
Firewall
Filtering Rule Users Args - list of users for which rule must be applied
- Workload
Groups []FirewallFiltering Rule Workload Group Args - The list of preconfigured workload groups to which the policy must be applied
- Zpa
App []FirewallSegments Filtering Rule Zpa App Segment Args - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action String
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service FirewallGroups Filtering Rule App Service Groups - list of application service groups
- app
Services FirewallFiltering Rule App Services - list of application services
- default
Rule Boolean - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments - list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip FirewallGroups Filtering Rule Dest Ip Groups - list of destination ip groups
- device
Groups FirewallFiltering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enable
Full BooleanLogging - groups
Firewall
Filtering Rule Groups - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels - list of Labels that are applicable to the rule.
- location
Groups FirewallFiltering Rule Location Groups - list of locations groups
- locations
Firewall
Filtering Rule Locations - list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application FirewallGroups Filtering Rule Nw Application Groups - list of nw application groups
- nw
Applications List<String> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service FirewallGroups Filtering Rule Nw Service Groups - list of nw service groups
- nw
Services FirewallFiltering Rule Nw Services - list of nw services
- order Integer
- Rule order number of the Firewall Filtering policy rule
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Integer
- Admin rank of the Firewall Filtering policy rule
- src
Ip FirewallGroups Filtering Rule Src Ip Groups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows FirewallFiltering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users - list of users for which rule must be applied
- workload
Groups List<FirewallFiltering Rule Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- zpa
App List<FirewallSegments Filtering Rule Zpa App Segment> - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service FirewallGroups Filtering Rule App Service Groups - list of application service groups
- app
Services FirewallFiltering Rule App Services - list of application services
- default
Rule boolean - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments - list of departments for which rule must be applied
- description string
- Additional information about the rule
- dest
Addresses string[] - dest
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip string[]Categories - dest
Ip FirewallGroups Filtering Rule Dest Ip Groups - list of destination ip groups
- device
Groups FirewallFiltering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enable
Full booleanLogging - groups
Firewall
Filtering Rule Groups - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels - list of Labels that are applicable to the rule.
- location
Groups FirewallFiltering Rule Location Groups - list of locations groups
- locations
Firewall
Filtering Rule Locations - list of locations for which rule must be applied
- name string
- Name of the Firewall Filtering policy rule
- nw
Application FirewallGroups Filtering Rule Nw Application Groups - list of nw application groups
- nw
Applications string[] - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service FirewallGroups Filtering Rule Nw Service Groups - list of nw service groups
- nw
Services FirewallFiltering Rule Nw Services - list of nw services
- order number
- Rule order number of the Firewall Filtering policy rule
- predefined boolean
- If set to true, a predefined rule is applied
- rank number
- Admin rank of the Firewall Filtering policy rule
- src
Ip FirewallGroups Filtering Rule Src Ip Groups - list of source ip groups
- src
Ips string[] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows FirewallFiltering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users - list of users for which rule must be applied
- workload
Groups FirewallFiltering Rule Workload Group[] - The list of preconfigured workload groups to which the policy must be applied
- zpa
App FirewallSegments Filtering Rule Zpa App Segment[] - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action str
- The action the Firewall Filtering policy rule takes when packets match the rule
- app_
service_ Firewallgroups Filtering Rule App Service Groups Args - list of application service groups
- app_
services FirewallFiltering Rule App Services Args - list of application services
- default_
rule bool - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments Args - list of departments for which rule must be applied
- description str
- Additional information about the rule
- dest_
addresses Sequence[str] - dest_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest_
ip_ Sequence[str]categories - dest_
ip_ Firewallgroups Filtering Rule Dest Ip Groups Args - list of destination ip groups
- device_
groups FirewallFiltering Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- enable_
full_ boollogging - groups
Firewall
Filtering Rule Groups Args - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels Args - list of Labels that are applicable to the rule.
- location_
groups FirewallFiltering Rule Location Groups Args - list of locations groups
- locations
Firewall
Filtering Rule Locations Args - list of locations for which rule must be applied
- name str
- Name of the Firewall Filtering policy rule
- nw_
application_ Firewallgroups Filtering Rule Nw Application Groups Args - list of nw application groups
- nw_
applications Sequence[str] - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw_
service_ Firewallgroups Filtering Rule Nw Service Groups Args - list of nw service groups
- nw_
services FirewallFiltering Rule Nw Services Args - list of nw services
- order int
- Rule order number of the Firewall Filtering policy rule
- predefined bool
- If set to true, a predefined rule is applied
- rank int
- Admin rank of the Firewall Filtering policy rule
- src_
ip_ Firewallgroups Filtering Rule Src Ip Groups Args - list of source ip groups
- src_
ips Sequence[str] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time_
windows FirewallFiltering Rule Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users Args - list of users for which rule must be applied
- workload_
groups Sequence[FirewallFiltering Rule Workload Group Args] - The list of preconfigured workload groups to which the policy must be applied
- zpa_
app_ Sequence[Firewallsegments Filtering Rule Zpa App Segment Args] - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action String
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service Property MapGroups - list of application service groups
- app
Services Property Map - list of application services
- default
Rule Boolean - If set to true, the default rule is applied
- departments Property Map
- list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip Property MapGroups - list of destination ip groups
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- enable
Full BooleanLogging - groups Property Map
- list of groups for which rule must be applied
- labels Property Map
- list of Labels that are applicable to the rule.
- location
Groups Property Map - list of locations groups
- locations Property Map
- list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application Property MapGroups - list of nw application groups
- nw
Applications List<String> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service Property MapGroups - list of nw service groups
- nw
Services Property Map - list of nw services
- order Number
- Rule order number of the Firewall Filtering policy rule
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Number
- Admin rank of the Firewall Filtering policy rule
- src
Ip Property MapGroups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows Property Map - The time interval in which the Firewall Filtering policy rule applies
- users Property Map
- list of users for which rule must be applied
- workload
Groups List<Property Map> - The list of preconfigured workload groups to which the policy must be applied
- zpa
App List<Property Map>Segments - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallFilteringRule resource produces the following output properties:
Look up Existing FirewallFilteringRule Resource
Get an existing FirewallFilteringRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallFilteringRuleState, opts?: CustomResourceOptions): FirewallFilteringRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
app_service_groups: Optional[FirewallFilteringRuleAppServiceGroupsArgs] = None,
app_services: Optional[FirewallFilteringRuleAppServicesArgs] = None,
default_rule: Optional[bool] = None,
departments: Optional[FirewallFilteringRuleDepartmentsArgs] = None,
description: Optional[str] = None,
dest_addresses: Optional[Sequence[str]] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[FirewallFilteringRuleDestIpGroupsArgs] = None,
device_groups: Optional[FirewallFilteringRuleDeviceGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[FirewallFilteringRuleDevicesArgs] = None,
enable_full_logging: Optional[bool] = None,
groups: Optional[FirewallFilteringRuleGroupsArgs] = None,
labels: Optional[FirewallFilteringRuleLabelsArgs] = None,
location_groups: Optional[FirewallFilteringRuleLocationGroupsArgs] = None,
locations: Optional[FirewallFilteringRuleLocationsArgs] = None,
name: Optional[str] = None,
nw_application_groups: Optional[FirewallFilteringRuleNwApplicationGroupsArgs] = None,
nw_applications: Optional[Sequence[str]] = None,
nw_service_groups: Optional[FirewallFilteringRuleNwServiceGroupsArgs] = None,
nw_services: Optional[FirewallFilteringRuleNwServicesArgs] = None,
order: Optional[int] = None,
predefined: Optional[bool] = None,
rank: Optional[int] = None,
rule_id: Optional[int] = None,
src_ip_groups: Optional[FirewallFilteringRuleSrcIpGroupsArgs] = None,
src_ips: Optional[Sequence[str]] = None,
state: Optional[str] = None,
time_windows: Optional[FirewallFilteringRuleTimeWindowsArgs] = None,
users: Optional[FirewallFilteringRuleUsersArgs] = None,
workload_groups: Optional[Sequence[FirewallFilteringRuleWorkloadGroupArgs]] = None,
zpa_app_segments: Optional[Sequence[FirewallFilteringRuleZpaAppSegmentArgs]] = None) -> FirewallFilteringRule
func GetFirewallFilteringRule(ctx *Context, name string, id IDInput, state *FirewallFilteringRuleState, opts ...ResourceOption) (*FirewallFilteringRule, error)
public static FirewallFilteringRule Get(string name, Input<string> id, FirewallFilteringRuleState? state, CustomResourceOptions? opts = null)
public static FirewallFilteringRule get(String name, Output<String> id, FirewallFilteringRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- App
Service zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule App Service Groups - list of application service groups
- App
Services zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule App Services - list of application services
- Default
Rule bool - If set to true, the default rule is applied
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Departments - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses List<string> - Dest
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip List<string>Categories - Dest
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Dest Ip Groups - list of destination ip groups
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- Enable
Full boolLogging - Groups
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Groups - list of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Labels - list of Labels that are applicable to the rule.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Location Groups - list of locations groups
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Locations - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Application Groups - list of nw application groups
- Nw
Applications List<string> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- Nw
Service zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Service Groups - list of nw service groups
- Nw
Services zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Nw Services - list of nw services
- Order int
- Rule order number of the Firewall Filtering policy rule
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Rule
Id int - Src
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Firewall Filtering Rule Src Ip Groups - list of source ip groups
- Src
Ips List<string> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- Users
zscaler.
Pulumi Package. Zia. Inputs. Firewall Filtering Rule Users - list of users for which rule must be applied
- Workload
Groups List<zscaler.Pulumi Package. Zia. Inputs. Firewall Filtering Rule Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- Zpa
App List<zscaler.Segments Pulumi Package. Zia. Inputs. Firewall Filtering Rule Zpa App Segment> - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- Action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- App
Service FirewallGroups Filtering Rule App Service Groups Args - list of application service groups
- App
Services FirewallFiltering Rule App Services Args - list of application services
- Default
Rule bool - If set to true, the default rule is applied
- Departments
Firewall
Filtering Rule Departments Args - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses []string - Dest
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip []stringCategories - Dest
Ip FirewallGroups Filtering Rule Dest Ip Groups Args - list of destination ip groups
- Device
Groups FirewallFiltering Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Firewall
Filtering Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- Enable
Full boolLogging - Groups
Firewall
Filtering Rule Groups Args - list of groups for which rule must be applied
- Labels
Firewall
Filtering Rule Labels Args - list of Labels that are applicable to the rule.
- Location
Groups FirewallFiltering Rule Location Groups Args - list of locations groups
- Locations
Firewall
Filtering Rule Locations Args - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application FirewallGroups Filtering Rule Nw Application Groups Args - list of nw application groups
- Nw
Applications []string - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- Nw
Service FirewallGroups Filtering Rule Nw Service Groups Args - list of nw service groups
- Nw
Services FirewallFiltering Rule Nw Services Args - list of nw services
- Order int
- Rule order number of the Firewall Filtering policy rule
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Rule
Id int - Src
Ip FirewallGroups Filtering Rule Src Ip Groups Args - list of source ip groups
- Src
Ips []string - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows FirewallFiltering Rule Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- Users
Firewall
Filtering Rule Users Args - list of users for which rule must be applied
- Workload
Groups []FirewallFiltering Rule Workload Group Args - The list of preconfigured workload groups to which the policy must be applied
- Zpa
App []FirewallSegments Filtering Rule Zpa App Segment Args - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action String
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service FirewallGroups Filtering Rule App Service Groups - list of application service groups
- app
Services FirewallFiltering Rule App Services - list of application services
- default
Rule Boolean - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments - list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip FirewallGroups Filtering Rule Dest Ip Groups - list of destination ip groups
- device
Groups FirewallFiltering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enable
Full BooleanLogging - groups
Firewall
Filtering Rule Groups - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels - list of Labels that are applicable to the rule.
- location
Groups FirewallFiltering Rule Location Groups - list of locations groups
- locations
Firewall
Filtering Rule Locations - list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application FirewallGroups Filtering Rule Nw Application Groups - list of nw application groups
- nw
Applications List<String> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service FirewallGroups Filtering Rule Nw Service Groups - list of nw service groups
- nw
Services FirewallFiltering Rule Nw Services - list of nw services
- order Integer
- Rule order number of the Firewall Filtering policy rule
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Integer
- Admin rank of the Firewall Filtering policy rule
- rule
Id Integer - src
Ip FirewallGroups Filtering Rule Src Ip Groups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows FirewallFiltering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users - list of users for which rule must be applied
- workload
Groups List<FirewallFiltering Rule Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- zpa
App List<FirewallSegments Filtering Rule Zpa App Segment> - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action string
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service FirewallGroups Filtering Rule App Service Groups - list of application service groups
- app
Services FirewallFiltering Rule App Services - list of application services
- default
Rule boolean - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments - list of departments for which rule must be applied
- description string
- Additional information about the rule
- dest
Addresses string[] - dest
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip string[]Categories - dest
Ip FirewallGroups Filtering Rule Dest Ip Groups - list of destination ip groups
- device
Groups FirewallFiltering Rule Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices - Name-ID pairs of devices for which rule must be applied.
- enable
Full booleanLogging - groups
Firewall
Filtering Rule Groups - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels - list of Labels that are applicable to the rule.
- location
Groups FirewallFiltering Rule Location Groups - list of locations groups
- locations
Firewall
Filtering Rule Locations - list of locations for which rule must be applied
- name string
- Name of the Firewall Filtering policy rule
- nw
Application FirewallGroups Filtering Rule Nw Application Groups - list of nw application groups
- nw
Applications string[] - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service FirewallGroups Filtering Rule Nw Service Groups - list of nw service groups
- nw
Services FirewallFiltering Rule Nw Services - list of nw services
- order number
- Rule order number of the Firewall Filtering policy rule
- predefined boolean
- If set to true, a predefined rule is applied
- rank number
- Admin rank of the Firewall Filtering policy rule
- rule
Id number - src
Ip FirewallGroups Filtering Rule Src Ip Groups - list of source ip groups
- src
Ips string[] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows FirewallFiltering Rule Time Windows - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users - list of users for which rule must be applied
- workload
Groups FirewallFiltering Rule Workload Group[] - The list of preconfigured workload groups to which the policy must be applied
- zpa
App FirewallSegments Filtering Rule Zpa App Segment[] - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action str
- The action the Firewall Filtering policy rule takes when packets match the rule
- app_
service_ Firewallgroups Filtering Rule App Service Groups Args - list of application service groups
- app_
services FirewallFiltering Rule App Services Args - list of application services
- default_
rule bool - If set to true, the default rule is applied
- departments
Firewall
Filtering Rule Departments Args - list of departments for which rule must be applied
- description str
- Additional information about the rule
- dest_
addresses Sequence[str] - dest_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest_
ip_ Sequence[str]categories - dest_
ip_ Firewallgroups Filtering Rule Dest Ip Groups Args - list of destination ip groups
- device_
groups FirewallFiltering Rule Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Firewall
Filtering Rule Devices Args - Name-ID pairs of devices for which rule must be applied.
- enable_
full_ boollogging - groups
Firewall
Filtering Rule Groups Args - list of groups for which rule must be applied
- labels
Firewall
Filtering Rule Labels Args - list of Labels that are applicable to the rule.
- location_
groups FirewallFiltering Rule Location Groups Args - list of locations groups
- locations
Firewall
Filtering Rule Locations Args - list of locations for which rule must be applied
- name str
- Name of the Firewall Filtering policy rule
- nw_
application_ Firewallgroups Filtering Rule Nw Application Groups Args - list of nw application groups
- nw_
applications Sequence[str] - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw_
service_ Firewallgroups Filtering Rule Nw Service Groups Args - list of nw service groups
- nw_
services FirewallFiltering Rule Nw Services Args - list of nw services
- order int
- Rule order number of the Firewall Filtering policy rule
- predefined bool
- If set to true, a predefined rule is applied
- rank int
- Admin rank of the Firewall Filtering policy rule
- rule_
id int - src_
ip_ Firewallgroups Filtering Rule Src Ip Groups Args - list of source ip groups
- src_
ips Sequence[str] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time_
windows FirewallFiltering Rule Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- users
Firewall
Filtering Rule Users Args - list of users for which rule must be applied
- workload_
groups Sequence[FirewallFiltering Rule Workload Group Args] - The list of preconfigured workload groups to which the policy must be applied
- zpa_
app_ Sequence[Firewallsegments Filtering Rule Zpa App Segment Args] - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
- action String
- The action the Firewall Filtering policy rule takes when packets match the rule
- app
Service Property MapGroups - list of application service groups
- app
Services Property Map - list of application services
- default
Rule Boolean - If set to true, the default rule is applied
- departments Property Map
- list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip Property MapGroups - list of destination ip groups
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- enable
Full BooleanLogging - groups Property Map
- list of groups for which rule must be applied
- labels Property Map
- list of Labels that are applicable to the rule.
- location
Groups Property Map - list of locations groups
- locations Property Map
- list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application Property MapGroups - list of nw application groups
- nw
Applications List<String> - User-defined network service applications on which the rule is applied. If not set, the rule is not restricted to a specific network service application.
- nw
Service Property MapGroups - list of nw service groups
- nw
Services Property Map - list of nw services
- order Number
- Rule order number of the Firewall Filtering policy rule
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Number
- Admin rank of the Firewall Filtering policy rule
- rule
Id Number - src
Ip Property MapGroups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows Property Map - The time interval in which the Firewall Filtering policy rule applies
- users Property Map
- list of users for which rule must be applied
- workload
Groups List<Property Map> - The list of preconfigured workload groups to which the policy must be applied
- zpa
App List<Property Map>Segments - The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
Supporting Types
FirewallFilteringRuleAppServiceGroups, FirewallFilteringRuleAppServiceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleAppServices, FirewallFilteringRuleAppServicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleDepartments, FirewallFilteringRuleDepartmentsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleDestIpGroups, FirewallFilteringRuleDestIpGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleDeviceGroups, FirewallFilteringRuleDeviceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleDevices, FirewallFilteringRuleDevicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleGroups, FirewallFilteringRuleGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleLabels, FirewallFilteringRuleLabelsArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
FirewallFilteringRuleLocationGroups, FirewallFilteringRuleLocationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleLocations, FirewallFilteringRuleLocationsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleNwApplicationGroups, FirewallFilteringRuleNwApplicationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleNwServiceGroups, FirewallFilteringRuleNwServiceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleNwServices, FirewallFilteringRuleNwServicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleSrcIpGroups, FirewallFilteringRuleSrcIpGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleTimeWindows, FirewallFilteringRuleTimeWindowsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleUsers, FirewallFilteringRuleUsersArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
FirewallFilteringRuleWorkloadGroup, FirewallFilteringRuleWorkloadGroupArgs
FirewallFilteringRuleZpaAppSegment, FirewallFilteringRuleZpaAppSegmentArgs
- External
Id string - External ID of the application segment.
- Name string
- Name of the application segment.
- External
Id string - External ID of the application segment.
- Name string
- Name of the application segment.
- external
Id String - External ID of the application segment.
- name String
- Name of the application segment.
- external
Id string - External ID of the application segment.
- name string
- Name of the application segment.
- external_
id str - External ID of the application segment.
- name str
- Name of the application segment.
- external
Id String - External ID of the application segment.
- name String
- Name of the application segment.
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_firewall_filtering_rule can be imported by using <RULE ID>
or <RULE NAME>
as the import ID.
For example:
$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_id>
or
$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example <rule_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
zia
Terraform Provider.