zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups module – Create IP destination groups.

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups.

New in zscaler.ziacloud 1.0.0

Synopsis

  • This module allows you to create IP destination groups within the Zscaler Internet Access (ZIA) Cloud firewall.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

addresses

list / elements=string

Destination IP addresses, FQDNs, or wildcard FQDNs added to the group.

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

countries

list / elements=string

This option is available only when the attribute type is set to DSTN_OTHER

Destination IP address countries.

You can identify destinations based on the location of a server.

Supports 2-letter ISO3166 Alpha2 Country i.e BR, CA, US.

Please visit the following site for reference https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes

description

string

Additional information about the destination IP group.

id

integer

Unique identifier for the destination IP group.

ip_categories

list / elements=string

Destination IP address URL categories.

You can identify destinations based on the URL category of the domain.

There are hundreds of categories available such as ANY, NONE, SOCIAL_ADULT, OTHER_BUSINESS_AND_ECONOMY, etc.

Visit for choices https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-get.

name

string / required

Destination IP group name.

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

type

string

Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs).

Choices:

  • "DSTN_IP"

  • "DSTN_FQDN"

  • "DSTN_DOMAIN"

  • "DSTN_OTHER"

url_categories

list / elements=string

This option is available only when the attribute type is set to DSTN_OTHER

To identify destinations based on the URL category of a domain, select the required URL categories.

If no category is selected, the field remains set to Any, and the criteria will be ignored during policy evaluation.

Only custom URL categories are supported

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is supported.

Examples

- name: Create/Update/Delete ip destination group - DSTN_FQDN.
  zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups:
    provider: '{{ provider }}'
    name: "Example"
    description: "Example"
    type: "DSTN_FQDN"
    addresses: ["test1.acme.com", "test2.acme.com", "test3.acme.com"]

- name: Create/Update/Delete ip destination group - DSTN_IP by Country.
  zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups:
    provider: '{{ provider }}'
    name: "example"
    description: "example"
    type: "DSTN_IP"
    addresses: ["1.2.3.4", "1.2.3.5", "1.2.3.6"]
    countries: ["COUNTRY_CA"]

- name: Create/Update/Delete ip destination group - DSTN_IP.
  zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups:
    provider: '{{ provider }}'
    name: "Example - IP Ranges"
    description: "Example - IP Ranges"
    type: "DSTN_IP"
    addresses:
      - "3.217.228.0-3.217.231.255"
      - "3.235.112.0-3.235.119.255"
      - "52.23.61.0-52.23.62.25"
      - "35.80.88.0-35.80.95.255"

Authors

  • William Guilherme (@willguibr)