zscaler.ziacloud.zia_forwarding_control_rule module – Forwarding Control policy rule

Note

This module is part of the zscaler.ziacloud collection (version 1.3.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_forwarding_control_rule.

New in zscaler.ziacloud 0.1.0

Synopsis

  • Adds a new Forwarding Control policy rule

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

app_service_groups

list / elements=integer

Application service groups on which this rule is applied

cloud

string

The Zscaler cloud name was provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

departments

list / elements=integer

The departments to which the Forwarding Control policy rule applies

description

string

Indicates whether the forwarding rule is enabled or disabled

dest_addresses

list / elements=string

List of destination IP addresses to which this rule will be applied.

CIDR notation can be used for destination IP addresses.

dest_countries

list / elements=string

Destination countries for which the rule is applicable.

If not set, the rule is not restricted to specific destination countries.

dest_ip_categories

list / elements=string

IP address categories of destination for which the DNAT rule is applicable.

If not set, the rule is not restricted to specific destination IP categories.

dest_ip_groups

list / elements=integer

User-defined destination IP address groups on which the rule is applied.

If not set, the rule is not restricted to a specific destination IP address group.

dest_ipv6_groups

list / elements=integer

Destination IPv6 address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IPv6 address group.

ec_groups

list / elements=integer

Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies

enabled

boolean

Determines whether the Forwarding Control policy rule is enabled or disabled

Choices:

  • false

  • true

forward_method

string

The type of traffic forwarding method selected from the available options

Choices:

  • "INVALID"

  • "DIRECT"

  • "PROXYCHAIN"

  • "ZIA"

  • "ZPA"

  • "ECZPA"

  • "ECSELF"

  • "DROP"

groups

list / elements=integer

The groups to which the Forwarding Control policy rule applies

id

integer

Unique identifier for the Forwarding Control policy rule

labels

list / elements=integer

Labels that are applicable to the rule.

location_groups

list / elements=integer

The location groups to which the Forwarding Control policy rule applies

locations

list / elements=integer

The locations to which the Forwarding Control policy rule applies

name

string / required

Name of the Forwarding Control policy rule

nw_application_groups

list / elements=integer

User-defined network service application group on which the rule is applied.

If not set, the rule is not restricted to a specific network service application group.

nw_applications

list / elements=integer

User-defined network service applications on which the rule is applied.

If not set, the rule is not restricted to a specific network service application.

nw_service_groups

list / elements=integer

User-defined network service group on which the rule is applied.

If not set, the rule is not restricted to a specific network service group.

nw_services

list / elements=integer

User-defined network services on which the rule is applied.

If not set, the rule is not restricted to a specific network service.

order

integer / required

Rule order number of the Forwarding Control policy rule

password

string

A string that contains the password for the API admin.

provider

dictionary

A dict object containing connection details. This is optional; credentials can also be provided directly at the top level.

api_key

string

A string that contains the obfuscated API key.

cloud

string

The Zscaler cloud name was provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

password

string

A string that contains the password for the API admin.

sandbox_token

string

A string that contains the Sandbox API Key.

username

string

A string that contains the email ID of the API admin.

proxy_gateway

dictionary

The proxy gateway for which the rule is applicable.

This field is applicable only for the Proxy Chaining forwarding method.

id

integer / required

The Identifier that uniquely identifies Proxy Gateway entity

name

string / required

The configured name of the Proxy Gateway entity

rank

integer

Admin rank of the Forwarding Control policy rule

Default: 7

res_categories

list / elements=string

List of destination domain categories to which the rule applies

sandbox_token

string

A string that contains the Sandbox API Key.

src_ip_groups

list / elements=integer

User-defined source IP address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IP address group.

src_ips

list / elements=string

User-defined source IP addresses for which the rule is applicable.

If not set, the rule is not restricted to a specific source IP address.

src_ipv6_groups

list / elements=integer

Source IPv6 address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IPv6 address group.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

type

string

The rule type selected from the available options

Choices:

  • "FIREWALL"

  • "DNS"

  • "DNAT"

  • "SNAT"

  • "FORWARDING"

  • "INTRUSION_PREVENTION"

  • "EC_DNS"

  • "EC_RDR"

  • "EC_SELF"

  • "DNS_RESPONSE"

username

string

A string that contains the email ID of the API admin.

users

list / elements=integer

The users to which the Forwarding Control policy rule applies

zpa_app_segments

list / elements=dictionary

The list of ZPA Application Segments for which this rule is applicable.

This field is applicable only for the ZPA forwarding method.

external_id

string / required

Indicates the external ID. Applicable only when this reference is of an external entity.

name

string / required

The name of the Application Segment

zpa_application_segment_groups

list / elements=dictionary

List of ZPA Application Segment Groups for which this rule is applicable.

This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).

id

integer / required

A unique identifier assigned to the Application Segment Group

name

string / required

The name of the Application Segment Group

zpa_application_segments

list / elements=dictionary

List of ZPA Application Segments for which this rule is applicable.

This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).

id

integer / required

A unique identifier assigned to the Application Segment

name

string / required

The name of the Application Segment

zpa_gateway

dictionary

The ZPA Server Group for which this rule is applicable.

Only the Server Groups that are associated with the selected Application Segments are allowed.

This field is applicable only for the ZPA forwarding method.

id

integer / required

The Identifier that uniquely identifies the ZPA Gateway entity

name

string / required

The configured name of the ZPA Gateway entity

Notes

Note

  • Check mode is supported.

Examples

- name: Create/Update Forwarding Control DIRECT Forward Method
  zscaler.ziacloud.zia_forwarding_control_rule:
    provider: '{{ provider }}'
    name: 'Example'
    description: 'TT#1965232865'
    type: 'FORWARDING'
    forward_method: 'DIRECT'
    enabled: true
    order: 1
    zpa_gateway:
      - id: 2590247
        name: 'ZPA_GW01'

- name: Create/Update Forwarding Control ZPA Forward Method
  zscaler.ziacloud.zia_forwarding_control_rule:
    provider: '{{ provider }}'
    name: 'Example'
    description: 'TT#1965232865'
    type: 'FORWARDING'
    forward_method: 'ZPA'
    enabled: true
    order: 1
    zpa_app_segments:
      - external_id: "216199618143393478"
        name: Example300
      - external_id: "216199618143393479"
        name: Example400
    zpa_gateway:
      - id: 2590247
        name: 'ZPA_GW01'

Authors

  • William Guilherme (@willguibr)