Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_forwarding_control_rule resource manages forwarding control rules in the Zscaler Internet Access (ZIA) cloud service. Forwarding control rules determine how traffic is forwarded — directly to the internet, via an explicit proxy, or through Zscaler Private Access (ZPA).
For more information, see the ZIA Forwarding Control documentation.
Example Usage
Basic Forwarding Control Rule
Example coming soon!
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zia.NewForwardingControlRule(ctx, "example", &zia.ForwardingControlRuleArgs{
Name: pulumi.String("Example Forwarding Rule"),
Description: pulumi.StringRef("Forward traffic directly"),
Order: pulumi.Int(1),
State: pulumi.StringRef("ENABLED"),
ForwardMethod: pulumi.String("DIRECT"),
})
return err
})
}
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.ForwardingControlRule("example", {
name: "Example Forwarding Rule",
description: "Forward traffic directly",
order: 1,
state: "ENABLED",
forwardMethod: "DIRECT",
});
import zscaler_pulumi_zia as zia
example = zia.ForwardingControlRule("example",
name="Example Forwarding Rule",
description="Forward traffic directly",
order=1,
state="ENABLED",
forward_method="DIRECT",
)
resources:
example:
type: zia:ForwardingControlRule
properties:
name: Example Forwarding Rule
description: Forward traffic directly
order: 1
state: ENABLED
forwardMethod: DIRECT
Create ForwardingControlRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ForwardingControlRule(name: string, args: ForwardingControlRuleArgs, opts?: CustomResourceOptions);@overload
def ForwardingControlRule(resource_name: str,
args: ForwardingControlRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ForwardingControlRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
forward_method: Optional[str] = None,
order: Optional[int] = None,
name: Optional[str] = None,
dest_ipv6_groups: Optional[Sequence[int]] = None,
rank: Optional[int] = None,
dest_countries: Optional[Sequence[str]] = None,
dest_ip_categories: Optional[Sequence[str]] = None,
dest_ip_groups: Optional[Sequence[int]] = None,
app_service_groups: Optional[Sequence[int]] = None,
device_groups: Optional[Sequence[int]] = None,
ec_groups: Optional[Sequence[int]] = None,
description: Optional[str] = None,
groups: Optional[Sequence[int]] = None,
labels: Optional[Sequence[int]] = None,
location_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
departments: Optional[Sequence[int]] = None,
dest_addresses: Optional[Sequence[str]] = None,
nw_services: Optional[Sequence[int]] = None,
nw_application_groups: Optional[Sequence[int]] = None,
dedicated_ip_gateway_id: Optional[int] = None,
proxy_gateway_id: Optional[int] = None,
nw_service_groups: Optional[Sequence[int]] = None,
res_categories: Optional[Sequence[str]] = None,
src_ip_groups: Optional[Sequence[int]] = None,
src_ips: Optional[Sequence[str]] = None,
src_ipv6_groups: Optional[Sequence[int]] = None,
state: Optional[str] = None,
type: Optional[str] = None,
users: Optional[Sequence[int]] = None,
zpa_app_segments: Optional[Sequence[ZPAAppSegmentInputArgs]] = None,
zpa_gateway_id: Optional[int] = None)func NewForwardingControlRule(ctx *Context, name string, args ForwardingControlRuleArgs, opts ...ResourceOption) (*ForwardingControlRule, error)public ForwardingControlRule(string name, ForwardingControlRuleArgs args, CustomResourceOptions? opts = null)
public ForwardingControlRule(String name, ForwardingControlRuleArgs args)
public ForwardingControlRule(String name, ForwardingControlRuleArgs args, CustomResourceOptions options)
type: zia:ForwardingControlRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ForwardingControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ForwardingControlRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ForwardingControlRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ForwardingControlRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ForwardingControlRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var forwardingControlRuleResource = new Zia.ForwardingControlRule("forwardingControlRuleResource", new()
{
ForwardMethod = "string",
Order = 0,
Name = "string",
DestIpv6Groups = new[]
{
0,
},
Rank = 0,
DestCountries = new[]
{
"string",
},
DestIpCategories = new[]
{
"string",
},
DestIpGroups = new[]
{
0,
},
AppServiceGroups = new[]
{
0,
},
DeviceGroups = new[]
{
0,
},
EcGroups = new[]
{
0,
},
Description = "string",
Groups = new[]
{
0,
},
Labels = new[]
{
0,
},
LocationGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
Departments = new[]
{
0,
},
DestAddresses = new[]
{
"string",
},
NwServices = new[]
{
0,
},
NwApplicationGroups = new[]
{
0,
},
DedicatedIpGatewayId = 0,
ProxyGatewayId = 0,
NwServiceGroups = new[]
{
0,
},
ResCategories = new[]
{
"string",
},
SrcIpGroups = new[]
{
0,
},
SrcIps = new[]
{
"string",
},
SrcIpv6Groups = new[]
{
0,
},
State = "string",
Type = "string",
Users = new[]
{
0,
},
ZpaAppSegments = new[]
{
new Zia.Inputs.ZPAAppSegmentInputArgs
{
ExternalId = "string",
Name = "string",
},
},
ZpaGatewayId = 0,
});
example, err := zia.NewForwardingControlRule(ctx, "forwardingControlRuleResource", &zia.ForwardingControlRuleArgs{
ForwardMethod: pulumi.String("string"),
Order: pulumi.Int(0),
Name: pulumi.String("string"),
DestIpv6Groups: pulumi.IntArray{
pulumi.Int(0),
},
Rank: pulumi.Int(0),
DestCountries: pulumi.StringArray{
pulumi.String("string"),
},
DestIpCategories: pulumi.StringArray{
pulumi.String("string"),
},
DestIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
AppServiceGroups: pulumi.IntArray{
pulumi.Int(0),
},
DeviceGroups: pulumi.IntArray{
pulumi.Int(0),
},
EcGroups: pulumi.IntArray{
pulumi.Int(0),
},
Description: pulumi.String("string"),
Groups: pulumi.IntArray{
pulumi.Int(0),
},
Labels: pulumi.IntArray{
pulumi.Int(0),
},
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
Departments: pulumi.IntArray{
pulumi.Int(0),
},
DestAddresses: pulumi.StringArray{
pulumi.String("string"),
},
NwServices: pulumi.IntArray{
pulumi.Int(0),
},
NwApplicationGroups: pulumi.IntArray{
pulumi.Int(0),
},
DedicatedIpGatewayId: pulumi.Int(0),
ProxyGatewayId: pulumi.Int(0),
NwServiceGroups: pulumi.IntArray{
pulumi.Int(0),
},
ResCategories: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
SrcIps: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpv6Groups: pulumi.IntArray{
pulumi.Int(0),
},
State: pulumi.String("string"),
Type: pulumi.String("string"),
Users: pulumi.IntArray{
pulumi.Int(0),
},
ZpaAppSegments: pulumizia.ZPAAppSegmentInputArray{
&pulumizia.ZPAAppSegmentInputArgs{
ExternalId: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
ZpaGatewayId: pulumi.Int(0),
})
var forwardingControlRuleResource = new ForwardingControlRule("forwardingControlRuleResource", ForwardingControlRuleArgs.builder()
.forwardMethod("string")
.order(0)
.name("string")
.destIpv6Groups(0)
.rank(0)
.destCountries("string")
.destIpCategories("string")
.destIpGroups(0)
.appServiceGroups(0)
.deviceGroups(0)
.ecGroups(0)
.description("string")
.groups(0)
.labels(0)
.locationGroups(0)
.locations(0)
.departments(0)
.destAddresses("string")
.nwServices(0)
.nwApplicationGroups(0)
.dedicatedIpGatewayId(0)
.proxyGatewayId(0)
.nwServiceGroups(0)
.resCategories("string")
.srcIpGroups(0)
.srcIps("string")
.srcIpv6Groups(0)
.state("string")
.type("string")
.users(0)
.zpaAppSegments(ZPAAppSegmentInputArgs.builder()
.externalId("string")
.name("string")
.build())
.zpaGatewayId(0)
.build());
forwarding_control_rule_resource = zia.ForwardingControlRule("forwardingControlRuleResource",
forward_method="string",
order=0,
name="string",
dest_ipv6_groups=[0],
rank=0,
dest_countries=["string"],
dest_ip_categories=["string"],
dest_ip_groups=[0],
app_service_groups=[0],
device_groups=[0],
ec_groups=[0],
description="string",
groups=[0],
labels=[0],
location_groups=[0],
locations=[0],
departments=[0],
dest_addresses=["string"],
nw_services=[0],
nw_application_groups=[0],
dedicated_ip_gateway_id=0,
proxy_gateway_id=0,
nw_service_groups=[0],
res_categories=["string"],
src_ip_groups=[0],
src_ips=["string"],
src_ipv6_groups=[0],
state="string",
type="string",
users=[0],
zpa_app_segments=[{
"external_id": "string",
"name": "string",
}],
zpa_gateway_id=0)
const forwardingControlRuleResource = new zia.ForwardingControlRule("forwardingControlRuleResource", {
forwardMethod: "string",
order: 0,
name: "string",
destIpv6Groups: [0],
rank: 0,
destCountries: ["string"],
destIpCategories: ["string"],
destIpGroups: [0],
appServiceGroups: [0],
deviceGroups: [0],
ecGroups: [0],
description: "string",
groups: [0],
labels: [0],
locationGroups: [0],
locations: [0],
departments: [0],
destAddresses: ["string"],
nwServices: [0],
nwApplicationGroups: [0],
dedicatedIpGatewayId: 0,
proxyGatewayId: 0,
nwServiceGroups: [0],
resCategories: ["string"],
srcIpGroups: [0],
srcIps: ["string"],
srcIpv6Groups: [0],
state: "string",
type: "string",
users: [0],
zpaAppSegments: [{
externalId: "string",
name: "string",
}],
zpaGatewayId: 0,
});
type: zia:ForwardingControlRule
properties:
appServiceGroups:
- 0
dedicatedIpGatewayId: 0
departments:
- 0
description: string
destAddresses:
- string
destCountries:
- string
destIpCategories:
- string
destIpGroups:
- 0
destIpv6Groups:
- 0
deviceGroups:
- 0
ecGroups:
- 0
forwardMethod: string
groups:
- 0
labels:
- 0
locationGroups:
- 0
locations:
- 0
name: string
nwApplicationGroups:
- 0
nwServiceGroups:
- 0
nwServices:
- 0
order: 0
proxyGatewayId: 0
rank: 0
resCategories:
- string
srcIpGroups:
- 0
srcIps:
- string
srcIpv6Groups:
- 0
state: string
type: string
users:
- 0
zpaAppSegments:
- externalId: string
name: string
zpaGatewayId: 0
ForwardingControlRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ForwardingControlRule resource accepts the following input properties:
- Forward
Method string - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - Name string
- The name of the forwarding control rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other forwarding control rules.
- App
Service List<int>Groups - IDs of application service groups to which the rule applies.
- Dedicated
Ip intGateway Id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- Departments List<int>
- IDs of departments to which the rule must be applied.
- Description string
- Additional information about the forwarding control rule.
- Dest
Addresses List<string> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- Dest
Countries List<string> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- Dest
Ip List<string>Categories - Destination IP address URL categories for the rule.
- Dest
Ip List<int>Groups - IDs of destination IP address groups for the rule.
- Dest
Ipv6Groups List<int> - IDs of destination IPv6 address groups for the rule.
- Device
Groups List<int> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- Ec
Groups List<int> - IDs of Zscaler Edge Connector groups to which the rule applies.
- Groups List<int>
- IDs of groups to which the rule must be applied.
- Labels List<int>
- IDs of labels associated with the rule.
- Location
Groups List<int> - IDs of location groups to which the rule must be applied.
- Locations List<int>
- IDs of locations to which the rule must be applied.
- Nw
Application List<int>Groups - IDs of network application groups to which the rule applies.
- Nw
Service List<int>Groups - IDs of network service groups to which the rule applies.
- Nw
Services List<int> - IDs of network services to which the rule applies.
- Proxy
Gateway intId - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - Rank int
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- Res
Categories List<string> - URL categories that apply to the response for the rule.
- Src
Ip List<int>Groups - IDs of source IP address groups for the rule.
- Src
Ips List<string> - Source IP addresses or CIDR ranges for the rule.
- Src
Ipv6Groups List<int> - IDs of source IPv6 address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Type string
- The rule type. Valid values:
FORWARDING. - Users List<int>
- IDs of users to which the rule must be applied.
- Zpa
App List<zscaler.Segments Pulumi Package. Zia. Inputs. ZPAApp Segment Input> - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - Zpa
Gateway intId - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
- Forward
Method string - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - Name string
- The name of the forwarding control rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other forwarding control rules.
- App
Service []intGroups - IDs of application service groups to which the rule applies.
- Dedicated
Ip intGateway Id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- Departments []int
- IDs of departments to which the rule must be applied.
- Description string
- Additional information about the forwarding control rule.
- Dest
Addresses []string - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- Dest
Countries []string - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- Dest
Ip []stringCategories - Destination IP address URL categories for the rule.
- Dest
Ip []intGroups - IDs of destination IP address groups for the rule.
- Dest
Ipv6Groups []int - IDs of destination IPv6 address groups for the rule.
- Device
Groups []int - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- Ec
Groups []int - IDs of Zscaler Edge Connector groups to which the rule applies.
- Groups []int
- IDs of groups to which the rule must be applied.
- Labels []int
- IDs of labels associated with the rule.
- Location
Groups []int - IDs of location groups to which the rule must be applied.
- Locations []int
- IDs of locations to which the rule must be applied.
- Nw
Application []intGroups - IDs of network application groups to which the rule applies.
- Nw
Service []intGroups - IDs of network service groups to which the rule applies.
- Nw
Services []int - IDs of network services to which the rule applies.
- Proxy
Gateway intId - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - Rank int
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- Res
Categories []string - URL categories that apply to the response for the rule.
- Src
Ip []intGroups - IDs of source IP address groups for the rule.
- Src
Ips []string - Source IP addresses or CIDR ranges for the rule.
- Src
Ipv6Groups []int - IDs of source IPv6 address groups for the rule.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Type string
- The rule type. Valid values:
FORWARDING. - Users []int
- IDs of users to which the rule must be applied.
- Zpa
App []ZPAAppSegments Segment Input Args - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - Zpa
Gateway intId - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
- forward
Method String - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - name String
- The name of the forwarding control rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other forwarding control rules.
- app
Service List<Integer>Groups - IDs of application service groups to which the rule applies.
- dedicated
Ip IntegerGateway Id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- departments List<Integer>
- IDs of departments to which the rule must be applied.
- description String
- Additional information about the forwarding control rule.
- dest
Addresses List<String> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries List<String> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip List<String>Categories - Destination IP address URL categories for the rule.
- dest
Ip List<Integer>Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups List<Integer> - IDs of destination IPv6 address groups for the rule.
- device
Groups List<Integer> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- ec
Groups List<Integer> - IDs of Zscaler Edge Connector groups to which the rule applies.
- groups List<Integer>
- IDs of groups to which the rule must be applied.
- labels List<Integer>
- IDs of labels associated with the rule.
- location
Groups List<Integer> - IDs of location groups to which the rule must be applied.
- locations List<Integer>
- IDs of locations to which the rule must be applied.
- nw
Application List<Integer>Groups - IDs of network application groups to which the rule applies.
- nw
Service List<Integer>Groups - IDs of network service groups to which the rule applies.
- nw
Services List<Integer> - IDs of network services to which the rule applies.
- proxy
Gateway IntegerId - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - rank Integer
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- res
Categories List<String> - URL categories that apply to the response for the rule.
- src
Ip List<Integer>Groups - IDs of source IP address groups for the rule.
- src
Ips List<String> - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups List<Integer> - IDs of source IPv6 address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - type String
- The rule type. Valid values:
FORWARDING. - users List<Integer>
- IDs of users to which the rule must be applied.
- zpa
App List<ZPAAppSegments Segment Input> - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - zpa
Gateway IntegerId - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
- forward
Method string - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - name string
- The name of the forwarding control rule. Must be unique.
- order number
- The order of execution of the rule with respect to other forwarding control rules.
- app
Service number[]Groups - IDs of application service groups to which the rule applies.
- dedicated
Ip numberGateway Id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- departments number[]
- IDs of departments to which the rule must be applied.
- description string
- Additional information about the forwarding control rule.
- dest
Addresses string[] - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries string[] - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip string[]Categories - Destination IP address URL categories for the rule.
- dest
Ip number[]Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups number[] - IDs of destination IPv6 address groups for the rule.
- device
Groups number[] - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- ec
Groups number[] - IDs of Zscaler Edge Connector groups to which the rule applies.
- groups number[]
- IDs of groups to which the rule must be applied.
- labels number[]
- IDs of labels associated with the rule.
- location
Groups number[] - IDs of location groups to which the rule must be applied.
- locations number[]
- IDs of locations to which the rule must be applied.
- nw
Application number[]Groups - IDs of network application groups to which the rule applies.
- nw
Service number[]Groups - IDs of network service groups to which the rule applies.
- nw
Services number[] - IDs of network services to which the rule applies.
- proxy
Gateway numberId - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - rank number
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- res
Categories string[] - URL categories that apply to the response for the rule.
- src
Ip number[]Groups - IDs of source IP address groups for the rule.
- src
Ips string[] - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups number[] - IDs of source IPv6 address groups for the rule.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - type string
- The rule type. Valid values:
FORWARDING. - users number[]
- IDs of users to which the rule must be applied.
- zpa
App ZPAAppSegments Segment Input[] - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - zpa
Gateway numberId - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
- forward_
method str - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - name str
- The name of the forwarding control rule. Must be unique.
- order int
- The order of execution of the rule with respect to other forwarding control rules.
- app_
service_ Sequence[int]groups - IDs of application service groups to which the rule applies.
- dedicated_
ip_ intgateway_ id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- departments Sequence[int]
- IDs of departments to which the rule must be applied.
- description str
- Additional information about the forwarding control rule.
- dest_
addresses Sequence[str] - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest_
countries Sequence[str] - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest_
ip_ Sequence[str]categories - Destination IP address URL categories for the rule.
- dest_
ip_ Sequence[int]groups - IDs of destination IP address groups for the rule.
- dest_
ipv6_ Sequence[int]groups - IDs of destination IPv6 address groups for the rule.
- device_
groups Sequence[int] - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- ec_
groups Sequence[int] - IDs of Zscaler Edge Connector groups to which the rule applies.
- groups Sequence[int]
- IDs of groups to which the rule must be applied.
- labels Sequence[int]
- IDs of labels associated with the rule.
- location_
groups Sequence[int] - IDs of location groups to which the rule must be applied.
- locations Sequence[int]
- IDs of locations to which the rule must be applied.
- nw_
application_ Sequence[int]groups - IDs of network application groups to which the rule applies.
- nw_
service_ Sequence[int]groups - IDs of network service groups to which the rule applies.
- nw_
services Sequence[int] - IDs of network services to which the rule applies.
- proxy_
gateway_ intid - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - rank int
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- res_
categories Sequence[str] - URL categories that apply to the response for the rule.
- src_
ip_ Sequence[int]groups - IDs of source IP address groups for the rule.
- src_
ips Sequence[str] - Source IP addresses or CIDR ranges for the rule.
- src_
ipv6_ Sequence[int]groups - IDs of source IPv6 address groups for the rule.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - type str
- The rule type. Valid values:
FORWARDING. - users Sequence[int]
- IDs of users to which the rule must be applied.
- zpa_
app_ Sequence[ZPAAppsegments Segment Input Args] - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - zpa_
gateway_ intid - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
- forward
Method String - The type of traffic forwarding method. Valid values:
INVALID,DIRECT,PROXYCHAIN,ZPA,ECZPA,ZIA,ECSELF,DROP,ENATDEDIP. - name String
- The name of the forwarding control rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other forwarding control rules.
- app
Service List<Number>Groups - IDs of application service groups to which the rule applies.
- dedicated
Ip NumberGateway Id - The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method.
- departments List<Number>
- IDs of departments to which the rule must be applied.
- description String
- Additional information about the forwarding control rule.
- dest
Addresses List<String> - Destination IP addresses, FQDNs, or wildcard FQDNs for the rule.
- dest
Countries List<String> - Destination countries (ISO 3166-1 alpha-2 codes) for the rule.
- dest
Ip List<String>Categories - Destination IP address URL categories for the rule.
- dest
Ip List<Number>Groups - IDs of destination IP address groups for the rule.
- dest
Ipv6Groups List<Number> - IDs of destination IPv6 address groups for the rule.
- device
Groups List<Number> - IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector.
- ec
Groups List<Number> - IDs of Zscaler Edge Connector groups to which the rule applies.
- groups List<Number>
- IDs of groups to which the rule must be applied.
- labels List<Number>
- IDs of labels associated with the rule.
- location
Groups List<Number> - IDs of location groups to which the rule must be applied.
- locations List<Number>
- IDs of locations to which the rule must be applied.
- nw
Application List<Number>Groups - IDs of network application groups to which the rule applies.
- nw
Service List<Number>Groups - IDs of network service groups to which the rule applies.
- nw
Services List<Number> - IDs of network services to which the rule applies.
- proxy
Gateway NumberId - The ID of the proxy gateway. Required when forwardMethod is
PROXYCHAIN. - rank Number
- Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7.
- res
Categories List<String> - URL categories that apply to the response for the rule.
- src
Ip List<Number>Groups - IDs of source IP address groups for the rule.
- src
Ips List<String> - Source IP addresses or CIDR ranges for the rule.
- src
Ipv6Groups List<Number> - IDs of source IPv6 address groups for the rule.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - type String
- The rule type. Valid values:
FORWARDING. - users List<Number>
- IDs of users to which the rule must be applied.
- zpa
App List<Property Map>Segments - List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is
ZPA. - zpa
Gateway NumberId - The ID of the ZPA gateway. Required when forwardMethod is
ZPA.
Outputs
All input properties are implicitly available as output properties. Additionally, the ForwardingControlRule resource produces the following output properties:
Supporting Types
ZPAAppSegmentInput, ZPAAppSegmentInputArgs
- External
Id string - Name string
- External
Id string - Name string
- external
Id String - name String
- external
Id string - name string
- external_
id str - name str
- external
Id String - name String
Import
An existing Forwarding Control Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:ForwardingControlRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
