zscaler.ziacloud.zia_advanced_settings_info module – Gets information about the advanced settings configured in the ZIA Admin Portal

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_advanced_settings_info.

New in zscaler.ziacloud 2.0.0

Synopsis

  • Gets information about the advanced settings configured in the ZIA Admin Portal

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is not supported.

Examples

- name: Gets information about the advanced settings
  zscaler.ziacloud.zia_advanced_settings_info:
    provider: '{{ provider }}'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

advanced_settings

dictionary

Advanced settings configured in the ZIA Admin Portal.

Returned: always

auth_bypass_apps

list / elements=string

Cloud applications that are exempted from cookie authentication

Returned: always

auth_bypass_url_categories

list / elements=string

URL categories that are exempted from cookie authentication

Returned: always

auth_bypass_urls

list / elements=string

Custom URLs that are exempted from cookie authentication for users

Returned: always

basic_bypass_apps

list / elements=string

Cloud applications that are exempted from Basic authentication

Returned: always

basic_bypass_url_categories

list / elements=string

URL categories that are exempted from Basic authentication

Returned: always

block_connect_host_sni_mismatch

boolean

Block mismatches between CONNECT host and SNI in TLS

Returned: always

block_domain_fronting_apps

list / elements=string

Applications that are exempted from domain fronting

Returned: always

block_domain_fronting_on_host_header

boolean

Block domain fronting based on FQDN mismatch

Returned: always

block_http_tunnel_on_non_http_ports

boolean

Block HTTP CONNECT method requests to non-standard ports

Returned: always

block_non_compliant_http_request_on_http_ports

boolean

Block non-compliant HTTP protocol requests

Returned: always

block_non_http_on_http_port_enabled

boolean

Block non-HTTP traffic on ports 80 and 443

Returned: always

cascade_url_filtering

boolean

Apply URL Filtering policy even when Cloud App Control allows transaction

Returned: always

digest_auth_bypass_apps

list / elements=string

Cloud applications that are exempted from Digest authentication

Returned: always

digest_auth_bypass_url_categories

list / elements=string

URL categories that are exempted from Digest authentication

Returned: always

digest_auth_bypass_urls

list / elements=string

Custom URLs that are exempted from Digest authentication

Returned: always

dns_resolution_on_transparent_proxy_apps

list / elements=string

Cloud applications to which DNS optimization on transparent proxy mode applies

Returned: always

dns_resolution_on_transparent_proxy_exempt_apps

list / elements=string

Cloud applications that are excluded from DNS optimization on transparent proxy mode

Returned: always

dns_resolution_on_transparent_proxy_exempt_url_categories

list / elements=string

URL categories that are excluded from DNS optimization on transparent proxy mode

Returned: always

dns_resolution_on_transparent_proxy_exempt_urls

list / elements=string

URLs that are excluded from DNS optimization on transparent proxy mode

Returned: always

dns_resolution_on_transparent_proxy_ipv6_apps

list / elements=string

Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies

Returned: always

dns_resolution_on_transparent_proxy_ipv6_exempt_apps

list / elements=string

Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode

Returned: always

dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories

list / elements=string

IPv6 URL categories that are excluded from DNS optimization on transparent proxy mode

Returned: always

dns_resolution_on_transparent_proxy_ipv6_url_categories

list / elements=string

IPv6 URL categories to which DNS optimization on transparent proxy mode applies

Returned: always

dns_resolution_on_transparent_proxy_url_categories

list / elements=string

URL categories to which DNS optimization on transparent proxy mode applies

Returned: always

dns_resolution_on_transparent_proxy_urls

list / elements=string

URLs to which DNS optimization on transparent proxy mode applies

Returned: always

domain_fronting_bypass_url_categories

list / elements=string

URL categories that are exempted from domain fronting

Returned: always

dynamic_user_risk_enabled

boolean

Dynamically update user risk score in real time

Returned: always

ecs_for_all_enabled

boolean

Include ECS option in all DNS queries for all users/locations

Returned: always

enable_admin_rank_access

boolean

Enable admin rank-based policy control

Returned: always

enable_dns_resolution_on_transparent_proxy

boolean

Enable DNS optimization for transparent proxy traffic

Returned: always

enable_evaluate_policy_on_global_ssl_bypass

boolean

Enable policy evaluation on globally bypassed SSL traffic

Returned: always

enable_ipv6_dns_optimization_on_all_transparent_proxy

boolean

Enable DNS optimization for all IPv6 transparent proxy traffic

Returned: always

enable_ipv6_dns_resolution_on_transparent_proxy

boolean

Enable IPv6 DNS optimization for Z-Tunnel 2.0/transparent proxy

Returned: always

enable_office365

boolean

Indicates whether Microsoft Office 365 One Click Configuration is enabled

Returned: always

enable_policy_for_unauthenticated_traffic

boolean

Apply policies for unauthenticated traffic

Returned: always

enforce_surrogate_ip_for_windows_app

boolean

Enforce Surrogate IP authentication for Windows app traffic

Returned: always

http2_nonbrowser_traffic_enabled

boolean

Use HTTP/2 as the default web protocol for non-browser apps

Returned: always

http_range_header_remove_url_categories

list / elements=string

URL categories for which HTTP range headers must be removed

Returned: always

kerberos_bypass_apps

list / elements=string

Cloud applications that are exempted from Kerberos authentication

Returned: always

kerberos_bypass_url_categories

list / elements=string

URL categories that are exempted from Kerberos authentication

Returned: always

kerberos_bypass_urls

list / elements=string

Custom URLs that are exempted from Kerberos authentication

Returned: always

log_internal_ip

boolean

Indicates whether to log internal IP addresses in XFF headers

Returned: always

prefer_sni_over_conn_host

boolean

Use TLS SNI instead of CONNECT host for DNS resolution

Returned: always

prefer_sni_over_conn_host_apps

list / elements=string

Applications that are exempted from the preferSniOverConnHost setting

Returned: always

sipa_xff_header_enabled

boolean

Insert XFF header to traffic forwarded from ZIA to ZPA

Returned: always

sni_dns_optimization_bypass_url_categories

list / elements=string

URL categories that are excluded from the preferSniOverConnHost setting

Returned: always

track_http_tunnel_on_http_ports

boolean

Apply policies on tunneled HTTP traffic using CONNECT on port 80

Returned: always

ui_session_timeout

integer

Admin Portal login session timeout (seconds)

Returned: always

zscaler_client_connector1_and_pac_road_warrior_in_firewall

boolean

Apply firewall rules for PAC/Z-Tunnel 1.0 traffic

Returned: always

Authors

  • William Guilherme (@willguibr)