import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * The zia_firewall_ips_rule resource manages firewall IPS (Intrusion Prevention System) rules in the Zscaler Internet Access (ZIA) cloud service. IPS rules allow you to detect and prevent network intrusions by inspecting traffic for known threat signatures and anomalous patterns. * * For more information, see the [ZIA IPS Control Policies documentation](https://help.zscaler.com/zia/ips-control-policies). * * ## Example Usage * ### Basic Firewall IPS Rule * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.FirewallIPSRule("example", { * name: "Example IPS Rule", * description: "Block intrusion attempts", * order: 1, * state: "ENABLED", * action: "BLOCK_DROP", * }); * ``` * * ## Import * * An existing Firewall IPS Rule can be imported using its resource ID, e.g. * * ```sh * $ pulumi import zia:index:FirewallIPSRule example 12345 * ``` */ export declare class FirewallIPSRule extends pulumi.CustomResource { /** * Get an existing FirewallIPSRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): FirewallIPSRule; /** * Returns true if the given object is an instance of FirewallIPSRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallIPSRule; /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`. */ readonly action: pulumi.Output; /** * If set to true, enables packet capture (PCAP) for the rule. */ readonly capturePcap: pulumi.Output; /** * Indicates whether this is the default firewall IPS rule. */ readonly defaultRule: pulumi.Output; /** * IDs of departments to which the rule must be applied. */ readonly departments: pulumi.Output; /** * Additional information about the firewall IPS rule. */ readonly description: pulumi.Output; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ readonly destAddresses: pulumi.Output; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly destCountries: pulumi.Output; /** * Destination IP address URL categories for the rule. */ readonly destIpCategories: pulumi.Output; /** * IDs of destination IP address groups for the rule. */ readonly destIpGroups: pulumi.Output; /** * IDs of destination IPv6 address groups for the rule. */ readonly destIpv6Groups: pulumi.Output; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ readonly deviceGroups: pulumi.Output; /** * IDs of devices for which the rule must be applied. */ readonly devices: pulumi.Output; /** * If set to true, enables full logging for the rule. */ readonly enableFullLogging: pulumi.Output; /** * The ID of the end user notification template associated with the rule. */ readonly eunTemplateId: pulumi.Output; /** * IDs of groups to which the rule must be applied. */ readonly groups: pulumi.Output; /** * If set to true, enables end user notification for the rule. */ readonly isEunEnabled: pulumi.Output; /** * IDs of labels associated with the rule. */ readonly labels: pulumi.Output; /** * IDs of location groups to which the rule must be applied. */ readonly locationGroups: pulumi.Output; /** * IDs of locations to which the rule must be applied. */ readonly locations: pulumi.Output; /** * The name of the firewall IPS rule. Must be unique. */ readonly name: pulumi.Output; /** * IDs of network service groups to which the rule applies. */ readonly nwServiceGroups: pulumi.Output; /** * IDs of network services to which the rule applies. */ readonly nwServices: pulumi.Output; /** * The order of execution of the rule with respect to other firewall IPS rules. */ readonly order: pulumi.Output; /** * Indicates whether this is a predefined rule. */ readonly predefined: pulumi.Output; /** * Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7. */ readonly rank: pulumi.Output; /** * URL categories that apply to the response for the rule. */ readonly resCategories: pulumi.Output; /** * The system-generated ID of the firewall IPS rule. */ readonly ruleId: pulumi.Output; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly sourceCountries: pulumi.Output; /** * IDs of source IP address groups for the rule. */ readonly srcIpGroups: pulumi.Output; /** * Source IP addresses or CIDR ranges for the rule. */ readonly srcIps: pulumi.Output; /** * IDs of source IPv6 address groups for the rule. */ readonly srcIpv6Groups: pulumi.Output; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * IDs of threat categories to which the rule applies. */ readonly threatCategories: pulumi.Output; /** * IDs of time intervals during which the rule must be enforced. */ readonly timeWindows: pulumi.Output; /** * IDs of users to which the rule must be applied. */ readonly users: pulumi.Output; /** * List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method. */ readonly zpaAppSegments: pulumi.Output; /** * Create a FirewallIPSRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallIPSRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a FirewallIPSRule resource. */ export interface FirewallIPSRuleArgs { /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`. */ action?: pulumi.Input; /** * If set to true, enables packet capture (PCAP) for the rule. */ capturePcap?: pulumi.Input; /** * Indicates whether this is the default firewall IPS rule. */ defaultRule?: pulumi.Input; /** * IDs of departments to which the rule must be applied. */ departments?: pulumi.Input[] | undefined>; /** * Additional information about the firewall IPS rule. */ description?: pulumi.Input; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ destAddresses?: pulumi.Input[] | undefined>; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ destCountries?: pulumi.Input[] | undefined>; /** * Destination IP address URL categories for the rule. */ destIpCategories?: pulumi.Input[] | undefined>; /** * IDs of destination IP address groups for the rule. */ destIpGroups?: pulumi.Input[] | undefined>; /** * IDs of destination IPv6 address groups for the rule. */ destIpv6Groups?: pulumi.Input[] | undefined>; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input[] | undefined>; /** * IDs of devices for which the rule must be applied. */ devices?: pulumi.Input[] | undefined>; /** * If set to true, enables full logging for the rule. */ enableFullLogging?: pulumi.Input; /** * The ID of the end user notification template associated with the rule. */ eunTemplateId?: pulumi.Input; /** * IDs of groups to which the rule must be applied. */ groups?: pulumi.Input[] | undefined>; /** * If set to true, enables end user notification for the rule. */ isEunEnabled?: pulumi.Input; /** * IDs of labels associated with the rule. */ labels?: pulumi.Input[] | undefined>; /** * IDs of location groups to which the rule must be applied. */ locationGroups?: pulumi.Input[] | undefined>; /** * IDs of locations to which the rule must be applied. */ locations?: pulumi.Input[] | undefined>; /** * The name of the firewall IPS rule. Must be unique. */ name: pulumi.Input; /** * IDs of network service groups to which the rule applies. */ nwServiceGroups?: pulumi.Input[] | undefined>; /** * IDs of network services to which the rule applies. */ nwServices?: pulumi.Input[] | undefined>; /** * The order of execution of the rule with respect to other firewall IPS rules. */ order: pulumi.Input; /** * Indicates whether this is a predefined rule. */ predefined?: pulumi.Input; /** * Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7. */ rank?: pulumi.Input; /** * URL categories that apply to the response for the rule. */ resCategories?: pulumi.Input[] | undefined>; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ sourceCountries?: pulumi.Input[] | undefined>; /** * IDs of source IP address groups for the rule. */ srcIpGroups?: pulumi.Input[] | undefined>; /** * Source IP addresses or CIDR ranges for the rule. */ srcIps?: pulumi.Input[] | undefined>; /** * IDs of source IPv6 address groups for the rule. */ srcIpv6Groups?: pulumi.Input[] | undefined>; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * IDs of threat categories to which the rule applies. */ threatCategories?: pulumi.Input[] | undefined>; /** * IDs of time intervals during which the rule must be enforced. */ timeWindows?: pulumi.Input[] | undefined>; /** * IDs of users to which the rule must be applied. */ users?: pulumi.Input[] | undefined>; /** * List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method. */ zpaAppSegments?: pulumi.Input[] | undefined>; } //# sourceMappingURL=firewallIPSRule.d.ts.map