zscaler.ziacloud.zia_cloud_firewall_ips_rules module – Firewall Filtering policy IPS rule.

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_cloud_firewall_ips_rules.

New in zscaler.ziacloud 2.0.0

Synopsis 

Adds a new Firewall Filtering policy IPS rule.

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
action string	The action configured for the rule that must take place if the traffic matches the rule criteria such as allowing or blocking the traffic or bypassing the rule. Choices: `"ALLOW"` `"BLOCK_DROP"` `"BLOCK_RESET"` `"BYPASS_IPS"`
api_key string	A string that contains the obfuscated API key.
capture_pcap boolean	Indicates whether packet capture (PCAP) is enabled or not Choices: `false` `true`
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: `"zscloud"` `"zscaler"` `"zscalerone"` `"zscalertwo"` `"zscalerthree"` `"zscalerbeta"` `"zscalergov"` `"zscalerten"` `"beta"` `"production"`
departments list / elements=integer	The departments to which the Firewall Filtering policy rule applies
description string	Additional information about the rule
dest_addresses list / elements=string	List of destination IP addresses to which this rule will be applied. CIDR notation can be used for destination IP addresses.
dest_countries list / elements=string	Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a ISO3166 Alpha2 code. Visit the following site for reference https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
dest_ip_categories list / elements=string	IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.
dest_ip_groups list / elements=integer	User-defined destination IP address groups on which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
dest_ipv6_groups list / elements=integer	Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
enable_full_logging boolean	Aggregate The service groups together individual sessions based on user, rule, network service, network application and records them periodically. Full The service logs all sessions of the rule individually, except HTTPS or HTTPS. Full logging on all other rules requires the Full Logging license. Only Block rules support full logging. Choices: `false` ← (default) `true`
enabled boolean	Determines whether the Firewall Filtering policy ips rule is enabled or disabled Choices: `false` `true`
groups list / elements=integer	The groups to which the Firewall Filtering policy rule applies
id integer	Unique identifier for the Firewall Filtering policy rule
labels list / elements=integer	Labels that are applicable to the rule.
location_groups list / elements=integer	The location groups to which the Firewall Filtering policy rule applies
locations list / elements=integer	The locations to which the Firewall Filtering policy rule applies
name string / required	Name of the Firewall Filtering policy rule
order integer	Rule order number of the Firewall Filtering policy rule
password string	A string that contains the password for the API admin.
private_key string	The private key for JWT-based OAuth2 authentication.
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: `"zscloud"` `"zscaler"` `"zscalerone"` `"zscalertwo"` `"zscalerthree"` `"zscalerbeta"` `"zscalergov"` `"zscalerten"` `"beta"` `"production"`
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
rank integer	Admin rank of the Firewall Filtering policy rule Default: `7`
res_categories list / elements=string	List of destination domain categories to which the rule applies
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
source_countries list / elements=string	The list of source countries that must be included or excluded from the rule based on the excludeSrcCountries field value. If no value is set, this field is ignored during policy evaluation and the rule is applied to all source countries. Provide a ISO3166 Alpha2 code. visit the following site for reference https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
src_ip_groups list / elements=integer	User-defined source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
src_ips list / elements=string	User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
src_ipv6_groups list / elements=integer	Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default) `"absent"`
threat_categories list / elements=integer	Advanced threat categories to which the rule applies
time_windows list / elements=integer	The time interval in which the Firewall Filtering policy rule applies
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	A string that contains the email ID of the API admin.
users list / elements=integer	The users to which the Firewall Filtering policy rule applies
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.
zpa_app_segments list / elements=dictionary	The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA forwarding method.
external_id string / required	Indicates the external ID. Applicable only when this reference is of an external entity.
name string / required	The name of the Application Segment

Notes 

Note

Check mode is supported.

Examples 

- name: Create/update  firewall filtering ips rule
  zscaler.ziacloud.zia_cloud_firewall_ips_rules:
    provider: '{{ provider }}'
    state: present
    name: "Ansible_Example_Rule"
    description: "TT#1965232865"
    action: "ALLOW"
    enabled: true
    order: 1
    enable_full_logging: true
    source_countries:
      - BR
      - CA
      - US
    dest_countries:
      - BR
      - CA
      - US

Authors

William Guilherme (@willguibr)

zscaler.ziacloud.zia_cloud_firewall_ips_rules module – Firewall Filtering policy IPS rule.

Synopsis

Requirements

Parameters

Notes

Examples