Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler
Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler
The zia_traffic_capture_rules resource allows the creation and management of ZIA traffic capture rules in the Zscaler Internet Access.
Example Usage
data "zia_firewall_filtering_network_service" "zscaler_proxy_nw_services" {
name = "ZSCALER_PROXY_NW_SERVICES"
}
data "zia_department_management" "engineering" {
name = "Engineering"
}
data "zia_group_management" "normal_internet" {
name = "Normal_Internet"
}
data "zia_firewall_filtering_time_window" "work_hours" {
name = "Work hours"
}
resource "zia_traffic_capture_rules" "example" {
name = "Example Traffic Capture Rule"
description = "Example traffic capture rule for engineering department"
action = "ALLOW"
state = "ENABLED"
order = 1
enable_full_logging = true
txn_size_limit = "UNLIMITED"
txn_sampling = "HUNDRED_PERCENT"
nw_services {
id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]
}
departments {
id = [ data.zia_department_management.engineering.id ]
}
groups {
id = [ data.zia_group_management.normal_internet.id ]
}
time_windows {
id = [ data.zia_firewall_filtering_time_window.work_hours.id ]
}
}
Create TrafficCaptureRules Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TrafficCaptureRules(name: string, args: TrafficCaptureRulesArgs, opts?: CustomResourceOptions);@overload
def TrafficCaptureRules(resource_name: str,
args: TrafficCaptureRulesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TrafficCaptureRules(resource_name: str,
opts: Optional[ResourceOptions] = None,
order: Optional[int] = None,
name: Optional[str] = None,
nw_applications: Optional[Sequence[str]] = None,
departments: Optional[TrafficCaptureRulesDepartmentsArgs] = None,
description: Optional[str] = None,
dest_addresses: Optional[Sequence[str]] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[TrafficCaptureRulesDestIpGroupsArgs] = None,
nw_application_groups: Optional[TrafficCaptureRulesNwApplicationGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[TrafficCaptureRulesDevicesArgs] = None,
groups: Optional[TrafficCaptureRulesGroupsArgs] = None,
labels: Optional[TrafficCaptureRulesLabelsArgs] = None,
location_groups: Optional[TrafficCaptureRulesLocationGroupsArgs] = None,
default_rule: Optional[bool] = None,
locations: Optional[TrafficCaptureRulesLocationsArgs] = None,
device_groups: Optional[TrafficCaptureRulesDeviceGroupsArgs] = None,
action: Optional[str] = None,
nw_service_groups: Optional[TrafficCaptureRulesNwServiceGroupsArgs] = None,
nw_services: Optional[TrafficCaptureRulesNwServicesArgs] = None,
app_service_groups: Optional[TrafficCaptureRulesAppServiceGroupsArgs] = None,
predefined: Optional[bool] = None,
rank: Optional[int] = None,
source_countries: Optional[Sequence[str]] = None,
src_ip_groups: Optional[TrafficCaptureRulesSrcIpGroupsArgs] = None,
src_ips: Optional[Sequence[str]] = None,
state: Optional[str] = None,
time_windows: Optional[TrafficCaptureRulesTimeWindowsArgs] = None,
txn_sampling: Optional[str] = None,
txn_size_limit: Optional[str] = None,
users: Optional[TrafficCaptureRulesUsersArgs] = None,
workload_groups: Optional[Sequence[TrafficCaptureRulesWorkloadGroupArgs]] = None)func NewTrafficCaptureRules(ctx *Context, name string, args TrafficCaptureRulesArgs, opts ...ResourceOption) (*TrafficCaptureRules, error)public TrafficCaptureRules(string name, TrafficCaptureRulesArgs args, CustomResourceOptions? opts = null)
public TrafficCaptureRules(String name, TrafficCaptureRulesArgs args)
public TrafficCaptureRules(String name, TrafficCaptureRulesArgs args, CustomResourceOptions options)
type: zia:TrafficCaptureRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TrafficCaptureRulesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TrafficCaptureRulesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TrafficCaptureRulesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TrafficCaptureRulesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TrafficCaptureRulesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var trafficCaptureRulesResource = new Zia.TrafficCaptureRules("trafficCaptureRulesResource", new()
{
Order = 0,
Name = "string",
NwApplications = new[]
{
"string",
},
Departments = new Zia.Inputs.TrafficCaptureRulesDepartmentsArgs
{
Ids = new[]
{
0,
},
},
Description = "string",
DestAddresses = new[]
{
"string",
},
DestCountries = new[]
{
"string",
},
DestIpCategories = new[]
{
"string",
},
DestIpGroups = new Zia.Inputs.TrafficCaptureRulesDestIpGroupsArgs
{
Ids = new[]
{
0,
},
},
NwApplicationGroups = new Zia.Inputs.TrafficCaptureRulesNwApplicationGroupsArgs
{
Ids = new[]
{
0,
},
},
DeviceTrustLevels = new[]
{
"string",
},
Devices = new Zia.Inputs.TrafficCaptureRulesDevicesArgs
{
Ids = new[]
{
0,
},
},
Groups = new Zia.Inputs.TrafficCaptureRulesGroupsArgs
{
Ids = new[]
{
0,
},
},
Labels = new Zia.Inputs.TrafficCaptureRulesLabelsArgs
{
Id = 0,
},
LocationGroups = new Zia.Inputs.TrafficCaptureRulesLocationGroupsArgs
{
Ids = new[]
{
0,
},
},
DefaultRule = false,
Locations = new Zia.Inputs.TrafficCaptureRulesLocationsArgs
{
Ids = new[]
{
0,
},
},
DeviceGroups = new Zia.Inputs.TrafficCaptureRulesDeviceGroupsArgs
{
Ids = new[]
{
0,
},
},
Action = "string",
NwServiceGroups = new Zia.Inputs.TrafficCaptureRulesNwServiceGroupsArgs
{
Ids = new[]
{
0,
},
},
NwServices = new Zia.Inputs.TrafficCaptureRulesNwServicesArgs
{
Ids = new[]
{
0,
},
},
AppServiceGroups = new Zia.Inputs.TrafficCaptureRulesAppServiceGroupsArgs
{
Ids = new[]
{
0,
},
},
Predefined = false,
Rank = 0,
SourceCountries = new[]
{
"string",
},
SrcIpGroups = new Zia.Inputs.TrafficCaptureRulesSrcIpGroupsArgs
{
Ids = new[]
{
0,
},
},
SrcIps = new[]
{
"string",
},
State = "string",
TimeWindows = new Zia.Inputs.TrafficCaptureRulesTimeWindowsArgs
{
Ids = new[]
{
0,
},
},
TxnSampling = "string",
TxnSizeLimit = "string",
Users = new Zia.Inputs.TrafficCaptureRulesUsersArgs
{
Ids = new[]
{
0,
},
},
WorkloadGroups = new[]
{
new Zia.Inputs.TrafficCaptureRulesWorkloadGroupArgs
{
Id = 0,
Name = "string",
},
},
});
example, err := zia.NewTrafficCaptureRules(ctx, "trafficCaptureRulesResource", &zia.TrafficCaptureRulesArgs{
Order: pulumi.Int(0),
Name: pulumi.String("string"),
NwApplications: pulumi.StringArray{
pulumi.String("string"),
},
Departments: &zia.TrafficCaptureRulesDepartmentsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Description: pulumi.String("string"),
DestAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestCountries: pulumi.StringArray{
pulumi.String("string"),
},
DestIpCategories: pulumi.StringArray{
pulumi.String("string"),
},
DestIpGroups: &zia.TrafficCaptureRulesDestIpGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
NwApplicationGroups: &zia.TrafficCaptureRulesNwApplicationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DeviceTrustLevels: pulumi.StringArray{
pulumi.String("string"),
},
Devices: &zia.TrafficCaptureRulesDevicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Groups: &zia.TrafficCaptureRulesGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Labels: &zia.TrafficCaptureRulesLabelsArgs{
Id: pulumi.Int(0),
},
LocationGroups: &zia.TrafficCaptureRulesLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DefaultRule: pulumi.Bool(false),
Locations: &zia.TrafficCaptureRulesLocationsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
DeviceGroups: &zia.TrafficCaptureRulesDeviceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Action: pulumi.String("string"),
NwServiceGroups: &zia.TrafficCaptureRulesNwServiceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
NwServices: &zia.TrafficCaptureRulesNwServicesArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
AppServiceGroups: &zia.TrafficCaptureRulesAppServiceGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Predefined: pulumi.Bool(false),
Rank: pulumi.Int(0),
SourceCountries: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpGroups: &zia.TrafficCaptureRulesSrcIpGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
SrcIps: pulumi.StringArray{
pulumi.String("string"),
},
State: pulumi.String("string"),
TimeWindows: &zia.TrafficCaptureRulesTimeWindowsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
TxnSampling: pulumi.String("string"),
TxnSizeLimit: pulumi.String("string"),
Users: &zia.TrafficCaptureRulesUsersArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
WorkloadGroups: zia.TrafficCaptureRulesWorkloadGroupArray{
&zia.TrafficCaptureRulesWorkloadGroupArgs{
Id: pulumi.Int(0),
Name: pulumi.String("string"),
},
},
})
var trafficCaptureRulesResource = new TrafficCaptureRules("trafficCaptureRulesResource", TrafficCaptureRulesArgs.builder()
.order(0)
.name("string")
.nwApplications("string")
.departments(TrafficCaptureRulesDepartmentsArgs.builder()
.ids(0)
.build())
.description("string")
.destAddresses("string")
.destCountries("string")
.destIpCategories("string")
.destIpGroups(TrafficCaptureRulesDestIpGroupsArgs.builder()
.ids(0)
.build())
.nwApplicationGroups(TrafficCaptureRulesNwApplicationGroupsArgs.builder()
.ids(0)
.build())
.deviceTrustLevels("string")
.devices(TrafficCaptureRulesDevicesArgs.builder()
.ids(0)
.build())
.groups(TrafficCaptureRulesGroupsArgs.builder()
.ids(0)
.build())
.labels(TrafficCaptureRulesLabelsArgs.builder()
.id(0)
.build())
.locationGroups(TrafficCaptureRulesLocationGroupsArgs.builder()
.ids(0)
.build())
.defaultRule(false)
.locations(TrafficCaptureRulesLocationsArgs.builder()
.ids(0)
.build())
.deviceGroups(TrafficCaptureRulesDeviceGroupsArgs.builder()
.ids(0)
.build())
.action("string")
.nwServiceGroups(TrafficCaptureRulesNwServiceGroupsArgs.builder()
.ids(0)
.build())
.nwServices(TrafficCaptureRulesNwServicesArgs.builder()
.ids(0)
.build())
.appServiceGroups(TrafficCaptureRulesAppServiceGroupsArgs.builder()
.ids(0)
.build())
.predefined(false)
.rank(0)
.sourceCountries("string")
.srcIpGroups(TrafficCaptureRulesSrcIpGroupsArgs.builder()
.ids(0)
.build())
.srcIps("string")
.state("string")
.timeWindows(TrafficCaptureRulesTimeWindowsArgs.builder()
.ids(0)
.build())
.txnSampling("string")
.txnSizeLimit("string")
.users(TrafficCaptureRulesUsersArgs.builder()
.ids(0)
.build())
.workloadGroups(TrafficCaptureRulesWorkloadGroupArgs.builder()
.id(0)
.name("string")
.build())
.build());
traffic_capture_rules_resource = zia.TrafficCaptureRules("trafficCaptureRulesResource",
order=0,
name="string",
nw_applications=["string"],
departments={
"ids": [0],
},
description="string",
dest_addresses=["string"],
dest_countries=["string"],
dest_ip_categories=["string"],
dest_ip_groups={
"ids": [0],
},
nw_application_groups={
"ids": [0],
},
device_trust_levels=["string"],
devices={
"ids": [0],
},
groups={
"ids": [0],
},
labels={
"id": 0,
},
location_groups={
"ids": [0],
},
default_rule=False,
locations={
"ids": [0],
},
device_groups={
"ids": [0],
},
action="string",
nw_service_groups={
"ids": [0],
},
nw_services={
"ids": [0],
},
app_service_groups={
"ids": [0],
},
predefined=False,
rank=0,
source_countries=["string"],
src_ip_groups={
"ids": [0],
},
src_ips=["string"],
state="string",
time_windows={
"ids": [0],
},
txn_sampling="string",
txn_size_limit="string",
users={
"ids": [0],
},
workload_groups=[{
"id": 0,
"name": "string",
}])
const trafficCaptureRulesResource = new zia.TrafficCaptureRules("trafficCaptureRulesResource", {
order: 0,
name: "string",
nwApplications: ["string"],
departments: {
ids: [0],
},
description: "string",
destAddresses: ["string"],
destCountries: ["string"],
destIpCategories: ["string"],
destIpGroups: {
ids: [0],
},
nwApplicationGroups: {
ids: [0],
},
deviceTrustLevels: ["string"],
devices: {
ids: [0],
},
groups: {
ids: [0],
},
labels: {
id: 0,
},
locationGroups: {
ids: [0],
},
defaultRule: false,
locations: {
ids: [0],
},
deviceGroups: {
ids: [0],
},
action: "string",
nwServiceGroups: {
ids: [0],
},
nwServices: {
ids: [0],
},
appServiceGroups: {
ids: [0],
},
predefined: false,
rank: 0,
sourceCountries: ["string"],
srcIpGroups: {
ids: [0],
},
srcIps: ["string"],
state: "string",
timeWindows: {
ids: [0],
},
txnSampling: "string",
txnSizeLimit: "string",
users: {
ids: [0],
},
workloadGroups: [{
id: 0,
name: "string",
}],
});
type: zia:TrafficCaptureRules
properties:
action: string
appServiceGroups:
ids:
- 0
defaultRule: false
departments:
ids:
- 0
description: string
destAddresses:
- string
destCountries:
- string
destIpCategories:
- string
destIpGroups:
ids:
- 0
deviceGroups:
ids:
- 0
deviceTrustLevels:
- string
devices:
ids:
- 0
groups:
ids:
- 0
labels:
id: 0
locationGroups:
ids:
- 0
locations:
ids:
- 0
name: string
nwApplicationGroups:
ids:
- 0
nwApplications:
- string
nwServiceGroups:
ids:
- 0
nwServices:
ids:
- 0
order: 0
predefined: false
rank: 0
sourceCountries:
- string
srcIpGroups:
ids:
- 0
srcIps:
- string
state: string
timeWindows:
ids:
- 0
txnSampling: string
txnSizeLimit: string
users:
ids:
- 0
workloadGroups:
- id: 0
name: string
TrafficCaptureRules Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TrafficCaptureRules resource accepts the following input properties:
- Order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- Action string
- The action to be enforced when the traffic matches the rule criteria
- App
Service zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules App Service Groups - list of application service groups
- Default
Rule bool - If set to true, the default rule is applied
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Departments - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses List<string> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- Dest
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip List<string>Categories - Dest
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Dest Ip Groups - list of destination ip groups
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Groups - list of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Labels - list of Labels that are applicable to the rule.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Location Groups - list of locations groups
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Locations - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Application Groups - list of nw application groups
- Nw
Applications List<string> - Nw
Service zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Service Groups - list of nw service groups
- Nw
Services zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Services - list of nw services
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Source
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Src
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Src Ip Groups - list of source ip groups
- Src
Ips List<string> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- Txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- Txn
Size stringLimit - The maximum size of traffic to capture per connection
- Users
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Users - list of users for which rule must be applied
- Workload
Groups List<zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- Order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- Action string
- The action to be enforced when the traffic matches the rule criteria
- App
Service TrafficGroups Capture Rules App Service Groups Args - list of application service groups
- Default
Rule bool - If set to true, the default rule is applied
- Departments
Traffic
Capture Rules Departments Args - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses []string - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- Dest
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip []stringCategories - Dest
Ip TrafficGroups Capture Rules Dest Ip Groups Args - list of destination ip groups
- Device
Groups TrafficCapture Rules Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Traffic
Capture Rules Devices Args - Name-ID pairs of devices for which rule must be applied.
- Groups
Traffic
Capture Rules Groups Args - list of groups for which rule must be applied
- Labels
Traffic
Capture Rules Labels Args - list of Labels that are applicable to the rule.
- Location
Groups TrafficCapture Rules Location Groups Args - list of locations groups
- Locations
Traffic
Capture Rules Locations Args - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application TrafficGroups Capture Rules Nw Application Groups Args - list of nw application groups
- Nw
Applications []string - Nw
Service TrafficGroups Capture Rules Nw Service Groups Args - list of nw service groups
- Nw
Services TrafficCapture Rules Nw Services Args - list of nw services
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Source
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Src
Ip TrafficGroups Capture Rules Src Ip Groups Args - list of source ip groups
- Src
Ips []string - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows TrafficCapture Rules Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- Txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- Txn
Size stringLimit - The maximum size of traffic to capture per connection
- Users
Traffic
Capture Rules Users Args - list of users for which rule must be applied
- Workload
Groups []TrafficCapture Rules Workload Group Args - The list of preconfigured workload groups to which the policy must be applied
- order Integer
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- action String
- The action to be enforced when the traffic matches the rule criteria
- app
Service TrafficGroups Capture Rules App Service Groups - list of application service groups
- default
Rule Boolean - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments - list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip TrafficGroups Capture Rules Dest Ip Groups - list of destination ip groups
- device
Groups TrafficCapture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels - list of Labels that are applicable to the rule.
- location
Groups TrafficCapture Rules Location Groups - list of locations groups
- locations
Traffic
Capture Rules Locations - list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application TrafficGroups Capture Rules Nw Application Groups - list of nw application groups
- nw
Applications List<String> - nw
Service TrafficGroups Capture Rules Nw Service Groups - list of nw service groups
- nw
Services TrafficCapture Rules Nw Services - list of nw services
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Integer
- Admin rank of the Firewall Filtering policy rule
- source
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip TrafficGroups Capture Rules Src Ip Groups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows TrafficCapture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling String - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size StringLimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users - list of users for which rule must be applied
- workload
Groups List<TrafficCapture Rules Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- order number
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- action string
- The action to be enforced when the traffic matches the rule criteria
- app
Service TrafficGroups Capture Rules App Service Groups - list of application service groups
- default
Rule boolean - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments - list of departments for which rule must be applied
- description string
- Additional information about the rule
- dest
Addresses string[] - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip string[]Categories - dest
Ip TrafficGroups Capture Rules Dest Ip Groups - list of destination ip groups
- device
Groups TrafficCapture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels - list of Labels that are applicable to the rule.
- location
Groups TrafficCapture Rules Location Groups - list of locations groups
- locations
Traffic
Capture Rules Locations - list of locations for which rule must be applied
- name string
- Name of the Firewall Filtering policy rule
- nw
Application TrafficGroups Capture Rules Nw Application Groups - list of nw application groups
- nw
Applications string[] - nw
Service TrafficGroups Capture Rules Nw Service Groups - list of nw service groups
- nw
Services TrafficCapture Rules Nw Services - list of nw services
- predefined boolean
- If set to true, a predefined rule is applied
- rank number
- Admin rank of the Firewall Filtering policy rule
- source
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip TrafficGroups Capture Rules Src Ip Groups - list of source ip groups
- src
Ips string[] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows TrafficCapture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size stringLimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users - list of users for which rule must be applied
- workload
Groups TrafficCapture Rules Workload Group[] - The list of preconfigured workload groups to which the policy must be applied
- order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- action str
- The action to be enforced when the traffic matches the rule criteria
- app_
service_ Trafficgroups Capture Rules App Service Groups Args - list of application service groups
- default_
rule bool - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments Args - list of departments for which rule must be applied
- description str
- Additional information about the rule
- dest_
addresses Sequence[str] - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest_
ip_ Sequence[str]categories - dest_
ip_ Trafficgroups Capture Rules Dest Ip Groups Args - list of destination ip groups
- device_
groups TrafficCapture Rules Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices Args - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups Args - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels Args - list of Labels that are applicable to the rule.
- location_
groups TrafficCapture Rules Location Groups Args - list of locations groups
- locations
Traffic
Capture Rules Locations Args - list of locations for which rule must be applied
- name str
- Name of the Firewall Filtering policy rule
- nw_
application_ Trafficgroups Capture Rules Nw Application Groups Args - list of nw application groups
- nw_
applications Sequence[str] - nw_
service_ Trafficgroups Capture Rules Nw Service Groups Args - list of nw service groups
- nw_
services TrafficCapture Rules Nw Services Args - list of nw services
- predefined bool
- If set to true, a predefined rule is applied
- rank int
- Admin rank of the Firewall Filtering policy rule
- source_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src_
ip_ Trafficgroups Capture Rules Src Ip Groups Args - list of source ip groups
- src_
ips Sequence[str] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time_
windows TrafficCapture Rules Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- txn_
sampling str - The percentage of connections sampled for capturing each time the rule is triggered
- txn_
size_ strlimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users Args - list of users for which rule must be applied
- workload_
groups Sequence[TrafficCapture Rules Workload Group Args] - The list of preconfigured workload groups to which the policy must be applied
- order Number
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- action String
- The action to be enforced when the traffic matches the rule criteria
- app
Service Property MapGroups - list of application service groups
- default
Rule Boolean - If set to true, the default rule is applied
- departments Property Map
- list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip Property MapGroups - list of destination ip groups
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- groups Property Map
- list of groups for which rule must be applied
- labels Property Map
- list of Labels that are applicable to the rule.
- location
Groups Property Map - list of locations groups
- locations Property Map
- list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application Property MapGroups - list of nw application groups
- nw
Applications List<String> - nw
Service Property MapGroups - list of nw service groups
- nw
Services Property Map - list of nw services
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Number
- Admin rank of the Firewall Filtering policy rule
- source
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip Property MapGroups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows Property Map - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling String - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size StringLimit - The maximum size of traffic to capture per connection
- users Property Map
- list of users for which rule must be applied
- workload
Groups List<Property Map> - The list of preconfigured workload groups to which the policy must be applied
Outputs
All input properties are implicitly available as output properties. Additionally, the TrafficCaptureRules resource produces the following output properties:
Look up Existing TrafficCaptureRules Resource
Get an existing TrafficCaptureRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TrafficCaptureRulesState, opts?: CustomResourceOptions): TrafficCaptureRules@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
app_service_groups: Optional[TrafficCaptureRulesAppServiceGroupsArgs] = None,
default_rule: Optional[bool] = None,
departments: Optional[TrafficCaptureRulesDepartmentsArgs] = None,
description: Optional[str] = None,
dest_addresses: Optional[Sequence[str]] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[TrafficCaptureRulesDestIpGroupsArgs] = None,
device_groups: Optional[TrafficCaptureRulesDeviceGroupsArgs] = None,
device_trust_levels: Optional[Sequence[str]] = None,
devices: Optional[TrafficCaptureRulesDevicesArgs] = None,
groups: Optional[TrafficCaptureRulesGroupsArgs] = None,
labels: Optional[TrafficCaptureRulesLabelsArgs] = None,
location_groups: Optional[TrafficCaptureRulesLocationGroupsArgs] = None,
locations: Optional[TrafficCaptureRulesLocationsArgs] = None,
name: Optional[str] = None,
nw_application_groups: Optional[TrafficCaptureRulesNwApplicationGroupsArgs] = None,
nw_applications: Optional[Sequence[str]] = None,
nw_service_groups: Optional[TrafficCaptureRulesNwServiceGroupsArgs] = None,
nw_services: Optional[TrafficCaptureRulesNwServicesArgs] = None,
order: Optional[int] = None,
predefined: Optional[bool] = None,
rank: Optional[int] = None,
rule_id: Optional[int] = None,
source_countries: Optional[Sequence[str]] = None,
src_ip_groups: Optional[TrafficCaptureRulesSrcIpGroupsArgs] = None,
src_ips: Optional[Sequence[str]] = None,
state: Optional[str] = None,
time_windows: Optional[TrafficCaptureRulesTimeWindowsArgs] = None,
txn_sampling: Optional[str] = None,
txn_size_limit: Optional[str] = None,
users: Optional[TrafficCaptureRulesUsersArgs] = None,
workload_groups: Optional[Sequence[TrafficCaptureRulesWorkloadGroupArgs]] = None) -> TrafficCaptureRulesfunc GetTrafficCaptureRules(ctx *Context, name string, id IDInput, state *TrafficCaptureRulesState, opts ...ResourceOption) (*TrafficCaptureRules, error)public static TrafficCaptureRules Get(string name, Input<string> id, TrafficCaptureRulesState? state, CustomResourceOptions? opts = null)public static TrafficCaptureRules get(String name, Output<String> id, TrafficCaptureRulesState state, CustomResourceOptions options)resources: _: type: zia:TrafficCaptureRules get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action to be enforced when the traffic matches the rule criteria
- App
Service zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules App Service Groups - list of application service groups
- Default
Rule bool - If set to true, the default rule is applied
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Departments - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses List<string> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- Dest
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip List<string>Categories - Dest
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Dest Ip Groups - list of destination ip groups
- Device
Groups zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust List<string>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Groups - list of groups for which rule must be applied
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Labels - list of Labels that are applicable to the rule.
- Location
Groups zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Location Groups - list of locations groups
- Locations
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Locations - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Application Groups - list of nw application groups
- Nw
Applications List<string> - Nw
Service zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Service Groups - list of nw service groups
- Nw
Services zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Nw Services - list of nw services
- Order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Rule
Id int - Source
Countries List<string> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Src
Ip zscaler.Groups Pulumi Package. Zia. Inputs. Traffic Capture Rules Src Ip Groups - list of source ip groups
- Src
Ips List<string> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- Txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- Txn
Size stringLimit - The maximum size of traffic to capture per connection
- Users
zscaler.
Pulumi Package. Zia. Inputs. Traffic Capture Rules Users - list of users for which rule must be applied
- Workload
Groups List<zscaler.Pulumi Package. Zia. Inputs. Traffic Capture Rules Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- Action string
- The action to be enforced when the traffic matches the rule criteria
- App
Service TrafficGroups Capture Rules App Service Groups Args - list of application service groups
- Default
Rule bool - If set to true, the default rule is applied
- Departments
Traffic
Capture Rules Departments Args - list of departments for which rule must be applied
- Description string
- Additional information about the rule
- Dest
Addresses []string - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- Dest
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Dest
Ip []stringCategories - Dest
Ip TrafficGroups Capture Rules Dest Ip Groups Args - list of destination ip groups
- Device
Groups TrafficCapture Rules Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- Device
Trust []stringLevels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- Devices
Traffic
Capture Rules Devices Args - Name-ID pairs of devices for which rule must be applied.
- Groups
Traffic
Capture Rules Groups Args - list of groups for which rule must be applied
- Labels
Traffic
Capture Rules Labels Args - list of Labels that are applicable to the rule.
- Location
Groups TrafficCapture Rules Location Groups Args - list of locations groups
- Locations
Traffic
Capture Rules Locations Args - list of locations for which rule must be applied
- Name string
- Name of the Firewall Filtering policy rule
- Nw
Application TrafficGroups Capture Rules Nw Application Groups Args - list of nw application groups
- Nw
Applications []string - Nw
Service TrafficGroups Capture Rules Nw Service Groups Args - list of nw service groups
- Nw
Services TrafficCapture Rules Nw Services Args - list of nw services
- Order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- Predefined bool
- If set to true, a predefined rule is applied
- Rank int
- Admin rank of the Firewall Filtering policy rule
- Rule
Id int - Source
Countries []string - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- Src
Ip TrafficGroups Capture Rules Src Ip Groups Args - list of source ip groups
- Src
Ips []string - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- State string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- Time
Windows TrafficCapture Rules Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- Txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- Txn
Size stringLimit - The maximum size of traffic to capture per connection
- Users
Traffic
Capture Rules Users Args - list of users for which rule must be applied
- Workload
Groups []TrafficCapture Rules Workload Group Args - The list of preconfigured workload groups to which the policy must be applied
- action String
- The action to be enforced when the traffic matches the rule criteria
- app
Service TrafficGroups Capture Rules App Service Groups - list of application service groups
- default
Rule Boolean - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments - list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip TrafficGroups Capture Rules Dest Ip Groups - list of destination ip groups
- device
Groups TrafficCapture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels - list of Labels that are applicable to the rule.
- location
Groups TrafficCapture Rules Location Groups - list of locations groups
- locations
Traffic
Capture Rules Locations - list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application TrafficGroups Capture Rules Nw Application Groups - list of nw application groups
- nw
Applications List<String> - nw
Service TrafficGroups Capture Rules Nw Service Groups - list of nw service groups
- nw
Services TrafficCapture Rules Nw Services - list of nw services
- order Integer
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Integer
- Admin rank of the Firewall Filtering policy rule
- rule
Id Integer - source
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip TrafficGroups Capture Rules Src Ip Groups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows TrafficCapture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling String - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size StringLimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users - list of users for which rule must be applied
- workload
Groups List<TrafficCapture Rules Workload Group> - The list of preconfigured workload groups to which the policy must be applied
- action string
- The action to be enforced when the traffic matches the rule criteria
- app
Service TrafficGroups Capture Rules App Service Groups - list of application service groups
- default
Rule boolean - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments - list of departments for which rule must be applied
- description string
- Additional information about the rule
- dest
Addresses string[] - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip string[]Categories - dest
Ip TrafficGroups Capture Rules Dest Ip Groups - list of destination ip groups
- device
Groups TrafficCapture Rules Device Groups - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust string[]Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels - list of Labels that are applicable to the rule.
- location
Groups TrafficCapture Rules Location Groups - list of locations groups
- locations
Traffic
Capture Rules Locations - list of locations for which rule must be applied
- name string
- Name of the Firewall Filtering policy rule
- nw
Application TrafficGroups Capture Rules Nw Application Groups - list of nw application groups
- nw
Applications string[] - nw
Service TrafficGroups Capture Rules Nw Service Groups - list of nw service groups
- nw
Services TrafficCapture Rules Nw Services - list of nw services
- order number
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- predefined boolean
- If set to true, a predefined rule is applied
- rank number
- Admin rank of the Firewall Filtering policy rule
- rule
Id number - source
Countries string[] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip TrafficGroups Capture Rules Src Ip Groups - list of source ip groups
- src
Ips string[] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state string
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows TrafficCapture Rules Time Windows - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling string - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size stringLimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users - list of users for which rule must be applied
- workload
Groups TrafficCapture Rules Workload Group[] - The list of preconfigured workload groups to which the policy must be applied
- action str
- The action to be enforced when the traffic matches the rule criteria
- app_
service_ Trafficgroups Capture Rules App Service Groups Args - list of application service groups
- default_
rule bool - If set to true, the default rule is applied
- departments
Traffic
Capture Rules Departments Args - list of departments for which rule must be applied
- description str
- Additional information about the rule
- dest_
addresses Sequence[str] - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest_
ip_ Sequence[str]categories - dest_
ip_ Trafficgroups Capture Rules Dest Ip Groups Args - list of destination ip groups
- device_
groups TrafficCapture Rules Device Groups Args - This field is applicable for devices that are managed using Zscaler Client Connector.
- device_
trust_ Sequence[str]levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices
Traffic
Capture Rules Devices Args - Name-ID pairs of devices for which rule must be applied.
- groups
Traffic
Capture Rules Groups Args - list of groups for which rule must be applied
- labels
Traffic
Capture Rules Labels Args - list of Labels that are applicable to the rule.
- location_
groups TrafficCapture Rules Location Groups Args - list of locations groups
- locations
Traffic
Capture Rules Locations Args - list of locations for which rule must be applied
- name str
- Name of the Firewall Filtering policy rule
- nw_
application_ Trafficgroups Capture Rules Nw Application Groups Args - list of nw application groups
- nw_
applications Sequence[str] - nw_
service_ Trafficgroups Capture Rules Nw Service Groups Args - list of nw service groups
- nw_
services TrafficCapture Rules Nw Services Args - list of nw services
- order int
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- predefined bool
- If set to true, a predefined rule is applied
- rank int
- Admin rank of the Firewall Filtering policy rule
- rule_
id int - source_
countries Sequence[str] - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src_
ip_ Trafficgroups Capture Rules Src Ip Groups Args - list of source ip groups
- src_
ips Sequence[str] - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state str
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time_
windows TrafficCapture Rules Time Windows Args - The time interval in which the Firewall Filtering policy rule applies
- txn_
sampling str - The percentage of connections sampled for capturing each time the rule is triggered
- txn_
size_ strlimit - The maximum size of traffic to capture per connection
- users
Traffic
Capture Rules Users Args - list of users for which rule must be applied
- workload_
groups Sequence[TrafficCapture Rules Workload Group Args] - The list of preconfigured workload groups to which the policy must be applied
- action String
- The action to be enforced when the traffic matches the rule criteria
- app
Service Property MapGroups - list of application service groups
- default
Rule Boolean - If set to true, the default rule is applied
- departments Property Map
- list of departments for which rule must be applied
- description String
- Additional information about the rule
- dest
Addresses List<String> - Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs
- dest
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- dest
Ip List<String>Categories - dest
Ip Property MapGroups - list of destination ip groups
- device
Groups Property Map - This field is applicable for devices that are managed using Zscaler Client Connector.
- device
Trust List<String>Levels - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
- devices Property Map
- Name-ID pairs of devices for which rule must be applied.
- groups Property Map
- list of groups for which rule must be applied
- labels Property Map
- list of Labels that are applicable to the rule.
- location
Groups Property Map - list of locations groups
- locations Property Map
- list of locations for which rule must be applied
- name String
- Name of the Firewall Filtering policy rule
- nw
Application Property MapGroups - list of nw application groups
- nw
Applications List<String> - nw
Service Property MapGroups - list of nw service groups
- nw
Services Property Map - list of nw services
- order Number
- Rule order number. If omitted, the rule will be added to the end of the rule set.
- predefined Boolean
- If set to true, a predefined rule is applied
- rank Number
- Admin rank of the Firewall Filtering policy rule
- rule
Id Number - source
Countries List<String> - Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
- src
Ip Property MapGroups - list of source ip groups
- src
Ips List<String> - User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
- state String
- Determines whether the Firewall Filtering policy rule is enabled or disabled
- time
Windows Property Map - The time interval in which the Firewall Filtering policy rule applies
- txn
Sampling String - The percentage of connections sampled for capturing each time the rule is triggered
- txn
Size StringLimit - The maximum size of traffic to capture per connection
- users Property Map
- list of users for which rule must be applied
- workload
Groups List<Property Map> - The list of preconfigured workload groups to which the policy must be applied
Supporting Types
TrafficCaptureRulesAppServiceGroups, TrafficCaptureRulesAppServiceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesDepartments, TrafficCaptureRulesDepartmentsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesDestIpGroups, TrafficCaptureRulesDestIpGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesDeviceGroups, TrafficCaptureRulesDeviceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesDevices, TrafficCaptureRulesDevicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesGroups, TrafficCaptureRulesGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesLabels, TrafficCaptureRulesLabelsArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
TrafficCaptureRulesLocationGroups, TrafficCaptureRulesLocationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesLocations, TrafficCaptureRulesLocationsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesNwApplicationGroups, TrafficCaptureRulesNwApplicationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesNwServiceGroups, TrafficCaptureRulesNwServiceGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesNwServices, TrafficCaptureRulesNwServicesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesSrcIpGroups, TrafficCaptureRulesSrcIpGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesTimeWindows, TrafficCaptureRulesTimeWindowsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesUsers, TrafficCaptureRulesUsersArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
TrafficCaptureRulesWorkloadGroup, TrafficCaptureRulesWorkloadGroupArgs
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language. Visit
zia_traffic_capture_rules can be imported by using <RULE ID> or <RULE NAME> as the import ID.
For example:
$ pulumi import zia:index/trafficCaptureRules:TrafficCaptureRules example <rule_id>
or
$ pulumi import zia:index/trafficCaptureRules:TrafficCaptureRules example <rule_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.
Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler
