zscaler.ziacloud.zia_nat_control_policy module – Adds a new NAT Control Rule

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_nat_control_policy.

New in zscaler.ziacloud 2.0.0

Synopsis

  • Adds a new NAT Control Rule

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

departments

list / elements=integer

The departments to which the NAT Control Rule applies

description

string

Additional information about the rule

dest_addresses

list / elements=string

List of destination IP addresses to which this rule will be applied.

CIDR notation can be used for destination IP addresses.

dest_countries

list / elements=string

Destination countries for which the rule is applicable.

If not set, the rule is not restricted to specific destination countries.

Provide a ISO3166 Alpha2 code. Visit the following site for reference https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes

dest_ip_categories

list / elements=string

IP address categories of destination for which the DNAT rule is applicable.

If not set, the rule is not restricted to specific destination IP categories.

dest_ip_groups

list / elements=integer

User-defined destination IP address groups on which the rule is applied.

If not set, the rule is not restricted to a specific destination IP address group.

dest_ipv6_groups

list / elements=integer

Destination IPv6 address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IPv6 address group.

enabled

boolean

Determines whether the Firewall Filtering policy ips rule is enabled or disabled

Choices:

  • false

  • true

groups

list / elements=integer

The groups to which the NAT Control Rule applies

id

integer

Unique identifier for the NAT Control Rule

labels

list / elements=integer

Labels that are applicable to the rule.

location_groups

list / elements=integer

The location groups to which the NAT Control Rule applies

locations

list / elements=integer

The locations to which the NAT Control Rule applies

name

string / required

Name of the NAT Control Rule

nw_service_groups

list / elements=integer

User-defined network service group on which the rule is applied.

If not set, the rule is not restricted to a specific network service group.

nw_services

list / elements=integer

User-defined network services on which the rule is applied.

If not set, the rule is not restricted to a specific network service.

order

integer

Rule order number of the NAT Control Rule

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

rank

integer

Admin rank of the NAT Control Rule

Default: 7

redirect_fqdn

string

FQDN to which the traffic is redirected to when the DNAT rule is triggered

redirect_ip

string

IP address to which the traffic is redirected to when the DNAT rule is triggered

redirect_port

integer

Port to which the traffic is redirected to when the DNAT rule is triggered

res_categories

list / elements=string

List of destination domain categories to which the rule applies

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

src_ip_groups

list / elements=integer

User-defined source IP address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IP address group.

src_ips

list / elements=string

User-defined source IP addresses for which the rule is applicable.

If not set, the rule is not restricted to a specific source IP address.

src_ipv6_groups

list / elements=integer

Source IPv6 address groups for which the rule is applicable.

If not set, the rule is not restricted to a specific source IPv6 address group.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

time_windows

list / elements=integer

The time interval in which the NAT Control Rule applies

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

users

list / elements=integer

The users to which the NAT Control Rule applies

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is supported.

Examples

- name: Create/update NAT Control Rule
  zscaler.ziacloud.zia_nat_control_policy:
    provider: '{{ provider }}'
    state: present
    name: "Ansible_Example_Rule"
    description: "TT#1965232865"
    enabled: true
    order: 1
    redirect_ip: '1.1.1.1'
    redirect_port: '2000'
    src_ips:
      - 192.168.100.0/24
      - 192.168.200.1
    dest_addresses:
      - 3.217.228.0-3.217.231.255
      - 3.235.112.0-3.235.119.255
      - 35.80.88.0-35.80.95.255
      - server1.acme.com
      - '*.acme.com'
    dest_countries:
      - BR
      - CA
      - US

Authors

  • William Guilherme (@willguibr)