zscaler.ziacloud.zia_traffic_capture_rules module – Manages ZIA Traffic Capture policy rules

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_traffic_capture_rules.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Creates, updates, or deletes Traffic Capture policy rules.

  • Traffic Capture rules control which traffic is captured for inspection.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

action

string

The action to be enforced when the traffic matches the rule criteria.

Choices:

  • "CAPTURE"

  • "SKIP"

api_key

string

A string that contains the obfuscated API key.

app_service_groups

list / elements=integer

List of application service group IDs.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

default_rule

boolean

If set to true, the default rule is applied.

Choices:

  • false

  • true

departments

list / elements=integer

List of department IDs for which the rule must be applied.

description

string

Additional information about the rule.

Maximum 10240 characters.

dest_addresses

list / elements=string

Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs.

dest_countries

list / elements=string

Destination countries. Provide ISO3166 Alpha2 codes (e.g., US, BR).

dest_ip_categories

list / elements=string

IP address categories of destination.

dest_ip_groups

list / elements=integer

List of destination IP group IDs.

device_groups

list / elements=integer

List of device group IDs (for Zscaler Client Connector managed devices).

device_trust_levels

list / elements=string

Device trust levels for the rule application.

Choices:

  • "ANY"

  • "UNKNOWN_DEVICETRUSTLEVEL"

  • "LOW_TRUST"

  • "MEDIUM_TRUST"

  • "HIGH_TRUST"

devices

list / elements=integer

List of device IDs for which the rule must be applied.

exclude_src_countries

boolean

Indicates whether source countries are excluded from the rule.

Choices:

  • false

  • true

groups

list / elements=integer

List of group IDs for which the rule must be applied.

id

integer

The unique identifier for the Traffic Capture rule.

Used to reference an existing rule for update or delete.

labels

list / elements=integer

List of label IDs applicable to the rule.

location_groups

list / elements=integer

List of location group IDs.

locations

list / elements=integer

List of location IDs for which the rule must be applied.

name

string / required

Name of the Traffic Capture policy rule.

Required for create.

nw_application_groups

list / elements=integer

List of network application group IDs.

nw_applications

list / elements=string

Network application names.

nw_service_groups

list / elements=integer

List of network service group IDs.

nw_services

list / elements=integer

List of network service IDs.

order

integer

Rule order number. If omitted, the rule will be added to the end of the rule set.

password

string

A string that contains the password for the API admin.

predefined

boolean

If set to true, a predefined rule is applied.

Choices:

  • false

  • true

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

rank

integer

Admin rank of the rule (0-7).

Default: 7

rule_state

string

Determines whether the rule is enabled or disabled.

Choices:

  • "ENABLED"

  • "DISABLED"

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

source_countries

list / elements=string

Source countries. Provide ISO3166 Alpha2 codes.

src_ip_groups

list / elements=integer

List of source IP group IDs.

src_ips

list / elements=string

User-defined source IP addresses for which the rule is applicable.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

time_windows

list / elements=integer

The time interval in which the rule applies.

txn_sampling

string

The percentage of connections sampled for capturing each time the rule is triggered.

Choices:

  • "NONE"

  • "ONE_PERCENT"

  • "TWO_PERCENT"

  • "FIVE_PERCENT"

  • "TEN_PERCENT"

  • "TWENTY_FIVE_PERCENT"

  • "HUNDRED_PERCENT"

txn_size_limit

string

The maximum size of traffic to capture per connection.

Choices:

  • "NONE"

  • "UNLIMITED"

  • "THIRTY_TWO_KB"

  • "TWO_FIFTY_SIX_KB"

  • "TWO_MB"

  • "FOUR_MB"

  • "THIRTY_TWO_MB"

  • "SIXTY_FOUR_MB"

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

users

list / elements=integer

List of user IDs for which the rule must be applied.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

workload_groups

list / elements=integer

List of preconfigured workload group IDs.

Notes

Note

  • Check mode is supported.

  • Use id or name to reference an existing rule for update/delete.

  • Deletion of predefined rules is not allowed.

Examples

- name: Create a Traffic Capture rule
  zscaler.ziacloud.zia_traffic_capture_rules:
    provider: '{{ provider }}'
    name: "Capture Rule 01"
    description: "Captures traffic for inspection"
    order: 1
    action: CAPTURE
    rule_state: ENABLED
    src_ips:
      - "192.168.1.0/24"
    dest_addresses:
      - "*.example.com"
    txn_sampling: TEN_PERCENT

- name: Update a Traffic Capture rule by ID
  zscaler.ziacloud.zia_traffic_capture_rules:
    provider: '{{ provider }}'
    id: 1254654
    name: "Capture Rule 01 Updated"
    description: "Updated description"

- name: Delete a Traffic Capture rule
  zscaler.ziacloud.zia_traffic_capture_rules:
    provider: '{{ provider }}'
    id: 1254654
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

dictionary

The Traffic Capture rule resource record.

Returned: on success

Authors

  • William Guilherme (@willguibr)