zscaler.ziacloud.zia_cloud_firewall_ips_rules_info module – Retrieves the list of IPS Control policy rules

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_cloud_firewall_ips_rules_info.

New in zscaler.ziacloud 2.0.0

Synopsis

  • Retrieves the list of IPS Control policy rules

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

id

integer

Unique identifier generated for the rule

name

string

The name of the IPS Control rule

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is not supported.

Examples

- name: Gather Information Details of all ZIA Cloud Firewall IPS Rule
  zscaler.ziacloud.zia_cloud_firewall_ips_rules_info:
    provider: '{{ provider }}'

- name: Gather Information Details of a ZIA Cloud Firewall IPS Rule by ID
  zscaler.ziacloud.zia_cloud_firewall_ips_rules_info:
    provider: '{{ provider }}'
    id: 123445

- name: Gather Information Details of a ZIA Cloud Firewall IPS Rule by Name
  zscaler.ziacloud.zia_cloud_firewall_ips_rules_info:
    provider: '{{ provider }}'
    name: "Example"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

rules

list / elements=dictionary

Details of the ZIA Cloud Firewall IPS Rules.

Returned: always

action

string

Action taken when the rule is triggered.

Returned: success

Sample: "ALLOW"

capture_p_c_a_p

boolean

Indicates if packet capture (PCAP) is enabled for the rule.

Returned: success

Sample: false

default_rule

boolean

Indicates if this is a default system rule.

Returned: success

Sample: false

departments

list / elements=dictionary

List of departments applicable to the rule.

Returned: success

id

integer

ID of the department.

Returned: success

Sample: 99364434

name

string

Name of the department.

Returned: success

Sample: "A000"

description

string

Description of the firewall rule.

Returned: success

Sample: "Sample Rule01"

dest_addresses

list / elements=string

List of destination IP addresses applicable to the rule.

Returned: success

Sample: ["10.0.0.1", "10.0.0.2"]

dest_countries

list / elements=string

List of destination countries applicable to the rule.

Returned: success

Sample: ["COUNTRY_CA"]

device_trust_levels

list / elements=string

List of device trust levels applicable to the rule.

Returned: success

Sample: ["UNKNOWN_DEVICETRUSTLEVEL", "LOW_TRUST", "MEDIUM_TRUST", "HIGH_TRUST"]

enable_full_logging

boolean

Indicates if full logging is enabled for the rule.

Returned: success

Sample: false

exclude_src_countries

boolean

Indicates if source countries are excluded in the rule.

Returned: success

Sample: false

groups

list / elements=dictionary

List of groups applicable to the rule.

Returned: success

id

integer

ID of the group.

Returned: success

Sample: 76662385

name

string

Name of the group.

Returned: success

Sample: "A000"

id

integer

Unique identifier for the firewall rule.

Returned: success

Sample: 1203355

name

string

Name of the firewall rule.

Returned: success

Sample: "Sample_Rule01"

order

integer

The order in which the rule is applied relative to other rules.

Returned: success

Sample: 4

rank

integer

Priority of the rule.

Returned: success

Sample: 7

src_ips

list / elements=string

List of source IP addresses applicable to the rule.

Returned: success

Sample: ["192.168.1.1", "192.168.1.2", "192.168.1.3"]

state

string

State of the firewall rule, whether it is enabled or disabled.

Returned: success

Sample: "ENABLED"

Authors

  • William Guilherme (@willguibr)