forwarding_control¶
The following methods allow for interaction with the ZIA Forwarding Control Rule API endpoints.
Methods are accessible via zia.forwarding_control
Copyright (c) 2023, Zscaler Inc.
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- class ForwardingControlAPI¶
Bases:
APIClient- add_rule(**kwargs)¶
Adds a new forwarding control rule.
- Parameters:
- Keyword Arguments:
order (str) – The order of the rule, defaults to adding rule to bottom of list.
rank (str) – The admin rank of the rule. Supported values 1-7
forward_method (str) – The type of traffic forwarding method selected from the available options
Values (Supported) – INVALID, DIRECT, PROXYCHAIN, ZIA, ZPA, ECZPA, ECSELF, DROP
state (str) – The rule state. Accepted values are ‘ENABLED’ or ‘DISABLED’.
description (str) – Additional information about the rule
groups (list) – The IDs for the groups that this rule applies to.
departments (list) – IDs for departments the rule applies to.
ec_groups (list) – The IDs for the Zscaler Cloud Connector groups to which the forwarding rule applies.
users (list) – The IDs for the users that this rule applies to.
protocols (list) – The protocol criteria for the rule.
labels (list) – The IDs for the labels that this rule applies to.
locations (list) – The IDs for the locations that this rule applies to.
location_groups (list) – The IDs for the location groups that this rule applies to.
src_ips (list) – List of User-defined source IP addresses for which the rule is applicable.
src_ip_groups (list) – The IDs for the Source IP address groups for which the rule is applicable.
src_ipv6_groups (list) – The IDs for theSource IPv6 address groups for which the rule is applicable.
dest_addresses (list) – List of destination IP addresses, CIDRs or FQDNs for which the rule is applicable.
dest_ip_categories (list) – List of destination IP categories to which the rule applies.
res_categories (list) – List of destination domain categories to which the rule applies.
dest_countries (list) – List of Destination countries for which the rule is applicable.
dest_countries – List of Destination countries for which the rule is applicable.
dest_ip_groups (list) – IDs for destination IP groups.
dest_ipv6_groups (list) – IDs for destination IPV6 groups.
nw_services (list) – IDs for network services the rule applies to.
nw_service_groups (list) – IDs for network service groups.
nw_application_groups (list) – IDs for network application groups.
device_groups (list) – Device groups managed using Zscaler Client Connector.
devices (list) – Devices managed using Zscaler Client Connector.
zpa_app_segments (list[dict]) – ZPA Application Segments applicable to the rule. - external_id (str): Indicates the external ID. Applicable only when this reference is of an external entity. - name (str): The name of the Application Segment.
proxy_gateway (dict or list[dict]) – Proxy Gateway resource(s) applicable to the rule. - id (int, optional): The unique identifier for the proxy gateway. - name (str): The name of the Proxy Gateway.
zpa_gateway (dict or list[dict]) – ZPA Gateway resource(s) applicable to the rule. - id (int, optional): The unique identifier for the ZPA Gateway. - name (str): The name of the ZPA Gateway.
- Returns:
New forwarding control rule resource record.
- Return type:
Tuple
Example
Add a DIRECT forwarding control rule:
>>> zia.forwarding_control.add_rule( ... name='FWD_DIRECT#01', ... state="ENABLED", ... order=1, ... type="FORWARDING", ... forward_method="DIRECT", ... src_ips= ["192.168.200.200"], ... dest_addresses=["192.168.255.1"], ... dest_ip_categories=["ZSPROXY_IPS"], ... dest_countries=["COUNTRY_CA", "COUNTRY_US"], ... )
Add a ZPA forwarding control rule:
>>> zia.forwarding_control.add_rule( ... name='FWD_DIRECT#01', ... state="ENABLED", ... order=1, ... type="FORWARDING", ... forward_method="ZPA", ... src_ips= ["192.168.200.200"], ... dest_addresses=["192.168.255.1"], ... dest_ip_categories=["ZSPROXY_IPS"], ... dest_countries=["COUNTRY_CA", "COUNTRY_US"], ... zpa_gateway={ ... "name": "ZPAGW01", ... "external_id": "2" ... } ... zpa_app_segments=[ ... { ... "name": "Inspect App Segments", ... "external_id": "2" ... } ... ] ... )
- delete_rule(rule_id)¶
Deletes the specified forwarding control filter rule.
- get_rule(rule_id)¶
Returns information for the specified forwarding control rule.
- Parameters:
rule_id (str) – The unique identifier for the forwarding control rule.
- Returns:
A tuple containing (forwarding control rule instance, Response, error).
- Return type:
Example
Retrieve a forwarding control rule by its ID:
>>> rule, response, error = zia.forwarding_control.get_rule('123456') >>> if not error: ... print(rule.as_dict())
- list_rules(query_params=None)¶
Lists forwarding control rules rules in your organization with pagination.
- Parameters:
{dict} (query_params) –
Map of query parameters for the request.
[query_params.search]{str}: Search string for filtering results.- Returns:
A tuple containing (list of forwarding control rules instances, Response, error).
- Return type:
Examples
Print all forwarding control rule
>>> rule_list, response, error = zia.forwarding_control.list_rules() ... if error: ... print(f"Error listing rules: {error}") ... return ... print(f"Total rules found: {len(rule_list)}") ... for rule in rule_list: ... print(rule.as_dict())
Print a forwarding control rule that match the name ‘Rule01’
>>> rule_list, response, error = zia.forwarding_control.list_rules(query_params={"search": 'Rule01'}) ... if error: ... print(f"Error listing rules: {error}") ... return ... print(f"Total rules found: {len(rule_list)}") ... for rule in rule_list: ... print(rule.as_dict())
- update_rule(rule_id, **kwargs)¶
Adds a new forwarding control rule.
- Parameters:
- Keyword Arguments:
order (str) – The order of the rule, defaults to adding rule to bottom of list.
rank (str) – The admin rank of the rule. Supported values 1-7
forward_method (str) – The type of traffic forwarding method selected from the available options
Values (Supported) – INVALID, DIRECT, PROXYCHAIN, ZIA, ZPA, ECZPA, ECSELF, DROP
state (str) – The rule state. Accepted values are ‘ENABLED’ or ‘DISABLED’.
description (str) – Additional information about the rule
groups (list) – The IDs for the groups that this rule applies to.
departments (list) – IDs for departments the rule applies to.
ec_groups (list) – The IDs for the Zscaler Cloud Connector groups to which the forwarding rule applies.
users (list) – The IDs for the users that this rule applies to.
protocols (list) – The protocol criteria for the rule.
labels (list) – The IDs for the labels that this rule applies to.
locations (list) – The IDs for the locations that this rule applies to.
location_groups (list) – The IDs for the location groups that this rule applies to.
src_ips (list) – List of User-defined source IP addresses for which the rule is applicable.
src_ip_groups (list) – The IDs for the Source IP address groups for which the rule is applicable.
src_ipv6_groups (list) – The IDs for theSource IPv6 address groups for which the rule is applicable.
dest_addresses (list) – List of destination IP addresses, CIDRs or FQDNs for which the rule is applicable.
dest_ip_categories (list) – List of destination IP categories to which the rule applies.
res_categories (list) – List of destination domain categories to which the rule applies.
dest_countries (list) – List of Destination countries for which the rule is applicable.
dest_countries – List of Destination countries for which the rule is applicable.
dest_ip_groups (list) – IDs for destination IP groups.
dest_ipv6_groups (list) – IDs for destination IPV6 groups.
nw_services (list) – IDs for network services the rule applies to.
nw_service_groups (list) – IDs for network service groups.
nw_application_groups (list) – IDs for network application groups.
device_groups (list) – Device groups managed using Zscaler Client Connector.
devices (list) – Devices managed using Zscaler Client Connector.
zpa_app_segments (list[dict]) – ZPA Application Segments applicable to the rule. - external_id (str): Indicates the external ID. Applicable only when this reference is of an external entity. - name (str): The name of the Application Segment.
proxy_gateway (dict or list[dict]) – Proxy Gateway resource(s) applicable to the rule. - id (int, optional): The unique identifier for the proxy gateway. - name (str): The name of the Proxy Gateway.
zpa_gateway (dict or list[dict]) – ZPA Gateway resource(s) applicable to the rule. - id (int, optional): The unique identifier for the ZPA Gateway. - name (str): The name of the ZPA Gateway.
- Returns:
New forwarding control rule resource record.
- Return type:
Tuple
Example
Update the src_ips in the DIRECT forwarding control rule:
>>> zia.forwarding_control.add_rule( ... rule_id='282458', ... name='FWD_DIRECT#01', ... state="ENABLED", ... order=1, ... type="FORWARDING", ... forward_method="DIRECT", ... src_ips= ["192.168.200.205"], ... dest_addresses=["192.168.255.1"], ... dest_ip_categories=["ZSPROXY_IPS"], ... dest_countries=["COUNTRY_CA", "COUNTRY_US"], ... )
Update a ZPA forwarding control rule:
>>> zia.forwarding_control.add_rule( ... name='FWD_DIRECT#01', ... state="ENABLED", ... order=1, ... type="FORWARDING", ... forward_method="ZPA", ... src_ips= ["192.168.200.200"], ... dest_addresses=["192.168.255.1"], ... dest_ip_categories=["ZSPROXY_IPS"], ... dest_countries=["COUNTRY_CA", "COUNTRY_US"], ... zpa_gateway={ ... "name": "ZPAGW01", ... "external_id": "2" ... } ... zpa_app_segments=[ ... { ... "name": "Inspect App Segments", ... "external_id": "2" ... } ... ] ... )