cloud_firewall_ips

The following methods allow for interaction with the ZIA Cloud Firewall IPS Rules API endpoints.

Methods are accessible via zia.cloud_firewall_ips

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class FirewallIPSRulesAPI

Bases: APIClient

add_rule(**kwargs)

Adds a new cloud firewall ips rule.

Parameters:

name (str) – Name of the rule, max 31 chars.

Keyword Arguments:

• order (str) – The order of the rule, defaults to adding rule to bottom of list.

• rank (str) – The admin rank of the rule. Supported values 1-7

• enabled (bool) – The rule state.

• description (str) – Additional information about the rule

• enable_full_logging (bool) – If True, enables full logging.

• capture_pcap (bool) – Indicates whether packet capture (PCAP) is enabled or not.

• predefined (bool) – Indicates that the rule is predefined by using a true value

• default_rule (bool) – Indicates whether the rule is the Default Cloud IPS Rule or not

• action (str) – Action that must take place if the traffic matches the rule criteria. Supported Values: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS

• dest_ip_groups (list) – The IDs for the destination IP groups that this rule applies to.

• dest_ipv6_groups (list) – The IDs for the destination IPV6 groups that this rule applies to.

• dest_countries (list) – Destination countries for the rule.

• dest_addresses (list) – Destination IPs for the rule. Accepts IP addresses or CIDR.

• src_ips (list) – Source IPs for the rule. Accepts IP addresses or CIDR.

• source_countries (list) – The countries of origin of traffic for which the rule is applicable.

• src_ip_groups (list) – The IDs for the source IP groups that this rule applies to.

• src_ipv6_groups (list) – The IDs for the source IPV6 groups that this rule applies to.

• dest_ip_categories (list) – IP address categories for the rule.

• dest_countries – Destination countries for the rule.

• groups (list) – The IDs for the groups that this rule applies to.

• users (list) – The IDs for the users that this rule applies to.

• res_categories (list) – Source IPs for the rule. Accepts IP addresses or CIDR.

• file_types (list) – The file types to which the rule applies.

• protocols (list) – The protocol criteria for the rule.

• devices (list) – IDs for devices managed by Zscaler Client Connector.

• device_groups (list) – IDs for device groups managed by Zscaler Client Connector.

• labels (list) – The IDs for the labels that this rule applies to.

• locations (list) – The IDs for the locations that this rule applies to.

• location_groups (list) – The IDs for the location groups that this rule applies to.

• time_windows (list) – IDs for time windows the rule applies to.

• nw_services (list) – The IDs for the network services that this rule applies to.

• nw_service_groups (list) – The IDs for the network service groups that this rule applies to.

• threat_categories (list) – The IDs for the network service groups that this rule applies to.

• zpa_app_segments (list) – The IDs for the network service groups that this rule applies to.

Returns:

New firewall ips rule resource record.

Return type:

tuple

Example

Add a firewall ips rule to block specific file types:

>>> added_rule, response, error = client.zia.cloud_firewall_ips.add_rule(
...     name=f"NewRule {random.randint(1000, 10000)}",
...     description=f"NewRule {random.randint(1000, 10000)}",
...     action='ALLOW',
...     state="ENABLED",
...     order=1,
...     rank=7,
...     dest_countries=["COUNTRY_CA", "COUNTRY_US", "COUNTRY_MX", "COUNTRY_AU", "COUNTRY_GB"],
... )
>>> if error:
...     print(f"Error adding rule: {error}")
...     return
... print(f"Rule added successfully: {added_rule.as_dict()}")

delete_rule(rule_id)

Deletes the specified firewall ips rule.

Parameters:

rule_id (str) – The unique identifier for the firewall ips rule.

Returns:

The status code for the operation.

Return type:

int

Examples

>>> _, _, error = client.zia.cloud_firewall_ips.delete_rule(updated_rule.id)
>>> if error:
...     print(f"Error deleting rule: {error}")
...     return
... print(f"Rule with ID {updated_rule.id} deleted successfully.")

get_rule(rule_id)

Returns information for the specified firewall ips rule.

Parameters:

rule_id (str) – The unique identifier for the firewall ips rule.

Returns:

A tuple containing (firewall ips rule instance, Response, error).

Return type:

tuple

Example

Retrieve a cloud firewall ips rule by its ID:

>>> fetched_rule, response, error = client.zia.cloud_firewall_ips.get_rule('960061')
>>> if error:
...     print(f"Error fetching rule by ID: {error}")
...     return
... print(f"Fetched rule by ID: {fetched_rule.as_dict()}")

list_rules(query_params=None)

List firewall ips rules in your organization. If the search parameter is provided, the function filters the rules client-side.

Parameters:

{dict} (query_params) – Map of query parameters for the request. [query_params.search] {str}: Search string for filtering results by rule name.

Returns:

A tuple containing (list of cloud firewall ips rules instances, Response, error).

Return type:

tuple

Example

List all cloud firewall ips rules:

>>> rules_list, response, error = client.zia.cloud_firewall_ips.list_rules()
... if error:
...    print(f"Error listing cloud firewall ips: {error}")
...    return
... print(f"Total rules found: {len(rules_list)}")
... for rule in rules_list:
...    print(rule.as_dict())

filtering rule results by rule name :

>>> rules_list, response, error = client.zia.cloud_firewall_ips.list_rules(
    query_params={"search": Rule01}
)
... if error:
...    print(f"Error listing cloud firewall ips: {error}")
...    return
... print(f"Total rules found: {len(rules_list)}")
... for rule in rules_list:
...    print(rule.as_dict())

update_rule(rule_id, **kwargs)

Updates an existing firewall ips rule.

Parameters:

• rule_id (str) – The unique ID for the rule that is being updated.

• **kwargs – Optional keyword args.

Keyword Arguments:

• name (str) – Name of the rule, max 31 chars.

• order (str) – The order of the rule, defaults to adding rule to bottom of list.

• rank (str) – The admin rank of the rule. Supported values 1-7

• enabled (bool) – The rule state.

• description (str) – Additional information about the rule

• enable_full_logging (bool) – If True, enables full logging.

• capture_pcap (bool) – Indicates whether packet capture (PCAP) is enabled or not.

• predefined (bool) – Indicates that the rule is predefined by using a true value

• default_rule (bool) – Indicates whether the rule is the Default Cloud IPS Rule or not

• action (str) – Action that must take place if the traffic matches the rule criteria. Supported Values: ALLOW, BLOCK_DROP, BLOCK_RESET, BYPASS_IPS

• dest_ip_groups (list) – The IDs for the destination IP groups that this rule applies to.

• dest_ipv6_groups (list) – The IDs for the destination IPV6 groups that this rule applies to.

• dest_countries (list) – Destination countries for the rule.

• dest_addresses (list) – Destination IPs for the rule. Accepts IP addresses or CIDR.

• src_ips (list) – Source IPs for the rule. Accepts IP addresses or CIDR.

• source_countries (list) – The countries of origin of traffic for which the rule is applicable.

• src_ip_groups (list) – The IDs for the source IP groups that this rule applies to.

• src_ipv6_groups (list) – The IDs for the source IPV6 groups that this rule applies to.

• dest_ip_categories (list) – IP address categories for the rule.

• dest_countries – Destination countries for the rule.

• groups (list) – The IDs for the groups that this rule applies to.

• users (list) – The IDs for the users that this rule applies to.

• res_categories (list) – Source IPs for the rule. Accepts IP addresses or CIDR.

• file_types (list) – The file types to which the rule applies.

• protocols (list) – The protocol criteria for the rule.

• devices (list) – IDs for devices managed by Zscaler Client Connector.

• device_groups (list) – IDs for device groups managed by Zscaler Client Connector.

• labels (list) – The IDs for the labels that this rule applies to.

• locations (list) – The IDs for the locations that this rule applies to.

• location_groups (list) – The IDs for the location groups that this rule applies to.

• time_windows (list) – IDs for time windows the rule applies to.

• nw_services (list) – The IDs for the network services that this rule applies to.

• nw_service_groups (list) – The IDs for the network service groups that this rule applies to.

• threat_categories (list) – The IDs for the network service groups that this rule applies to.

• zpa_app_segments (list) – The IDs for the network service groups that this rule applies to.

Returns:

Updated firewall ip filtering rule resource record.

Return type:

tuple

Example

Update an existing rule to change its name and action:

>>> updated_rule, response, error = client.zia.cloud_firewall_ips.update_rule(
...     rule_id='12455'
...     name=f"UpdateRule {random.randint(1000, 10000)}",
...     description=f"UpdateRule {random.randint(1000, 10000)}",
...     action='ALLOW',
...     state="ENABLED",
...     order=1,
...     rank=7,
...     dest_countries=["COUNTRY_CA", "COUNTRY_US", "COUNTRY_MX", "COUNTRY_AU", "COUNTRY_GB"],
...     locations=['125466', '54587544'],
... )
>>> if error:
...     print(f"Error adding rule: {error}")
...     return
... print(f"Rule added successfully: {updated_rule.as_dict()}")