zscaler.zpacloud.zpa_application_segment module – Create an application segment in the ZPA Cloud.
Note
This module is part of the zscaler.zpacloud collection (version 1.3.1).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install zscaler.zpacloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: zscaler.zpacloud.zpa_application_segment.
New in zscaler.zpacloud 1.0.0
Synopsis
This module will create/update/delete an application segment
Requirements
The below requirements are needed on the host that executes this module.
Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/
Parameters
Parameter |
Comments |
|---|---|
Indicates whether application access during reauthentication bypasses ZPA (Enabled) or not (Disabled). This feature is only applicable for Zscaler Client Connector-specific applications. Choices:
|
|
Indicates whether users can bypass ZPA to access applications. Choices:
|
|
The ZPA API client ID generated from the ZPA console. |
|
The ZPA API client secret generated from the ZPA console. |
|
The ZPA cloud provisioned for your organization. Choices:
|
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. |
|
The description of the application resource. |
|
The list of domains and IPs. The maximum limit for domains or IPs is 2,000 applications per application segment The maximum limit for domains or IPs for the whole customer is 6,000 applications. |
|
Whether Double Encryption is enabled or disabled for the application.. Choices:
|
|
Whether this application resource is enabled or not. Choices:
|
|
health check type. Default: |
|
Whether health reporting for the app is Continuous or On Access. Supported values are NONE, ON_ACCESS, CONTINUOUS Choices:
|
|
Indicates the ICMP access type. Choices:
|
|
The unique identifier of the application resource. |
|
Indicates if Inspect Traffic with ZIA is enabled for the application When enabled, this leverages a single posture for securing internet/SaaS and private applications and applies Data Loss Prevention policies to the application segment you are creating Choices:
|
|
Whether Source IP Anchoring for use with ZIA is enabled or disabled for the application. Choices:
|
|
Indicates if the Zscaler Client Connector (formerly Zscaler App or Z App) receives CNAME DNS records from the connectors. Choices:
|
|
Indicates whether or not the disaster recovery configuration is incomplete Choices:
|
|
Indicates if Multimatch is enabled for the application segment. If enabled (INCLUSIVE), the request allows traffic to match multiple applications. If disabled (EXCLUSIVE), the request allows traffic to match a single application. A domain can only be INCLUSIVE or EXCLUSIVE, and any application segment can only contain inclusive or exclusive domains. A domain can only be INCLUSIVE or EXCLUSIVE, and any application segment can only contain inclusive or exclusive domains Choices:
|
|
The name of the application resource. |
|
Indicates if passive health checks are enabled on the application.. Choices:
|
|
A dict object containing authentication details. |
|
The ZPA API client ID generated from the ZPA console. |
|
The ZPA API client secret generated from the ZPA console. |
|
The ZPA cloud provisioned for your organization. Choices:
|
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. |
|
ID of the segment group. |
|
Whether the App Connector is closest to the application (True) or closest to the user (False). Choices:
|
|
ID of the server group. |
|
The state. Choices:
|
|
Indicates whether TCP communication sockets are enabled or disabled. Choices:
|
|
List of tcp port range pairs, e.g. [22, 22] for port 22-22, [80, 100] for 80-100. |
|
List of valid TCP ports. The application segment API supports multiple TCP and UDP port ranges. |
|
List of valid TCP ports. The application segment API supports multiple TCP and UDP port ranges. |
|
The list of TCP port ranges used to access the application |
|
List of udp port range pairs, e.g. [‘35000’, ‘35000’] for port 35000. |
|
List of valid UDP ports. The application segment API supports multiple TCP and UDP port ranges. |
|
List of valid UDP ports. The application segment API supports multiple TCP and UDP port ranges. |
|
The list of UDP port ranges used to access the application |
|
Whether or not the application resource is designated for disaster recovery Choices:
|
Notes
Note
Check mode is supported.
Examples
- name: Create/Update/Delete an application segment.
zscaler.zpacloud.zpa_application_segment:
provider: "{{ zpa_cloud }}"
name: Example Application Segment
description: Example Application Segment
enabled: true
health_reporting: ON_ACCESS
bypass_type: NEVER
is_cname_enabled: true
tcp_port_range:
- from: "80"
to: "80"
domain_names:
- crm.example.com
segment_group_id: "216196257331291896"
server_group_ids:
- "216196257331291969"