Docs Home
Packages
Zscaler Internet Access v0.0.7 published on Tuesday, Jul 30, 2024 by Zscaler
zia.LocationManagement
Explore with Pulumi AI
The zia_location_management resource allows the creation and management of ZIA locations in the Zscaler Internet Access. This resource can then be associated with a:
- Static IP resource
- GRE Tunnel resource
- VPN credentials resource
- URL filtering and firewall filtering rules
Example Usage
Location Management With UFQDN VPN Credential
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
const usaSjc37TrafficForwardingVPNCredentials = new zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", {
type: "UFQDN",
fqdn: "usa_sjc37@acme.com",
comments: "USA - San Jose IPSec Tunnel",
preSharedKey: "***************",
});
const usaSjc37LocationManagement = new zia.LocationManagement("usaSjc37LocationManagement", {
description: "Created with Terraform",
country: "UNITED_STATES",
tz: "UNITED_STATES_AMERICA_LOS_ANGELES",
authRequired: true,
idleTimeInMinutes: 720,
displayTimeUnit: "HOUR",
surrogateIp: true,
xffForwardEnabled: true,
ofwEnabled: true,
ipsControl: true,
vpnCredentials: [{
id: usaSjc37TrafficForwardingVPNCredentials.id,
type: usaSjc37TrafficForwardingVPNCredentials.type,
}],
}, {
dependsOn: [usaSjc37TrafficForwardingVPNCredentials],
});
import pulumi
import zscaler_pulumi_zia as zia
usa_sjc37_traffic_forwarding_vpn_credentials = zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials",
type="UFQDN",
fqdn="usa_sjc37@acme.com",
comments="USA - San Jose IPSec Tunnel",
pre_shared_key="***************")
usa_sjc37_location_management = zia.LocationManagement("usaSjc37LocationManagement",
description="Created with Terraform",
country="UNITED_STATES",
tz="UNITED_STATES_AMERICA_LOS_ANGELES",
auth_required=True,
idle_time_in_minutes=720,
display_time_unit="HOUR",
surrogate_ip=True,
xff_forward_enabled=True,
ofw_enabled=True,
ips_control=True,
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
id=usa_sjc37_traffic_forwarding_vpn_credentials.id,
type=usa_sjc37_traffic_forwarding_vpn_credentials.type,
)],
opts = pulumi.ResourceOptions(depends_on=[usa_sjc37_traffic_forwarding_vpn_credentials]))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
usaSjc37TrafficForwardingVPNCredentials, err := zia.NewTrafficForwardingVPNCredentials(ctx, "usaSjc37TrafficForwardingVPNCredentials", &zia.TrafficForwardingVPNCredentialsArgs{
Type: pulumi.String("UFQDN"),
Fqdn: pulumi.String("usa_sjc37@acme.com"),
Comments: pulumi.String("USA - San Jose IPSec Tunnel"),
PreSharedKey: pulumi.String("***************"),
})
if err != nil {
return err
}
_, err = zia.NewLocationManagement(ctx, "usaSjc37LocationManagement", &zia.LocationManagementArgs{
Description: pulumi.String("Created with Terraform"),
Country: pulumi.String("UNITED_STATES"),
Tz: pulumi.String("UNITED_STATES_AMERICA_LOS_ANGELES"),
AuthRequired: pulumi.Bool(true),
IdleTimeInMinutes: pulumi.Int(720),
DisplayTimeUnit: pulumi.String("HOUR"),
SurrogateIp: pulumi.Bool(true),
XffForwardEnabled: pulumi.Bool(true),
OfwEnabled: pulumi.Bool(true),
IpsControl: pulumi.Bool(true),
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Id: usaSjc37TrafficForwardingVPNCredentials.ID(),
Type: usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingVPNCredentials,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var usaSjc37TrafficForwardingVPNCredentials = new Zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", new()
{
Type = "UFQDN",
Fqdn = "usa_sjc37@acme.com",
Comments = "USA - San Jose IPSec Tunnel",
PreSharedKey = "***************",
});
var usaSjc37LocationManagement = new Zia.LocationManagement("usaSjc37LocationManagement", new()
{
Description = "Created with Terraform",
Country = "UNITED_STATES",
Tz = "UNITED_STATES_AMERICA_LOS_ANGELES",
AuthRequired = true,
IdleTimeInMinutes = 720,
DisplayTimeUnit = "HOUR",
SurrogateIp = true,
XffForwardEnabled = true,
OfwEnabled = true,
IpsControl = true,
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Id = usaSjc37TrafficForwardingVPNCredentials.Id,
Type = usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingVPNCredentials,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.TrafficForwardingVPNCredentials;
import com.pulumi.zia.TrafficForwardingVPNCredentialsArgs;
import com.pulumi.zia.LocationManagement;
import com.pulumi.zia.LocationManagementArgs;
import com.pulumi.zia.inputs.LocationManagementVpnCredentialArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var usaSjc37TrafficForwardingVPNCredentials = new TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", TrafficForwardingVPNCredentialsArgs.builder()
.type("UFQDN")
.fqdn("usa_sjc37@acme.com")
.comments("USA - San Jose IPSec Tunnel")
.preSharedKey("***************")
.build());
var usaSjc37LocationManagement = new LocationManagement("usaSjc37LocationManagement", LocationManagementArgs.builder()
.description("Created with Terraform")
.country("UNITED_STATES")
.tz("UNITED_STATES_AMERICA_LOS_ANGELES")
.authRequired(true)
.idleTimeInMinutes(720)
.displayTimeUnit("HOUR")
.surrogateIp(true)
.xffForwardEnabled(true)
.ofwEnabled(true)
.ipsControl(true)
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.id(usaSjc37TrafficForwardingVPNCredentials.id())
.type(usaSjc37TrafficForwardingVPNCredentials.type())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(usaSjc37TrafficForwardingVPNCredentials)
.build());
}
}
resources:
usaSjc37LocationManagement:
type: zia:LocationManagement
properties:
description: Created with Terraform
country: UNITED_STATES
tz: UNITED_STATES_AMERICA_LOS_ANGELES
authRequired: true
idleTimeInMinutes: 720
displayTimeUnit: HOUR
surrogateIp: true
xffForwardEnabled: true
ofwEnabled: true
ipsControl: true
vpnCredentials:
- id: ${usaSjc37TrafficForwardingVPNCredentials.id}
type: ${usaSjc37TrafficForwardingVPNCredentials.type}
options:
dependson:
- ${usaSjc37TrafficForwardingVPNCredentials}
usaSjc37TrafficForwardingVPNCredentials:
type: zia:TrafficForwardingVPNCredentials
properties:
type: UFQDN
fqdn: usa_sjc37@acme.com
comments: USA - San Jose IPSec Tunnel
preSharedKey: '***************'
Location Management With IP VPN Credential
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
const usaSjc37TrafficForwardingStaticIP = new zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", {
ipAddress: "1.1.1.1",
routableIp: true,
comment: "SJC37 - Static IP",
geoOverride: false,
});
const usaSjc37TrafficForwardingVPNCredentials = new zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", {
type: "IP",
ipAddress: usaSjc37TrafficForwardingStaticIP.ipAddress,
comments: "Created via Terraform",
preSharedKey: "******************",
}, {
dependsOn: [usaSjc37TrafficForwardingStaticIP],
});
// ZIA Location Management with IP VPN Credential
const usaSjc37LocationManagement = new zia.LocationManagement("usaSjc37LocationManagement", {
description: "Created with Terraform",
country: "UNITED_STATES",
tz: "UNITED_STATES_AMERICA_LOS_ANGELES",
authRequired: true,
idleTimeInMinutes: 720,
displayTimeUnit: "HOUR",
surrogateIp: true,
xffForwardEnabled: true,
ofwEnabled: true,
ipsControl: true,
ipAddresses: [usaSjc37TrafficForwardingStaticIP.ipAddress],
vpnCredentials: [{
id: usaSjc37TrafficForwardingVPNCredentials.id,
type: usaSjc37TrafficForwardingVPNCredentials.type,
ipAddress: usaSjc37TrafficForwardingStaticIP.ipAddress,
}],
}, {
dependsOn: [
usaSjc37TrafficForwardingStaticIP,
usaSjc37TrafficForwardingVPNCredentials,
],
});
import pulumi
import zscaler_pulumi_zia as zia
usa_sjc37_traffic_forwarding_static_ip = zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP",
ip_address="1.1.1.1",
routable_ip=True,
comment="SJC37 - Static IP",
geo_override=False)
usa_sjc37_traffic_forwarding_vpn_credentials = zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials",
type="IP",
ip_address=usa_sjc37_traffic_forwarding_static_ip.ip_address,
comments="Created via Terraform",
pre_shared_key="******************",
opts = pulumi.ResourceOptions(depends_on=[usa_sjc37_traffic_forwarding_static_ip]))
# ZIA Location Management with IP VPN Credential
usa_sjc37_location_management = zia.LocationManagement("usaSjc37LocationManagement",
description="Created with Terraform",
country="UNITED_STATES",
tz="UNITED_STATES_AMERICA_LOS_ANGELES",
auth_required=True,
idle_time_in_minutes=720,
display_time_unit="HOUR",
surrogate_ip=True,
xff_forward_enabled=True,
ofw_enabled=True,
ips_control=True,
ip_addresses=[usa_sjc37_traffic_forwarding_static_ip.ip_address],
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
id=usa_sjc37_traffic_forwarding_vpn_credentials.id,
type=usa_sjc37_traffic_forwarding_vpn_credentials.type,
ip_address=usa_sjc37_traffic_forwarding_static_ip.ip_address,
)],
opts = pulumi.ResourceOptions(depends_on=[
usa_sjc37_traffic_forwarding_static_ip,
usa_sjc37_traffic_forwarding_vpn_credentials,
]))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
usaSjc37TrafficForwardingStaticIP, err := zia.NewTrafficForwardingStaticIP(ctx, "usaSjc37TrafficForwardingStaticIP", &zia.TrafficForwardingStaticIPArgs{
IpAddress: pulumi.String("1.1.1.1"),
RoutableIp: pulumi.Bool(true),
Comment: pulumi.String("SJC37 - Static IP"),
GeoOverride: pulumi.Bool(false),
})
if err != nil {
return err
}
usaSjc37TrafficForwardingVPNCredentials, err := zia.NewTrafficForwardingVPNCredentials(ctx, "usaSjc37TrafficForwardingVPNCredentials", &zia.TrafficForwardingVPNCredentialsArgs{
Type: pulumi.String("IP"),
IpAddress: usaSjc37TrafficForwardingStaticIP.IpAddress,
Comments: pulumi.String("Created via Terraform"),
PreSharedKey: pulumi.String("******************"),
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingStaticIP,
}))
if err != nil {
return err
}
// ZIA Location Management with IP VPN Credential
_, err = zia.NewLocationManagement(ctx, "usaSjc37LocationManagement", &zia.LocationManagementArgs{
Description: pulumi.String("Created with Terraform"),
Country: pulumi.String("UNITED_STATES"),
Tz: pulumi.String("UNITED_STATES_AMERICA_LOS_ANGELES"),
AuthRequired: pulumi.Bool(true),
IdleTimeInMinutes: pulumi.Int(720),
DisplayTimeUnit: pulumi.String("HOUR"),
SurrogateIp: pulumi.Bool(true),
XffForwardEnabled: pulumi.Bool(true),
OfwEnabled: pulumi.Bool(true),
IpsControl: pulumi.Bool(true),
IpAddresses: pulumi.StringArray{
usaSjc37TrafficForwardingStaticIP.IpAddress,
},
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Id: usaSjc37TrafficForwardingVPNCredentials.ID(),
Type: usaSjc37TrafficForwardingVPNCredentials.Type,
IpAddress: usaSjc37TrafficForwardingStaticIP.IpAddress,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingStaticIP,
usaSjc37TrafficForwardingVPNCredentials,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var usaSjc37TrafficForwardingStaticIP = new Zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", new()
{
IpAddress = "1.1.1.1",
RoutableIp = true,
Comment = "SJC37 - Static IP",
GeoOverride = false,
});
var usaSjc37TrafficForwardingVPNCredentials = new Zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", new()
{
Type = "IP",
IpAddress = usaSjc37TrafficForwardingStaticIP.IpAddress,
Comments = "Created via Terraform",
PreSharedKey = "******************",
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingStaticIP,
},
});
// ZIA Location Management with IP VPN Credential
var usaSjc37LocationManagement = new Zia.LocationManagement("usaSjc37LocationManagement", new()
{
Description = "Created with Terraform",
Country = "UNITED_STATES",
Tz = "UNITED_STATES_AMERICA_LOS_ANGELES",
AuthRequired = true,
IdleTimeInMinutes = 720,
DisplayTimeUnit = "HOUR",
SurrogateIp = true,
XffForwardEnabled = true,
OfwEnabled = true,
IpsControl = true,
IpAddresses = new[]
{
usaSjc37TrafficForwardingStaticIP.IpAddress,
},
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Id = usaSjc37TrafficForwardingVPNCredentials.Id,
Type = usaSjc37TrafficForwardingVPNCredentials.Type,
IpAddress = usaSjc37TrafficForwardingStaticIP.IpAddress,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingStaticIP,
usaSjc37TrafficForwardingVPNCredentials,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.TrafficForwardingStaticIP;
import com.pulumi.zia.TrafficForwardingStaticIPArgs;
import com.pulumi.zia.TrafficForwardingVPNCredentials;
import com.pulumi.zia.TrafficForwardingVPNCredentialsArgs;
import com.pulumi.zia.LocationManagement;
import com.pulumi.zia.LocationManagementArgs;
import com.pulumi.zia.inputs.LocationManagementVpnCredentialArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var usaSjc37TrafficForwardingStaticIP = new TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", TrafficForwardingStaticIPArgs.builder()
.ipAddress("1.1.1.1")
.routableIp(true)
.comment("SJC37 - Static IP")
.geoOverride(false)
.build());
var usaSjc37TrafficForwardingVPNCredentials = new TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", TrafficForwardingVPNCredentialsArgs.builder()
.type("IP")
.ipAddress(usaSjc37TrafficForwardingStaticIP.ipAddress())
.comments("Created via Terraform")
.preSharedKey("******************")
.build(), CustomResourceOptions.builder()
.dependsOn(usaSjc37TrafficForwardingStaticIP)
.build());
// ZIA Location Management with IP VPN Credential
var usaSjc37LocationManagement = new LocationManagement("usaSjc37LocationManagement", LocationManagementArgs.builder()
.description("Created with Terraform")
.country("UNITED_STATES")
.tz("UNITED_STATES_AMERICA_LOS_ANGELES")
.authRequired(true)
.idleTimeInMinutes(720)
.displayTimeUnit("HOUR")
.surrogateIp(true)
.xffForwardEnabled(true)
.ofwEnabled(true)
.ipsControl(true)
.ipAddresses(usaSjc37TrafficForwardingStaticIP.ipAddress())
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.id(usaSjc37TrafficForwardingVPNCredentials.id())
.type(usaSjc37TrafficForwardingVPNCredentials.type())
.ipAddress(usaSjc37TrafficForwardingStaticIP.ipAddress())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
usaSjc37TrafficForwardingStaticIP,
usaSjc37TrafficForwardingVPNCredentials)
.build());
}
}
resources:
# ZIA Location Management with IP VPN Credential
usaSjc37LocationManagement:
type: zia:LocationManagement
properties:
description: Created with Terraform
country: UNITED_STATES
tz: UNITED_STATES_AMERICA_LOS_ANGELES
authRequired: true
idleTimeInMinutes: 720
displayTimeUnit: HOUR
surrogateIp: true
xffForwardEnabled: true
ofwEnabled: true
ipsControl: true
ipAddresses:
- ${usaSjc37TrafficForwardingStaticIP.ipAddress}
vpnCredentials:
- id: ${usaSjc37TrafficForwardingVPNCredentials.id}
type: ${usaSjc37TrafficForwardingVPNCredentials.type}
ipAddress: ${usaSjc37TrafficForwardingStaticIP.ipAddress}
options:
dependson:
- ${usaSjc37TrafficForwardingStaticIP}
- ${usaSjc37TrafficForwardingVPNCredentials}
usaSjc37TrafficForwardingVPNCredentials:
type: zia:TrafficForwardingVPNCredentials
properties:
type: IP
ipAddress: ${usaSjc37TrafficForwardingStaticIP.ipAddress}
comments: Created via Terraform
preSharedKey: '******************'
options:
dependson:
- ${usaSjc37TrafficForwardingStaticIP}
usaSjc37TrafficForwardingStaticIP:
type: zia:TrafficForwardingStaticIP
properties:
ipAddress: 1.1.1.1
routableIp: true
comment: SJC37 - Static IP
geoOverride: false
Location Management With Manual And Dynamic Location Groups
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
import * as zia from "@pulumi/zia";
const this = zia.getLocationGroups({
name: "SDWAN_CAN",
});
const usaSjc37TrafficForwardingVPNCredentials = new zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", {
type: "UFQDN",
fqdn: "usa_sjc37@acme.com",
comments: "USA - San Jose IPSec Tunnel",
preSharedKey: "***************",
});
// ZIA Location Management with UFQDN VPN Credential
const usaSjc37LocationManagement = new zia.LocationManagement("usaSjc37LocationManagement", {
description: "Created with Terraform",
country: "UNITED_STATES",
tz: "UNITED_STATES_AMERICA_LOS_ANGELES",
state: "California",
authRequired: true,
idleTimeInMinutes: 720,
displayTimeUnit: "HOUR",
surrogateIp: true,
xffForwardEnabled: true,
ofwEnabled: true,
ipsControl: true,
profile: "CORPORATE",
vpnCredentials: [{
id: usaSjc37TrafficForwardingVPNCredentials.id,
type: usaSjc37TrafficForwardingVPNCredentials.type,
}],
staticLocationGroups: {
ids: [_this.then(_this => _this.id)],
},
}, {
dependsOn: [usaSjc37TrafficForwardingVPNCredentials],
});
import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia
this = zia.get_location_groups(name="SDWAN_CAN")
usa_sjc37_traffic_forwarding_vpn_credentials = zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials",
type="UFQDN",
fqdn="usa_sjc37@acme.com",
comments="USA - San Jose IPSec Tunnel",
pre_shared_key="***************")
# ZIA Location Management with UFQDN VPN Credential
usa_sjc37_location_management = zia.LocationManagement("usaSjc37LocationManagement",
description="Created with Terraform",
country="UNITED_STATES",
tz="UNITED_STATES_AMERICA_LOS_ANGELES",
state="California",
auth_required=True,
idle_time_in_minutes=720,
display_time_unit="HOUR",
surrogate_ip=True,
xff_forward_enabled=True,
ofw_enabled=True,
ips_control=True,
profile="CORPORATE",
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
id=usa_sjc37_traffic_forwarding_vpn_credentials.id,
type=usa_sjc37_traffic_forwarding_vpn_credentials.type,
)],
static_location_groups=zia.LocationManagementStaticLocationGroupsArgs(
ids=[this.id],
),
opts = pulumi.ResourceOptions(depends_on=[usa_sjc37_traffic_forwarding_vpn_credentials]))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := zia.GetLocationGroups(ctx, &zia.GetLocationGroupsArgs{
Name: pulumi.StringRef("SDWAN_CAN"),
}, nil)
if err != nil {
return err
}
usaSjc37TrafficForwardingVPNCredentials, err := zia.NewTrafficForwardingVPNCredentials(ctx, "usaSjc37TrafficForwardingVPNCredentials", &zia.TrafficForwardingVPNCredentialsArgs{
Type: pulumi.String("UFQDN"),
Fqdn: pulumi.String("usa_sjc37@acme.com"),
Comments: pulumi.String("USA - San Jose IPSec Tunnel"),
PreSharedKey: pulumi.String("***************"),
})
if err != nil {
return err
}
// ZIA Location Management with UFQDN VPN Credential
_, err = zia.NewLocationManagement(ctx, "usaSjc37LocationManagement", &zia.LocationManagementArgs{
Description: pulumi.String("Created with Terraform"),
Country: pulumi.String("UNITED_STATES"),
Tz: pulumi.String("UNITED_STATES_AMERICA_LOS_ANGELES"),
State: pulumi.String("California"),
AuthRequired: pulumi.Bool(true),
IdleTimeInMinutes: pulumi.Int(720),
DisplayTimeUnit: pulumi.String("HOUR"),
SurrogateIp: pulumi.Bool(true),
XffForwardEnabled: pulumi.Bool(true),
OfwEnabled: pulumi.Bool(true),
IpsControl: pulumi.Bool(true),
Profile: pulumi.String("CORPORATE"),
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Id: usaSjc37TrafficForwardingVPNCredentials.ID(),
Type: usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
StaticLocationGroups: &zia.LocationManagementStaticLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(this.Id),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingVPNCredentials,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var @this = Zia.GetLocationGroups.Invoke(new()
{
Name = "SDWAN_CAN",
});
var usaSjc37TrafficForwardingVPNCredentials = new Zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", new()
{
Type = "UFQDN",
Fqdn = "usa_sjc37@acme.com",
Comments = "USA - San Jose IPSec Tunnel",
PreSharedKey = "***************",
});
// ZIA Location Management with UFQDN VPN Credential
var usaSjc37LocationManagement = new Zia.LocationManagement("usaSjc37LocationManagement", new()
{
Description = "Created with Terraform",
Country = "UNITED_STATES",
Tz = "UNITED_STATES_AMERICA_LOS_ANGELES",
State = "California",
AuthRequired = true,
IdleTimeInMinutes = 720,
DisplayTimeUnit = "HOUR",
SurrogateIp = true,
XffForwardEnabled = true,
OfwEnabled = true,
IpsControl = true,
Profile = "CORPORATE",
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Id = usaSjc37TrafficForwardingVPNCredentials.Id,
Type = usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
StaticLocationGroups = new Zia.Inputs.LocationManagementStaticLocationGroupsArgs
{
Ids = new[]
{
@this.Apply(@this => @this.Apply(getLocationGroupsResult => getLocationGroupsResult.Id)),
},
},
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingVPNCredentials,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.ZiaFunctions;
import com.pulumi.zia.inputs.GetLocationGroupsArgs;
import com.pulumi.zia.TrafficForwardingVPNCredentials;
import com.pulumi.zia.TrafficForwardingVPNCredentialsArgs;
import com.pulumi.zia.LocationManagement;
import com.pulumi.zia.LocationManagementArgs;
import com.pulumi.zia.inputs.LocationManagementVpnCredentialArgs;
import com.pulumi.zia.inputs.LocationManagementStaticLocationGroupsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var this = ZiaFunctions.getLocationGroups(GetLocationGroupsArgs.builder()
.name("SDWAN_CAN")
.build());
var usaSjc37TrafficForwardingVPNCredentials = new TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", TrafficForwardingVPNCredentialsArgs.builder()
.type("UFQDN")
.fqdn("usa_sjc37@acme.com")
.comments("USA - San Jose IPSec Tunnel")
.preSharedKey("***************")
.build());
// ZIA Location Management with UFQDN VPN Credential
var usaSjc37LocationManagement = new LocationManagement("usaSjc37LocationManagement", LocationManagementArgs.builder()
.description("Created with Terraform")
.country("UNITED_STATES")
.tz("UNITED_STATES_AMERICA_LOS_ANGELES")
.state("California")
.authRequired(true)
.idleTimeInMinutes(720)
.displayTimeUnit("HOUR")
.surrogateIp(true)
.xffForwardEnabled(true)
.ofwEnabled(true)
.ipsControl(true)
.profile("CORPORATE")
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.id(usaSjc37TrafficForwardingVPNCredentials.id())
.type(usaSjc37TrafficForwardingVPNCredentials.type())
.build())
.staticLocationGroups(LocationManagementStaticLocationGroupsArgs.builder()
.ids(this_.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(usaSjc37TrafficForwardingVPNCredentials)
.build());
}
}
resources:
# ZIA Location Management with UFQDN VPN Credential
usaSjc37LocationManagement:
type: zia:LocationManagement
properties:
description: Created with Terraform
country: UNITED_STATES
tz: UNITED_STATES_AMERICA_LOS_ANGELES
state: California
authRequired: true
idleTimeInMinutes: 720
displayTimeUnit: HOUR
surrogateIp: true
xffForwardEnabled: true
ofwEnabled: true
ipsControl: true
profile: CORPORATE
vpnCredentials:
- id: ${usaSjc37TrafficForwardingVPNCredentials.id}
type: ${usaSjc37TrafficForwardingVPNCredentials.type}
staticLocationGroups:
ids:
- ${this.id}
options:
dependson:
- ${usaSjc37TrafficForwardingVPNCredentials}
usaSjc37TrafficForwardingVPNCredentials:
type: zia:TrafficForwardingVPNCredentials
properties:
type: UFQDN
fqdn: usa_sjc37@acme.com
comments: USA - San Jose IPSec Tunnel
preSharedKey: '***************'
variables:
this:
fn::invoke:
Function: zia:getLocationGroups
Arguments:
name: SDWAN_CAN
Location Management With Excluded Manual And Dynamic Location Groups
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
import * as zia from "@pulumi/zia";
const this = zia.getLocationGroups({
name: "SDWAN_CAN",
});
const usaSjc37TrafficForwardingVPNCredentials = new zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", {
type: "UFQDN",
fqdn: "usa_sjc37@acme.com",
comments: "USA - San Jose IPSec Tunnel",
preSharedKey: "***************",
});
// ZIA Location Management with UFQDN VPN Credential
const usaSjc37LocationManagement = new zia.LocationManagement("usaSjc37LocationManagement", {
description: "Created with Terraform",
country: "UNITED_STATES",
tz: "UNITED_STATES_AMERICA_LOS_ANGELES",
state: "California",
authRequired: true,
idleTimeInMinutes: 720,
displayTimeUnit: "HOUR",
surrogateIp: true,
xffForwardEnabled: true,
ofwEnabled: true,
ipsControl: true,
excludeFromDynamicGroups: true,
excludeFromManualGroups: true,
profile: "CORPORATE",
vpnCredentials: [{
id: usaSjc37TrafficForwardingVPNCredentials.id,
type: usaSjc37TrafficForwardingVPNCredentials.type,
}],
}, {
dependsOn: [usaSjc37TrafficForwardingVPNCredentials],
});
import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia
this = zia.get_location_groups(name="SDWAN_CAN")
usa_sjc37_traffic_forwarding_vpn_credentials = zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials",
type="UFQDN",
fqdn="usa_sjc37@acme.com",
comments="USA - San Jose IPSec Tunnel",
pre_shared_key="***************")
# ZIA Location Management with UFQDN VPN Credential
usa_sjc37_location_management = zia.LocationManagement("usaSjc37LocationManagement",
description="Created with Terraform",
country="UNITED_STATES",
tz="UNITED_STATES_AMERICA_LOS_ANGELES",
state="California",
auth_required=True,
idle_time_in_minutes=720,
display_time_unit="HOUR",
surrogate_ip=True,
xff_forward_enabled=True,
ofw_enabled=True,
ips_control=True,
exclude_from_dynamic_groups=True,
exclude_from_manual_groups=True,
profile="CORPORATE",
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
id=usa_sjc37_traffic_forwarding_vpn_credentials.id,
type=usa_sjc37_traffic_forwarding_vpn_credentials.type,
)],
opts = pulumi.ResourceOptions(depends_on=[usa_sjc37_traffic_forwarding_vpn_credentials]))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zia.GetLocationGroups(ctx, &zia.GetLocationGroupsArgs{
Name: pulumi.StringRef("SDWAN_CAN"),
}, nil)
if err != nil {
return err
}
usaSjc37TrafficForwardingVPNCredentials, err := zia.NewTrafficForwardingVPNCredentials(ctx, "usaSjc37TrafficForwardingVPNCredentials", &zia.TrafficForwardingVPNCredentialsArgs{
Type: pulumi.String("UFQDN"),
Fqdn: pulumi.String("usa_sjc37@acme.com"),
Comments: pulumi.String("USA - San Jose IPSec Tunnel"),
PreSharedKey: pulumi.String("***************"),
})
if err != nil {
return err
}
// ZIA Location Management with UFQDN VPN Credential
_, err = zia.NewLocationManagement(ctx, "usaSjc37LocationManagement", &zia.LocationManagementArgs{
Description: pulumi.String("Created with Terraform"),
Country: pulumi.String("UNITED_STATES"),
Tz: pulumi.String("UNITED_STATES_AMERICA_LOS_ANGELES"),
State: pulumi.String("California"),
AuthRequired: pulumi.Bool(true),
IdleTimeInMinutes: pulumi.Int(720),
DisplayTimeUnit: pulumi.String("HOUR"),
SurrogateIp: pulumi.Bool(true),
XffForwardEnabled: pulumi.Bool(true),
OfwEnabled: pulumi.Bool(true),
IpsControl: pulumi.Bool(true),
ExcludeFromDynamicGroups: pulumi.Bool(true),
ExcludeFromManualGroups: pulumi.Bool(true),
Profile: pulumi.String("CORPORATE"),
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Id: usaSjc37TrafficForwardingVPNCredentials.ID(),
Type: usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingVPNCredentials,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var @this = Zia.GetLocationGroups.Invoke(new()
{
Name = "SDWAN_CAN",
});
var usaSjc37TrafficForwardingVPNCredentials = new Zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", new()
{
Type = "UFQDN",
Fqdn = "usa_sjc37@acme.com",
Comments = "USA - San Jose IPSec Tunnel",
PreSharedKey = "***************",
});
// ZIA Location Management with UFQDN VPN Credential
var usaSjc37LocationManagement = new Zia.LocationManagement("usaSjc37LocationManagement", new()
{
Description = "Created with Terraform",
Country = "UNITED_STATES",
Tz = "UNITED_STATES_AMERICA_LOS_ANGELES",
State = "California",
AuthRequired = true,
IdleTimeInMinutes = 720,
DisplayTimeUnit = "HOUR",
SurrogateIp = true,
XffForwardEnabled = true,
OfwEnabled = true,
IpsControl = true,
ExcludeFromDynamicGroups = true,
ExcludeFromManualGroups = true,
Profile = "CORPORATE",
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Id = usaSjc37TrafficForwardingVPNCredentials.Id,
Type = usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingVPNCredentials,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.ZiaFunctions;
import com.pulumi.zia.inputs.GetLocationGroupsArgs;
import com.pulumi.zia.TrafficForwardingVPNCredentials;
import com.pulumi.zia.TrafficForwardingVPNCredentialsArgs;
import com.pulumi.zia.LocationManagement;
import com.pulumi.zia.LocationManagementArgs;
import com.pulumi.zia.inputs.LocationManagementVpnCredentialArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var this = ZiaFunctions.getLocationGroups(GetLocationGroupsArgs.builder()
.name("SDWAN_CAN")
.build());
var usaSjc37TrafficForwardingVPNCredentials = new TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", TrafficForwardingVPNCredentialsArgs.builder()
.type("UFQDN")
.fqdn("usa_sjc37@acme.com")
.comments("USA - San Jose IPSec Tunnel")
.preSharedKey("***************")
.build());
// ZIA Location Management with UFQDN VPN Credential
var usaSjc37LocationManagement = new LocationManagement("usaSjc37LocationManagement", LocationManagementArgs.builder()
.description("Created with Terraform")
.country("UNITED_STATES")
.tz("UNITED_STATES_AMERICA_LOS_ANGELES")
.state("California")
.authRequired(true)
.idleTimeInMinutes(720)
.displayTimeUnit("HOUR")
.surrogateIp(true)
.xffForwardEnabled(true)
.ofwEnabled(true)
.ipsControl(true)
.excludeFromDynamicGroups(true)
.excludeFromManualGroups(true)
.profile("CORPORATE")
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.id(usaSjc37TrafficForwardingVPNCredentials.id())
.type(usaSjc37TrafficForwardingVPNCredentials.type())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(usaSjc37TrafficForwardingVPNCredentials)
.build());
}
}
resources:
# ZIA Location Management with UFQDN VPN Credential
usaSjc37LocationManagement:
type: zia:LocationManagement
properties:
description: Created with Terraform
country: UNITED_STATES
tz: UNITED_STATES_AMERICA_LOS_ANGELES
state: California
authRequired: true
idleTimeInMinutes: 720
displayTimeUnit: HOUR
surrogateIp: true
xffForwardEnabled: true
ofwEnabled: true
ipsControl: true
excludeFromDynamicGroups: true
excludeFromManualGroups: true
profile: CORPORATE
vpnCredentials:
- id: ${usaSjc37TrafficForwardingVPNCredentials.id}
type: ${usaSjc37TrafficForwardingVPNCredentials.type}
options:
dependson:
- ${usaSjc37TrafficForwardingVPNCredentials}
usaSjc37TrafficForwardingVPNCredentials:
type: zia:TrafficForwardingVPNCredentials
properties:
type: UFQDN
fqdn: usa_sjc37@acme.com
comments: USA - San Jose IPSec Tunnel
preSharedKey: '***************'
variables:
this:
fn::invoke:
Function: zia:getLocationGroups
Arguments:
name: SDWAN_CAN
Create LocationManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LocationManagement(name: string, args?: LocationManagementArgs, opts?: CustomResourceOptions);@overload
def LocationManagement(resource_name: str,
args: Optional[LocationManagementArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def LocationManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
aup_block_internet_until_accepted: Optional[bool] = None,
aup_enabled: Optional[bool] = None,
aup_force_ssl_inspection: Optional[bool] = None,
aup_timeout_in_days: Optional[int] = None,
auth_required: Optional[bool] = None,
basic_auth_enabled: Optional[bool] = None,
caution_enabled: Optional[bool] = None,
cookies_and_proxy: Optional[bool] = None,
country: Optional[str] = None,
description: Optional[str] = None,
digest_auth_enabled: Optional[bool] = None,
display_time_unit: Optional[str] = None,
dn_bandwidth: Optional[int] = None,
dynamic_location_groups: Optional[LocationManagementDynamicLocationGroupsArgs] = None,
exclude_from_dynamic_groups: Optional[bool] = None,
exclude_from_manual_groups: Optional[bool] = None,
idle_time_in_minutes: Optional[int] = None,
iot_discovery_enabled: Optional[bool] = None,
iot_enforce_policy_set: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
ips_control: Optional[bool] = None,
ipv6_dns64prefix: Optional[bool] = None,
ipv6_enabled: Optional[bool] = None,
kerberos_auth_enabled: Optional[bool] = None,
name: Optional[str] = None,
ofw_enabled: Optional[bool] = None,
other6_sublocation: Optional[bool] = None,
other_sublocation: Optional[bool] = None,
parent_id: Optional[int] = None,
ports: Optional[str] = None,
profile: Optional[str] = None,
ssl_scan_enabled: Optional[bool] = None,
state: Optional[str] = None,
static_location_groups: Optional[LocationManagementStaticLocationGroupsArgs] = None,
surrogate_ip: Optional[bool] = None,
surrogate_ip_enforced_for_known_browsers: Optional[bool] = None,
surrogate_refresh_time_in_minutes: Optional[int] = None,
surrogate_refresh_time_unit: Optional[str] = None,
tz: Optional[str] = None,
up_bandwidth: Optional[int] = None,
vpn_credentials: Optional[Sequence[LocationManagementVpnCredentialArgs]] = None,
xff_forward_enabled: Optional[bool] = None,
zapp_ssl_scan_enabled: Optional[bool] = None)func NewLocationManagement(ctx *Context, name string, args *LocationManagementArgs, opts ...ResourceOption) (*LocationManagement, error)public LocationManagement(string name, LocationManagementArgs? args = null, CustomResourceOptions? opts = null)
public LocationManagement(String name, LocationManagementArgs args)
public LocationManagement(String name, LocationManagementArgs args, CustomResourceOptions options)
type: zia:LocationManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var locationManagementResource = new Zia.LocationManagement("locationManagementResource", new()
{
AupBlockInternetUntilAccepted = false,
AupEnabled = false,
AupForceSslInspection = false,
AupTimeoutInDays = 0,
AuthRequired = false,
BasicAuthEnabled = false,
CautionEnabled = false,
CookiesAndProxy = false,
Country = "string",
Description = "string",
DigestAuthEnabled = false,
DisplayTimeUnit = "string",
DnBandwidth = 0,
DynamicLocationGroups = new Zia.Inputs.LocationManagementDynamicLocationGroupsArgs
{
Ids = new[]
{
0,
},
},
ExcludeFromDynamicGroups = false,
ExcludeFromManualGroups = false,
IdleTimeInMinutes = 0,
IotDiscoveryEnabled = false,
IotEnforcePolicySet = false,
IpAddresses = new[]
{
"string",
},
IpsControl = false,
Ipv6Dns64prefix = false,
Ipv6Enabled = false,
KerberosAuthEnabled = false,
Name = "string",
OfwEnabled = false,
Other6Sublocation = false,
OtherSublocation = false,
ParentId = 0,
Ports = "string",
Profile = "string",
SslScanEnabled = false,
State = "string",
StaticLocationGroups = new Zia.Inputs.LocationManagementStaticLocationGroupsArgs
{
Ids = new[]
{
0,
},
},
SurrogateIp = false,
SurrogateIpEnforcedForKnownBrowsers = false,
SurrogateRefreshTimeInMinutes = 0,
SurrogateRefreshTimeUnit = "string",
Tz = "string",
UpBandwidth = 0,
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Comments = "string",
Fqdn = "string",
Id = 0,
IpAddress = "string",
PreSharedKey = "string",
Type = "string",
},
},
XffForwardEnabled = false,
ZappSslScanEnabled = false,
});
example, err := zia.NewLocationManagement(ctx, "locationManagementResource", &zia.LocationManagementArgs{
AupBlockInternetUntilAccepted: pulumi.Bool(false),
AupEnabled: pulumi.Bool(false),
AupForceSslInspection: pulumi.Bool(false),
AupTimeoutInDays: pulumi.Int(0),
AuthRequired: pulumi.Bool(false),
BasicAuthEnabled: pulumi.Bool(false),
CautionEnabled: pulumi.Bool(false),
CookiesAndProxy: pulumi.Bool(false),
Country: pulumi.String("string"),
Description: pulumi.String("string"),
DigestAuthEnabled: pulumi.Bool(false),
DisplayTimeUnit: pulumi.String("string"),
DnBandwidth: pulumi.Int(0),
DynamicLocationGroups: &zia.LocationManagementDynamicLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
ExcludeFromDynamicGroups: pulumi.Bool(false),
ExcludeFromManualGroups: pulumi.Bool(false),
IdleTimeInMinutes: pulumi.Int(0),
IotDiscoveryEnabled: pulumi.Bool(false),
IotEnforcePolicySet: pulumi.Bool(false),
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
IpsControl: pulumi.Bool(false),
Ipv6Dns64prefix: pulumi.Bool(false),
Ipv6Enabled: pulumi.Bool(false),
KerberosAuthEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
OfwEnabled: pulumi.Bool(false),
Other6Sublocation: pulumi.Bool(false),
OtherSublocation: pulumi.Bool(false),
ParentId: pulumi.Int(0),
Ports: pulumi.String("string"),
Profile: pulumi.String("string"),
SslScanEnabled: pulumi.Bool(false),
State: pulumi.String("string"),
StaticLocationGroups: &zia.LocationManagementStaticLocationGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
SurrogateIp: pulumi.Bool(false),
SurrogateIpEnforcedForKnownBrowsers: pulumi.Bool(false),
SurrogateRefreshTimeInMinutes: pulumi.Int(0),
SurrogateRefreshTimeUnit: pulumi.String("string"),
Tz: pulumi.String("string"),
UpBandwidth: pulumi.Int(0),
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Comments: pulumi.String("string"),
Fqdn: pulumi.String("string"),
Id: pulumi.Int(0),
IpAddress: pulumi.String("string"),
PreSharedKey: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
XffForwardEnabled: pulumi.Bool(false),
ZappSslScanEnabled: pulumi.Bool(false),
})
var locationManagementResource = new LocationManagement("locationManagementResource", LocationManagementArgs.builder()
.aupBlockInternetUntilAccepted(false)
.aupEnabled(false)
.aupForceSslInspection(false)
.aupTimeoutInDays(0)
.authRequired(false)
.basicAuthEnabled(false)
.cautionEnabled(false)
.cookiesAndProxy(false)
.country("string")
.description("string")
.digestAuthEnabled(false)
.displayTimeUnit("string")
.dnBandwidth(0)
.dynamicLocationGroups(LocationManagementDynamicLocationGroupsArgs.builder()
.ids(0)
.build())
.excludeFromDynamicGroups(false)
.excludeFromManualGroups(false)
.idleTimeInMinutes(0)
.iotDiscoveryEnabled(false)
.iotEnforcePolicySet(false)
.ipAddresses("string")
.ipsControl(false)
.ipv6Dns64prefix(false)
.ipv6Enabled(false)
.kerberosAuthEnabled(false)
.name("string")
.ofwEnabled(false)
.other6Sublocation(false)
.otherSublocation(false)
.parentId(0)
.ports("string")
.profile("string")
.sslScanEnabled(false)
.state("string")
.staticLocationGroups(LocationManagementStaticLocationGroupsArgs.builder()
.ids(0)
.build())
.surrogateIp(false)
.surrogateIpEnforcedForKnownBrowsers(false)
.surrogateRefreshTimeInMinutes(0)
.surrogateRefreshTimeUnit("string")
.tz("string")
.upBandwidth(0)
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.comments("string")
.fqdn("string")
.id(0)
.ipAddress("string")
.preSharedKey("string")
.type("string")
.build())
.xffForwardEnabled(false)
.zappSslScanEnabled(false)
.build());
location_management_resource = zia.LocationManagement("locationManagementResource",
aup_block_internet_until_accepted=False,
aup_enabled=False,
aup_force_ssl_inspection=False,
aup_timeout_in_days=0,
auth_required=False,
basic_auth_enabled=False,
caution_enabled=False,
cookies_and_proxy=False,
country="string",
description="string",
digest_auth_enabled=False,
display_time_unit="string",
dn_bandwidth=0,
dynamic_location_groups=zia.LocationManagementDynamicLocationGroupsArgs(
ids=[0],
),
exclude_from_dynamic_groups=False,
exclude_from_manual_groups=False,
idle_time_in_minutes=0,
iot_discovery_enabled=False,
iot_enforce_policy_set=False,
ip_addresses=["string"],
ips_control=False,
ipv6_dns64prefix=False,
ipv6_enabled=False,
kerberos_auth_enabled=False,
name="string",
ofw_enabled=False,
other6_sublocation=False,
other_sublocation=False,
parent_id=0,
ports="string",
profile="string",
ssl_scan_enabled=False,
state="string",
static_location_groups=zia.LocationManagementStaticLocationGroupsArgs(
ids=[0],
),
surrogate_ip=False,
surrogate_ip_enforced_for_known_browsers=False,
surrogate_refresh_time_in_minutes=0,
surrogate_refresh_time_unit="string",
tz="string",
up_bandwidth=0,
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
comments="string",
fqdn="string",
id=0,
ip_address="string",
pre_shared_key="string",
type="string",
)],
xff_forward_enabled=False,
zapp_ssl_scan_enabled=False)
const locationManagementResource = new zia.LocationManagement("locationManagementResource", {
aupBlockInternetUntilAccepted: false,
aupEnabled: false,
aupForceSslInspection: false,
aupTimeoutInDays: 0,
authRequired: false,
basicAuthEnabled: false,
cautionEnabled: false,
cookiesAndProxy: false,
country: "string",
description: "string",
digestAuthEnabled: false,
displayTimeUnit: "string",
dnBandwidth: 0,
dynamicLocationGroups: {
ids: [0],
},
excludeFromDynamicGroups: false,
excludeFromManualGroups: false,
idleTimeInMinutes: 0,
iotDiscoveryEnabled: false,
iotEnforcePolicySet: false,
ipAddresses: ["string"],
ipsControl: false,
ipv6Dns64prefix: false,
ipv6Enabled: false,
kerberosAuthEnabled: false,
name: "string",
ofwEnabled: false,
other6Sublocation: false,
otherSublocation: false,
parentId: 0,
ports: "string",
profile: "string",
sslScanEnabled: false,
state: "string",
staticLocationGroups: {
ids: [0],
},
surrogateIp: false,
surrogateIpEnforcedForKnownBrowsers: false,
surrogateRefreshTimeInMinutes: 0,
surrogateRefreshTimeUnit: "string",
tz: "string",
upBandwidth: 0,
vpnCredentials: [{
comments: "string",
fqdn: "string",
id: 0,
ipAddress: "string",
preSharedKey: "string",
type: "string",
}],
xffForwardEnabled: false,
zappSslScanEnabled: false,
});
type: zia:LocationManagement
properties:
aupBlockInternetUntilAccepted: false
aupEnabled: false
aupForceSslInspection: false
aupTimeoutInDays: 0
authRequired: false
basicAuthEnabled: false
cautionEnabled: false
cookiesAndProxy: false
country: string
description: string
digestAuthEnabled: false
displayTimeUnit: string
dnBandwidth: 0
dynamicLocationGroups:
ids:
- 0
excludeFromDynamicGroups: false
excludeFromManualGroups: false
idleTimeInMinutes: 0
iotDiscoveryEnabled: false
iotEnforcePolicySet: false
ipAddresses:
- string
ipsControl: false
ipv6Dns64prefix: false
ipv6Enabled: false
kerberosAuthEnabled: false
name: string
ofwEnabled: false
other6Sublocation: false
otherSublocation: false
parentId: 0
ports: string
profile: string
sslScanEnabled: false
state: string
staticLocationGroups:
ids:
- 0
surrogateIp: false
surrogateIpEnforcedForKnownBrowsers: false
surrogateRefreshTimeInMinutes: 0
surrogateRefreshTimeUnit: string
tz: string
upBandwidth: 0
vpnCredentials:
- comments: string
fqdn: string
id: 0
ipAddress: string
preSharedKey: string
type: string
xffForwardEnabled: false
zappSslScanEnabled: false
LocationManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The LocationManagement resource accepts the following input properties:
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- Country string
- Supported Countries
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Dynamic
Location zscaler.Groups Pulumi Package. Zia. Inputs. Location Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- Exclude
From boolDynamic Groups - Exclude
From boolManual Groups - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Iot
Enforce boolPolicy Set - Ip
Addresses List<string> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Name string
- Location Name.
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - Ssl
Scan boolEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- State string
- IP ports that are associated with the location.
- Static
Location zscaler.Groups Pulumi Package. Zia. Inputs. Location Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Vpn
Credentials List<zscaler.Pulumi Package. Zia. Inputs. Location Management Vpn Credential> - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- Country string
- Supported Countries
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Dynamic
Location LocationGroups Management Dynamic Location Groups Args - Name-ID pairs of locations for which rule must be applied
- Exclude
From boolDynamic Groups - Exclude
From boolManual Groups - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Iot
Enforce boolPolicy Set - Ip
Addresses []string - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Name string
- Location Name.
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - Ssl
Scan boolEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- State string
- IP ports that are associated with the location.
- Static
Location LocationGroups Management Static Location Groups Args - Name-ID pairs of locations for which rule must be applied
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Vpn
Credentials []LocationManagement Vpn Credential Args - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout IntegerIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Boolean
- country String
- Supported Countries
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Integer - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location LocationGroups Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- exclude
From BooleanDynamic Groups - exclude
From BooleanManual Groups - idle
Time IntegerIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- iot
Enforce BooleanPolicy Set - ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- name String
- Location Name.
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Integer - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan BooleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state String
- IP ports that are associated with the location.
- static
Location LocationGroups Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh IntegerTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Integer - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials List<LocationManagement Vpn Credential> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block booleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force booleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout numberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth booleanEnabled - Enable Basic Authentication at the location
- caution
Enabled boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- boolean
- country string
- Supported Countries
- description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth booleanEnabled - Enable Digest Authentication at the location
- display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth number - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location LocationGroups Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- exclude
From booleanDynamic Groups - exclude
From booleanManual Groups - idle
Time numberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery booleanEnabled - Enable IOT Discovery at the location
- iot
Enforce booleanPolicy Set - ip
Addresses string[] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth booleanEnabled - Enable Kerberos Authentication at the location
- name string
- Location Name.
- ofw
Enabled boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id number - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports string
- IP ports that are associated with the location.
- profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan booleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state string
- IP ports that are associated with the location.
- static
Location LocationGroups Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip booleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh numberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz string
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth number - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials LocationManagement Vpn Credential[] - xff
Forward booleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl booleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup_
block_ boolinternet_ until_ accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup_
enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- aup_
force_ boolssl_ inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup_
timeout_ intin_ days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth_
required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic_
auth_ boolenabled - Enable Basic Authentication at the location
- caution_
enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- country str
- Supported Countries
- description str
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest_
auth_ boolenabled - Enable Digest Authentication at the location
- display_
time_ strunit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn_
bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic_
location_ Locationgroups Management Dynamic Location Groups Args - Name-ID pairs of locations for which rule must be applied
- exclude_
from_ booldynamic_ groups - exclude_
from_ boolmanual_ groups - idle_
time_ intin_ minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot_
discovery_ boolenabled - Enable IOT Discovery at the location
- iot_
enforce_ boolpolicy_ set - ip_
addresses Sequence[str] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips_
control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6_
dns64prefix bool - (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6_
enabled bool - If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos_
auth_ boolenabled - Enable Kerberos Authentication at the location
- name str
- Location Name.
- ofw_
enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent_
id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports str
- IP ports that are associated with the location.
- profile str
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl_
scan_ boolenabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state str
- IP ports that are associated with the location.
- static_
location_ Locationgroups Management Static Location Groups Args - Name-ID pairs of locations for which rule must be applied
- surrogate_
ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate_
ip_ boolenforced_ for_ known_ browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate_
refresh_ inttime_ in_ minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate_
refresh_ strtime_ unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz str
- Timezone of the location. If not specified, it defaults to GMT.
- up_
bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn_
credentials Sequence[LocationManagement Vpn Credential Args] - xff_
forward_ boolenabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp_
ssl_ boolscan_ enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout NumberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Boolean
- country String
- Supported Countries
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Number - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location Property MapGroups - Name-ID pairs of locations for which rule must be applied
- exclude
From BooleanDynamic Groups - exclude
From BooleanManual Groups - idle
Time NumberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- iot
Enforce BooleanPolicy Set - ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- name String
- Location Name.
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Number - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan BooleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state String
- IP ports that are associated with the location.
- static
Location Property MapGroups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh NumberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Number - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials List<Property Map> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
Outputs
All input properties are implicitly available as output properties. Additionally, the LocationManagement resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Location
Id int
- Id string
- The provider-assigned unique ID for this managed resource.
- Location
Id int
- id String
- The provider-assigned unique ID for this managed resource.
- location
Id Integer
- id string
- The provider-assigned unique ID for this managed resource.
- location
Id number
- id str
- The provider-assigned unique ID for this managed resource.
- location_
id int
- id String
- The provider-assigned unique ID for this managed resource.
- location
Id Number
Look up Existing LocationManagement Resource
Get an existing LocationManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LocationManagementState, opts?: CustomResourceOptions): LocationManagement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aup_block_internet_until_accepted: Optional[bool] = None,
aup_enabled: Optional[bool] = None,
aup_force_ssl_inspection: Optional[bool] = None,
aup_timeout_in_days: Optional[int] = None,
auth_required: Optional[bool] = None,
basic_auth_enabled: Optional[bool] = None,
caution_enabled: Optional[bool] = None,
cookies_and_proxy: Optional[bool] = None,
country: Optional[str] = None,
description: Optional[str] = None,
digest_auth_enabled: Optional[bool] = None,
display_time_unit: Optional[str] = None,
dn_bandwidth: Optional[int] = None,
dynamic_location_groups: Optional[LocationManagementDynamicLocationGroupsArgs] = None,
exclude_from_dynamic_groups: Optional[bool] = None,
exclude_from_manual_groups: Optional[bool] = None,
idle_time_in_minutes: Optional[int] = None,
iot_discovery_enabled: Optional[bool] = None,
iot_enforce_policy_set: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
ips_control: Optional[bool] = None,
ipv6_dns64prefix: Optional[bool] = None,
ipv6_enabled: Optional[bool] = None,
kerberos_auth_enabled: Optional[bool] = None,
location_id: Optional[int] = None,
name: Optional[str] = None,
ofw_enabled: Optional[bool] = None,
other6_sublocation: Optional[bool] = None,
other_sublocation: Optional[bool] = None,
parent_id: Optional[int] = None,
ports: Optional[str] = None,
profile: Optional[str] = None,
ssl_scan_enabled: Optional[bool] = None,
state: Optional[str] = None,
static_location_groups: Optional[LocationManagementStaticLocationGroupsArgs] = None,
surrogate_ip: Optional[bool] = None,
surrogate_ip_enforced_for_known_browsers: Optional[bool] = None,
surrogate_refresh_time_in_minutes: Optional[int] = None,
surrogate_refresh_time_unit: Optional[str] = None,
tz: Optional[str] = None,
up_bandwidth: Optional[int] = None,
vpn_credentials: Optional[Sequence[LocationManagementVpnCredentialArgs]] = None,
xff_forward_enabled: Optional[bool] = None,
zapp_ssl_scan_enabled: Optional[bool] = None) -> LocationManagementfunc GetLocationManagement(ctx *Context, name string, id IDInput, state *LocationManagementState, opts ...ResourceOption) (*LocationManagement, error)public static LocationManagement Get(string name, Input<string> id, LocationManagementState? state, CustomResourceOptions? opts = null)public static LocationManagement get(String name, Output<String> id, LocationManagementState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- Country string
- Supported Countries
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Dynamic
Location zscaler.Groups Pulumi Package. Zia. Inputs. Location Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- Exclude
From boolDynamic Groups - Exclude
From boolManual Groups - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Iot
Enforce boolPolicy Set - Ip
Addresses List<string> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Location
Id int - Name string
- Location Name.
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - Ssl
Scan boolEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- State string
- IP ports that are associated with the location.
- Static
Location zscaler.Groups Pulumi Package. Zia. Inputs. Location Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Vpn
Credentials List<zscaler.Pulumi Package. Zia. Inputs. Location Management Vpn Credential> - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- Country string
- Supported Countries
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Dynamic
Location LocationGroups Management Dynamic Location Groups Args - Name-ID pairs of locations for which rule must be applied
- Exclude
From boolDynamic Groups - Exclude
From boolManual Groups - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Iot
Enforce boolPolicy Set - Ip
Addresses []string - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Location
Id int - Name string
- Location Name.
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - Ssl
Scan boolEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- State string
- IP ports that are associated with the location.
- Static
Location LocationGroups Management Static Location Groups Args - Name-ID pairs of locations for which rule must be applied
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- Vpn
Credentials []LocationManagement Vpn Credential Args - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout IntegerIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Boolean
- country String
- Supported Countries
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Integer - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location LocationGroups Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- exclude
From BooleanDynamic Groups - exclude
From BooleanManual Groups - idle
Time IntegerIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- iot
Enforce BooleanPolicy Set - ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- location
Id Integer - name String
- Location Name.
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Integer - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan BooleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state String
- IP ports that are associated with the location.
- static
Location LocationGroups Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh IntegerTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Integer - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials List<LocationManagement Vpn Credential> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block booleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force booleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout numberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth booleanEnabled - Enable Basic Authentication at the location
- caution
Enabled boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- boolean
- country string
- Supported Countries
- description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth booleanEnabled - Enable Digest Authentication at the location
- display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth number - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location LocationGroups Management Dynamic Location Groups - Name-ID pairs of locations for which rule must be applied
- exclude
From booleanDynamic Groups - exclude
From booleanManual Groups - idle
Time numberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery booleanEnabled - Enable IOT Discovery at the location
- iot
Enforce booleanPolicy Set - ip
Addresses string[] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth booleanEnabled - Enable Kerberos Authentication at the location
- location
Id number - name string
- Location Name.
- ofw
Enabled boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id number - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports string
- IP ports that are associated with the location.
- profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan booleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state string
- IP ports that are associated with the location.
- static
Location LocationGroups Management Static Location Groups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip booleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh numberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz string
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth number - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials LocationManagement Vpn Credential[] - xff
Forward booleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl booleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup_
block_ boolinternet_ until_ accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup_
enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- aup_
force_ boolssl_ inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup_
timeout_ intin_ days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth_
required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic_
auth_ boolenabled - Enable Basic Authentication at the location
- caution_
enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- bool
- country str
- Supported Countries
- description str
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest_
auth_ boolenabled - Enable Digest Authentication at the location
- display_
time_ strunit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn_
bandwidth int - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic_
location_ Locationgroups Management Dynamic Location Groups Args - Name-ID pairs of locations for which rule must be applied
- exclude_
from_ booldynamic_ groups - exclude_
from_ boolmanual_ groups - idle_
time_ intin_ minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot_
discovery_ boolenabled - Enable IOT Discovery at the location
- iot_
enforce_ boolpolicy_ set - ip_
addresses Sequence[str] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips_
control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6_
dns64prefix bool - (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6_
enabled bool - If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos_
auth_ boolenabled - Enable Kerberos Authentication at the location
- location_
id int - name str
- Location Name.
- ofw_
enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent_
id int - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports str
- IP ports that are associated with the location.
- profile str
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl_
scan_ boolenabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state str
- IP ports that are associated with the location.
- static_
location_ Locationgroups Management Static Location Groups Args - Name-ID pairs of locations for which rule must be applied
- surrogate_
ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate_
ip_ boolenforced_ for_ known_ browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate_
refresh_ inttime_ in_ minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate_
refresh_ strtime_ unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz str
- Timezone of the location. If not specified, it defaults to GMT.
- up_
bandwidth int - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn_
credentials Sequence[LocationManagement Vpn Credential Args] - xff_
forward_ boolenabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp_
ssl_ boolscan_ enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout NumberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Boolean
- country String
- Supported Countries
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Number - Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- dynamic
Location Property MapGroups - Name-ID pairs of locations for which rule must be applied
- exclude
From BooleanDynamic Groups - exclude
From BooleanManual Groups - idle
Time NumberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- iot
Enforce BooleanPolicy Set - ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
- ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- location
Id Number - name String
- Location Name.
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Number - Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB
- ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. - ssl
Scan BooleanEnabled - Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses.
- state String
- IP ports that are associated with the location.
- static
Location Property MapGroups - Name-ID pairs of locations for which rule must be applied
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh NumberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Number - Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement.
- vpn
Credentials List<Property Map> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location.
Supporting Types
LocationManagementDynamicLocationGroups, LocationManagementDynamicLocationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
LocationManagementStaticLocationGroups, LocationManagementStaticLocationGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
LocationManagementVpnCredential, LocationManagementVpnCredentialArgs
- comments str
- fqdn str
- id int
- ip_
address str - str
- type str
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_location_management can be imported by using <LOCATION_ID> or <LOCATION_NAME> as the import ID.
For example:
$ pulumi import zia:index/locationManagement:LocationManagement example <location_id>
or
$ pulumi import zia:index/locationManagement:LocationManagement example <location_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.