forwarding_control#

The following methods allow for interaction with the ZIA Forwarding Control Rule API endpoints.

Methods are accessible via zia.forwarding_control

class ForwardingControlAPI#

Bases: object

add_rule(name, forward_method, **kwargs)#

Adds a new forwarding control filter rule.

Parameters:

  • name (str) – Name of the rule, max 31 chars.

  • forward_method (str) – Traffic forwarding method. Options: ‘INVALID’, ‘DIRECT’, ‘PROXYCHAIN’, ‘ZIA’, ‘ZPA’, ‘ECZPA’, ‘ECSELF’, ‘DROP’.

Keyword Arguments:

  • order (str) – Rule order, defaults to bottom.

  • rank (str) – Admin rank of the rule.

  • state (str) – Rule state (‘ENABLED’ or ‘DISABLED’).

  • description (str) – Rule description.

  • src_ips (list) – Source IPs for the rule, accepts IP addresses or CIDR.

  • dest_addresses (list) – Destination IPs for the rule, accepts IP addresses or CIDR.

  • dest_ip_categories (list) – IP address categories for the rule.

  • dest_countries (list) – Destination countries for the rule.

  • enable_full_logging (bool) – If True, enables full logging.

  • nw_applications (list) – Network service applications for the rule.

  • app_services (list) – IDs for application services for the rule.

  • app_service_groups (list) – IDs for application service groups.

  • departments (list) – IDs for departments the rule applies to.

  • dest_ip_groups (list) – IDs for destination IP groups the rule applies to.

  • devices (list) – IDs for Zscaler Client Connector managed devices.

  • device_groups (list) – IDs for device groups managed by Zscaler Client Connector.

  • groups (list) – IDs for groups the rule applies to.

  • labels (list) – IDs for labels the rule applies to.

  • locations (list) – IDs for locations the rule applies to.

  • location_groups (list) – IDs for location groups the rule applies to.

  • nw_application_groups (list) – IDs for network application groups.

  • nw_services (list) – IDs for network services the rule applies to.

  • nw_service_groups (list) – IDs for network service groups the rule applies to.

  • time_windows (list) – IDs for time windows the rule applies to.

  • users (list) – IDs for users the rule applies to.

Returns:

New forwarding control filter rule resource.

Return type:

Box

Examples

Forward all traffic to Google DNS:

>>> zia.forwarding_control.add_rule(rank='7',
...    dest_addresses=['8.8.8.8', '8.8.4.4'],
...    name='FORWARD_ANY_TO_GOOG-DNS',
...    forward_method='DIRECT',
...    description='TT#1965432122')

Block all traffic to Quad9 DNS for Finance Group:

>>> zia.forwarding_control.add_rule(rank='7',
...    dest_addresses=['9.9.9.9'],
...    name='BLOCK_FIN_TO_Q9-DNS',
...    forward_method='DIRECT',
...    groups=['95016183'],
...    description='TT#1965432122')
delete_rule(rule_id)#

Deletes the specified forwarding control filter rule.

Parameters:

rule_id (str) – The unique identifier for the forwarding control filter rule.

Returns:

The status code for the operation.

Return type:

int

Examples

>>> zia.forwarding_control.delete_rule('278454')
get_rule(rule_id)#

Returns information for the specified forwarding control filter rule.

Parameters:

rule_id (str) – The unique identifier for the forwarding control filter rule.

Returns:

The resource record for the forwarding control filter rule.

Return type:

Box

Examples

>>> pprint(zia.forwarding_control.get_rule('431233'))
list_rules()#

Returns a list of all forwarding control rules.

Returns:

The list of forwarding control rules

Return type:

BoxList

Examples

>>> for rule in zia.forwarding_control.list_rules():
...    pprint(rule)
reformat_params = [('app_service_groups', 'appServiceGroups'), ('departments', 'departments'), ('devices', 'devices'), ('device_groups', 'deviceGroups'), ('dest_ip_groups', 'destIpGroups'), ('dest_ipv6_groups', 'destIpv6Groups'), ('ec_groups', 'ecGroups'), ('groups', 'groups'), ('labels', 'labels'), ('locations', 'locations'), ('location_groups', 'locationGroups'), ('nw_application_groups', 'nwApplicationGroups'), ('nw_services', 'nwServices'), ('nw_service_groups', 'nwServiceGroups'), ('proxy_gateway', 'proxyGateway'), ('src_ip_groups', 'srcIpGroups'), ('src_ipv6_groups', 'srcIpv6Groups'), ('users', 'users'), ('zpa_gateway', 'zpaGateway'), ('zpa_app_segments', 'zpaAppSegments'), ('zpa_application_segments', 'zpaApplicationSegments'), ('zpa_application_segment_groups', 'zpaApplicationSegmentGroups')]#
update_rule(rule_id, **kwargs)#

Updates an existing forwarding control filter rule.

Parameters:

  • rule_id (str) – The unique ID for the rule that is being updated.

  • **kwargs – Optional keyword args.

Keyword Arguments:

  • order (str) – The order of the rule, defaults to adding rule to bottom of list.

  • rank (str) – The admin rank of the rule.

  • state (str) – The rule state. Accepted values are ‘ENABLED’ or ‘DISABLED’.

  • description (str) – Additional information about the rule

  • src_ips (list) – The source IPs that this rule applies to. Individual IP addresses or CIDR ranges accepted.

  • dest_addresses (list) – The destination IP addresses that this rule applies to. Individual IP addresses or

  • accepted. (CIDR ranges) –

  • dest_ip_categories (list) – The IP address categories that this rule applies to.

  • dest_countries (list) – The destination countries that this rule applies to.

  • enable_full_logging (bool) – Enables full logging if True.

  • nw_applications (list) – The network service applications that this rule applies to.

  • app_services (list) – The IDs for the application services that this rule applies to.

  • app_service_groups (list) – The IDs for the application service groups that this rule applies to.

  • departments (list) – The IDs for the departments that this rule applies to.

  • dest_ip_groups (list) – The IDs for the destination IP groups that this rule applies to.

  • groups (list) – The IDs for the groups that this rule applies to.

  • labels (list) – The IDs for the labels that this rule applies to.

  • locations (list) – The IDs for the locations that this rule applies to.

  • location_groups (list) – The IDs for the location groups that this rule applies to.

  • nw_application_groups (list) – The IDs for the network application groups that this rule applies to.

  • nw_services (list) – The IDs for the network services that this rule applies to.

  • nw_service_groups (list) – The IDs for the network service groups that this rule applies to.

  • time_windows (list) – The IDs for the time windows that this rule applies to.

  • users (list) – The IDs for the users that this rule applies to.

Returns:

The updated forwarding control filter rule resource record.

Return type:

Box

Examples

Update the destination IP addresses for a rule:

>>> zia.forwarding_control.update_rule('976598',
...    dest_addresses=['1.1.1.1'],
...    description="TT#1965232865")

Update a rule description:

>>> zia.forwarding_control.update_rule('976597',
...    description="TT#1965232866")