Docs
PackagesZscaler Internet Access v0.0.6 published on Wednesday, Apr 10, 2024 by Zscaler
zia.LocationManagement
Explore with Pulumi AI
The zia_location_management resource allows the creation and management of ZIA locations in the Zscaler Internet Access. This resource can then be associated with a:
- Static IP resource
- GRE Tunnel resource
- VPN credentials resource
- URL filtering and firewall filtering rules
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
const usaSjc37TrafficForwardingVPNCredentials = new zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", {
type: "UFQDN",
fqdn: "usa_sjc37@acme.com",
comments: "USA - San Jose IPSec Tunnel",
preSharedKey: "P@ass0rd123!",
});
const usaSjc37TrafficForwardingStaticIP = new zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", {
ipAddress: "1.1.1.1",
routableIp: true,
comment: "SJC37 - Static IP",
geoOverride: false,
});
// ZIA Location Management
const usaSjc37LocationManagement = new zia.LocationManagement("usaSjc37LocationManagement", {
description: "Created with Terraform",
country: "UNITED_STATES",
tz: "UNITED_STATES_AMERICA_LOS_ANGELES",
authRequired: true,
idleTimeInMinutes: 720,
displayTimeUnit: "HOUR",
surrogateIp: true,
xffForwardEnabled: true,
ofwEnabled: true,
ipsControl: true,
ipAddresses: [usaSjc37TrafficForwardingStaticIP.ipAddress],
vpnCredentials: [{
id: usaSjc37TrafficForwardingVPNCredentials.id,
type: usaSjc37TrafficForwardingVPNCredentials.type,
}],
}, {
dependsOn: [
usaSjc37TrafficForwardingVPNCredentials,
usaSjc37TrafficForwardingStaticIP,
],
});
import pulumi
import zscaler_pulumi_zia as zia
usa_sjc37_traffic_forwarding_vpn_credentials = zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials",
type="UFQDN",
fqdn="usa_sjc37@acme.com",
comments="USA - San Jose IPSec Tunnel",
pre_shared_key="P@ass0rd123!")
usa_sjc37_traffic_forwarding_static_ip = zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP",
ip_address="1.1.1.1",
routable_ip=True,
comment="SJC37 - Static IP",
geo_override=False)
# ZIA Location Management
usa_sjc37_location_management = zia.LocationManagement("usaSjc37LocationManagement",
description="Created with Terraform",
country="UNITED_STATES",
tz="UNITED_STATES_AMERICA_LOS_ANGELES",
auth_required=True,
idle_time_in_minutes=720,
display_time_unit="HOUR",
surrogate_ip=True,
xff_forward_enabled=True,
ofw_enabled=True,
ips_control=True,
ip_addresses=[usa_sjc37_traffic_forwarding_static_ip.ip_address],
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
id=usa_sjc37_traffic_forwarding_vpn_credentials.id,
type=usa_sjc37_traffic_forwarding_vpn_credentials.type,
)],
opts=pulumi.ResourceOptions(depends_on=[
usa_sjc37_traffic_forwarding_vpn_credentials,
usa_sjc37_traffic_forwarding_static_ip,
]))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
usaSjc37TrafficForwardingVPNCredentials, err := zia.NewTrafficForwardingVPNCredentials(ctx, "usaSjc37TrafficForwardingVPNCredentials", &zia.TrafficForwardingVPNCredentialsArgs{
Type: pulumi.String("UFQDN"),
Fqdn: pulumi.String("usa_sjc37@acme.com"),
Comments: pulumi.String("USA - San Jose IPSec Tunnel"),
PreSharedKey: pulumi.String("P@ass0rd123!"),
})
if err != nil {
return err
}
usaSjc37TrafficForwardingStaticIP, err := zia.NewTrafficForwardingStaticIP(ctx, "usaSjc37TrafficForwardingStaticIP", &zia.TrafficForwardingStaticIPArgs{
IpAddress: pulumi.String("1.1.1.1"),
RoutableIp: pulumi.Bool(true),
Comment: pulumi.String("SJC37 - Static IP"),
GeoOverride: pulumi.Bool(false),
})
if err != nil {
return err
}
// ZIA Location Management
_, err = zia.NewLocationManagement(ctx, "usaSjc37LocationManagement", &zia.LocationManagementArgs{
Description: pulumi.String("Created with Terraform"),
Country: pulumi.String("UNITED_STATES"),
Tz: pulumi.String("UNITED_STATES_AMERICA_LOS_ANGELES"),
AuthRequired: pulumi.Bool(true),
IdleTimeInMinutes: pulumi.Int(720),
DisplayTimeUnit: pulumi.String("HOUR"),
SurrogateIp: pulumi.Bool(true),
XffForwardEnabled: pulumi.Bool(true),
OfwEnabled: pulumi.Bool(true),
IpsControl: pulumi.Bool(true),
IpAddresses: pulumi.StringArray{
usaSjc37TrafficForwardingStaticIP.IpAddress,
},
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Id: usaSjc37TrafficForwardingVPNCredentials.ID(),
Type: usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
usaSjc37TrafficForwardingVPNCredentials,
usaSjc37TrafficForwardingStaticIP,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var usaSjc37TrafficForwardingVPNCredentials = new Zia.TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", new()
{
Type = "UFQDN",
Fqdn = "usa_sjc37@acme.com",
Comments = "USA - San Jose IPSec Tunnel",
PreSharedKey = "P@ass0rd123!",
});
var usaSjc37TrafficForwardingStaticIP = new Zia.TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", new()
{
IpAddress = "1.1.1.1",
RoutableIp = true,
Comment = "SJC37 - Static IP",
GeoOverride = false,
});
// ZIA Location Management
var usaSjc37LocationManagement = new Zia.LocationManagement("usaSjc37LocationManagement", new()
{
Description = "Created with Terraform",
Country = "UNITED_STATES",
Tz = "UNITED_STATES_AMERICA_LOS_ANGELES",
AuthRequired = true,
IdleTimeInMinutes = 720,
DisplayTimeUnit = "HOUR",
SurrogateIp = true,
XffForwardEnabled = true,
OfwEnabled = true,
IpsControl = true,
IpAddresses = new[]
{
usaSjc37TrafficForwardingStaticIP.IpAddress,
},
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Id = usaSjc37TrafficForwardingVPNCredentials.Id,
Type = usaSjc37TrafficForwardingVPNCredentials.Type,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
usaSjc37TrafficForwardingVPNCredentials,
usaSjc37TrafficForwardingStaticIP,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.TrafficForwardingVPNCredentials;
import com.pulumi.zia.TrafficForwardingVPNCredentialsArgs;
import com.pulumi.zia.TrafficForwardingStaticIP;
import com.pulumi.zia.TrafficForwardingStaticIPArgs;
import com.pulumi.zia.LocationManagement;
import com.pulumi.zia.LocationManagementArgs;
import com.pulumi.zia.inputs.LocationManagementVpnCredentialArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var usaSjc37TrafficForwardingVPNCredentials = new TrafficForwardingVPNCredentials("usaSjc37TrafficForwardingVPNCredentials", TrafficForwardingVPNCredentialsArgs.builder()
.type("UFQDN")
.fqdn("usa_sjc37@acme.com")
.comments("USA - San Jose IPSec Tunnel")
.preSharedKey("P@ass0rd123!")
.build());
var usaSjc37TrafficForwardingStaticIP = new TrafficForwardingStaticIP("usaSjc37TrafficForwardingStaticIP", TrafficForwardingStaticIPArgs.builder()
.ipAddress("1.1.1.1")
.routableIp(true)
.comment("SJC37 - Static IP")
.geoOverride(false)
.build());
// ZIA Location Management
var usaSjc37LocationManagement = new LocationManagement("usaSjc37LocationManagement", LocationManagementArgs.builder()
.description("Created with Terraform")
.country("UNITED_STATES")
.tz("UNITED_STATES_AMERICA_LOS_ANGELES")
.authRequired(true)
.idleTimeInMinutes(720)
.displayTimeUnit("HOUR")
.surrogateIp(true)
.xffForwardEnabled(true)
.ofwEnabled(true)
.ipsControl(true)
.ipAddresses(usaSjc37TrafficForwardingStaticIP.ipAddress())
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.id(usaSjc37TrafficForwardingVPNCredentials.id())
.type(usaSjc37TrafficForwardingVPNCredentials.type())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
usaSjc37TrafficForwardingVPNCredentials,
usaSjc37TrafficForwardingStaticIP)
.build());
}
}
resources:
# ZIA Location Management
usaSjc37LocationManagement:
type: zia:LocationManagement
properties:
description: Created with Terraform
country: UNITED_STATES
tz: UNITED_STATES_AMERICA_LOS_ANGELES
authRequired: true
idleTimeInMinutes: 720
displayTimeUnit: HOUR
surrogateIp: true
xffForwardEnabled: true
ofwEnabled: true
ipsControl: true
ipAddresses:
- ${usaSjc37TrafficForwardingStaticIP.ipAddress}
vpnCredentials:
- id: ${usaSjc37TrafficForwardingVPNCredentials.id}
type: ${usaSjc37TrafficForwardingVPNCredentials.type}
options:
dependson:
- ${usaSjc37TrafficForwardingVPNCredentials}
- ${usaSjc37TrafficForwardingStaticIP}
usaSjc37TrafficForwardingVPNCredentials:
type: zia:TrafficForwardingVPNCredentials
properties:
type: UFQDN
fqdn: usa_sjc37@acme.com
comments: USA - San Jose IPSec Tunnel
preSharedKey: P@ass0rd123!
usaSjc37TrafficForwardingStaticIP:
type: zia:TrafficForwardingStaticIP
properties:
ipAddress: 1.1.1.1
routableIp: true
comment: SJC37 - Static IP
geoOverride: false
Create LocationManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LocationManagement(name: string, args?: LocationManagementArgs, opts?: CustomResourceOptions);@overload
def LocationManagement(resource_name: str,
args: Optional[LocationManagementArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def LocationManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
aup_block_internet_until_accepted: Optional[bool] = None,
aup_enabled: Optional[bool] = None,
aup_force_ssl_inspection: Optional[bool] = None,
aup_timeout_in_days: Optional[int] = None,
auth_required: Optional[bool] = None,
basic_auth_enabled: Optional[bool] = None,
caution_enabled: Optional[bool] = None,
country: Optional[str] = None,
description: Optional[str] = None,
digest_auth_enabled: Optional[bool] = None,
display_time_unit: Optional[str] = None,
dn_bandwidth: Optional[int] = None,
idle_time_in_minutes: Optional[int] = None,
iot_discovery_enabled: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
ips_control: Optional[bool] = None,
ipv6_dns64prefix: Optional[bool] = None,
ipv6_enabled: Optional[bool] = None,
kerberos_auth_enabled: Optional[bool] = None,
name: Optional[str] = None,
ofw_enabled: Optional[bool] = None,
other6_sublocation: Optional[bool] = None,
other_sublocation: Optional[bool] = None,
parent_id: Optional[int] = None,
ports: Optional[str] = None,
profile: Optional[str] = None,
ssl_scan_enabled: Optional[bool] = None,
surrogate_ip: Optional[bool] = None,
surrogate_ip_enforced_for_known_browsers: Optional[bool] = None,
surrogate_refresh_time_in_minutes: Optional[int] = None,
surrogate_refresh_time_unit: Optional[str] = None,
tz: Optional[str] = None,
up_bandwidth: Optional[int] = None,
vpn_credentials: Optional[Sequence[LocationManagementVpnCredentialArgs]] = None,
xff_forward_enabled: Optional[bool] = None,
zapp_ssl_scan_enabled: Optional[bool] = None)func NewLocationManagement(ctx *Context, name string, args *LocationManagementArgs, opts ...ResourceOption) (*LocationManagement, error)public LocationManagement(string name, LocationManagementArgs? args = null, CustomResourceOptions? opts = null)
public LocationManagement(String name, LocationManagementArgs args)
public LocationManagement(String name, LocationManagementArgs args, CustomResourceOptions options)
type: zia:LocationManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LocationManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var locationManagementResource = new Zia.LocationManagement("locationManagementResource", new()
{
AupBlockInternetUntilAccepted = false,
AupEnabled = false,
AupForceSslInspection = false,
AupTimeoutInDays = 0,
AuthRequired = false,
BasicAuthEnabled = false,
CautionEnabled = false,
Country = "string",
Description = "string",
DigestAuthEnabled = false,
DisplayTimeUnit = "string",
DnBandwidth = 0,
IdleTimeInMinutes = 0,
IotDiscoveryEnabled = false,
IpAddresses = new[]
{
"string",
},
IpsControl = false,
Ipv6Dns64prefix = false,
Ipv6Enabled = false,
KerberosAuthEnabled = false,
Name = "string",
OfwEnabled = false,
Other6Sublocation = false,
OtherSublocation = false,
ParentId = 0,
Ports = "string",
Profile = "string",
SslScanEnabled = false,
SurrogateIp = false,
SurrogateIpEnforcedForKnownBrowsers = false,
SurrogateRefreshTimeInMinutes = 0,
SurrogateRefreshTimeUnit = "string",
Tz = "string",
UpBandwidth = 0,
VpnCredentials = new[]
{
new Zia.Inputs.LocationManagementVpnCredentialArgs
{
Comments = "string",
Fqdn = "string",
Id = 0,
IpAddress = "string",
PreSharedKey = "string",
Type = "string",
},
},
XffForwardEnabled = false,
ZappSslScanEnabled = false,
});
example, err := zia.NewLocationManagement(ctx, "locationManagementResource", &zia.LocationManagementArgs{
AupBlockInternetUntilAccepted: pulumi.Bool(false),
AupEnabled: pulumi.Bool(false),
AupForceSslInspection: pulumi.Bool(false),
AupTimeoutInDays: pulumi.Int(0),
AuthRequired: pulumi.Bool(false),
BasicAuthEnabled: pulumi.Bool(false),
CautionEnabled: pulumi.Bool(false),
Country: pulumi.String("string"),
Description: pulumi.String("string"),
DigestAuthEnabled: pulumi.Bool(false),
DisplayTimeUnit: pulumi.String("string"),
DnBandwidth: pulumi.Int(0),
IdleTimeInMinutes: pulumi.Int(0),
IotDiscoveryEnabled: pulumi.Bool(false),
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
IpsControl: pulumi.Bool(false),
Ipv6Dns64prefix: pulumi.Bool(false),
Ipv6Enabled: pulumi.Bool(false),
KerberosAuthEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
OfwEnabled: pulumi.Bool(false),
Other6Sublocation: pulumi.Bool(false),
OtherSublocation: pulumi.Bool(false),
ParentId: pulumi.Int(0),
Ports: pulumi.String("string"),
Profile: pulumi.String("string"),
SslScanEnabled: pulumi.Bool(false),
SurrogateIp: pulumi.Bool(false),
SurrogateIpEnforcedForKnownBrowsers: pulumi.Bool(false),
SurrogateRefreshTimeInMinutes: pulumi.Int(0),
SurrogateRefreshTimeUnit: pulumi.String("string"),
Tz: pulumi.String("string"),
UpBandwidth: pulumi.Int(0),
VpnCredentials: zia.LocationManagementVpnCredentialArray{
&zia.LocationManagementVpnCredentialArgs{
Comments: pulumi.String("string"),
Fqdn: pulumi.String("string"),
Id: pulumi.Int(0),
IpAddress: pulumi.String("string"),
PreSharedKey: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
XffForwardEnabled: pulumi.Bool(false),
ZappSslScanEnabled: pulumi.Bool(false),
})
var locationManagementResource = new LocationManagement("locationManagementResource", LocationManagementArgs.builder()
.aupBlockInternetUntilAccepted(false)
.aupEnabled(false)
.aupForceSslInspection(false)
.aupTimeoutInDays(0)
.authRequired(false)
.basicAuthEnabled(false)
.cautionEnabled(false)
.country("string")
.description("string")
.digestAuthEnabled(false)
.displayTimeUnit("string")
.dnBandwidth(0)
.idleTimeInMinutes(0)
.iotDiscoveryEnabled(false)
.ipAddresses("string")
.ipsControl(false)
.ipv6Dns64prefix(false)
.ipv6Enabled(false)
.kerberosAuthEnabled(false)
.name("string")
.ofwEnabled(false)
.other6Sublocation(false)
.otherSublocation(false)
.parentId(0)
.ports("string")
.profile("string")
.sslScanEnabled(false)
.surrogateIp(false)
.surrogateIpEnforcedForKnownBrowsers(false)
.surrogateRefreshTimeInMinutes(0)
.surrogateRefreshTimeUnit("string")
.tz("string")
.upBandwidth(0)
.vpnCredentials(LocationManagementVpnCredentialArgs.builder()
.comments("string")
.fqdn("string")
.id(0)
.ipAddress("string")
.preSharedKey("string")
.type("string")
.build())
.xffForwardEnabled(false)
.zappSslScanEnabled(false)
.build());
location_management_resource = zia.LocationManagement("locationManagementResource",
aup_block_internet_until_accepted=False,
aup_enabled=False,
aup_force_ssl_inspection=False,
aup_timeout_in_days=0,
auth_required=False,
basic_auth_enabled=False,
caution_enabled=False,
country="string",
description="string",
digest_auth_enabled=False,
display_time_unit="string",
dn_bandwidth=0,
idle_time_in_minutes=0,
iot_discovery_enabled=False,
ip_addresses=["string"],
ips_control=False,
ipv6_dns64prefix=False,
ipv6_enabled=False,
kerberos_auth_enabled=False,
name="string",
ofw_enabled=False,
other6_sublocation=False,
other_sublocation=False,
parent_id=0,
ports="string",
profile="string",
ssl_scan_enabled=False,
surrogate_ip=False,
surrogate_ip_enforced_for_known_browsers=False,
surrogate_refresh_time_in_minutes=0,
surrogate_refresh_time_unit="string",
tz="string",
up_bandwidth=0,
vpn_credentials=[zia.LocationManagementVpnCredentialArgs(
comments="string",
fqdn="string",
id=0,
ip_address="string",
pre_shared_key="string",
type="string",
)],
xff_forward_enabled=False,
zapp_ssl_scan_enabled=False)
const locationManagementResource = new zia.LocationManagement("locationManagementResource", {
aupBlockInternetUntilAccepted: false,
aupEnabled: false,
aupForceSslInspection: false,
aupTimeoutInDays: 0,
authRequired: false,
basicAuthEnabled: false,
cautionEnabled: false,
country: "string",
description: "string",
digestAuthEnabled: false,
displayTimeUnit: "string",
dnBandwidth: 0,
idleTimeInMinutes: 0,
iotDiscoveryEnabled: false,
ipAddresses: ["string"],
ipsControl: false,
ipv6Dns64prefix: false,
ipv6Enabled: false,
kerberosAuthEnabled: false,
name: "string",
ofwEnabled: false,
other6Sublocation: false,
otherSublocation: false,
parentId: 0,
ports: "string",
profile: "string",
sslScanEnabled: false,
surrogateIp: false,
surrogateIpEnforcedForKnownBrowsers: false,
surrogateRefreshTimeInMinutes: 0,
surrogateRefreshTimeUnit: "string",
tz: "string",
upBandwidth: 0,
vpnCredentials: [{
comments: "string",
fqdn: "string",
id: 0,
ipAddress: "string",
preSharedKey: "string",
type: "string",
}],
xffForwardEnabled: false,
zappSslScanEnabled: false,
});
type: zia:LocationManagement
properties:
aupBlockInternetUntilAccepted: false
aupEnabled: false
aupForceSslInspection: false
aupTimeoutInDays: 0
authRequired: false
basicAuthEnabled: false
cautionEnabled: false
country: string
description: string
digestAuthEnabled: false
displayTimeUnit: string
dnBandwidth: 0
idleTimeInMinutes: 0
iotDiscoveryEnabled: false
ipAddresses:
- string
ipsControl: false
ipv6Dns64prefix: false
ipv6Enabled: false
kerberosAuthEnabled: false
name: string
ofwEnabled: false
other6Sublocation: false
otherSublocation: false
parentId: 0
ports: string
profile: string
sslScanEnabled: false
surrogateIp: false
surrogateIpEnforcedForKnownBrowsers: false
surrogateRefreshTimeInMinutes: 0
surrogateRefreshTimeUnit: string
tz: string
upBandwidth: 0
vpnCredentials:
- comments: string
fqdn: string
id: 0
ipAddress: string
preSharedKey: string
type: string
xffForwardEnabled: false
zappSslScanEnabled: false
LocationManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The LocationManagement resource accepts the following input properties:
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Country string
- Country
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Ip
Addresses List<string> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Name string
- The configured name of the entity
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - Ssl
Scan boolEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Vpn
Credentials List<zscaler.Pulumi Package. Zia. Inputs. Location Management Vpn Credential> - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Country string
- Country
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Ip
Addresses []string - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Name string
- The configured name of the entity
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - Ssl
Scan boolEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Vpn
Credentials []LocationManagement Vpn Credential Args - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout IntegerIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country String
- Country
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Integer - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time IntegerIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- name String
- The configured name of the entity
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Integer - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan BooleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh IntegerTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Integer - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials List<LocationManagement Vpn Credential> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block booleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force booleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout numberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth booleanEnabled - Enable Basic Authentication at the location
- caution
Enabled boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country string
- Country
- description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth booleanEnabled - Enable Digest Authentication at the location
- display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth number - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time numberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery booleanEnabled - Enable IOT Discovery at the location
- ip
Addresses string[] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth booleanEnabled - Enable Kerberos Authentication at the location
- name string
- The configured name of the entity
- ofw
Enabled boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id number - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports string
- IP ports that are associated with the location.
- profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan booleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip booleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh numberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz string
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth number - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials LocationManagement Vpn Credential[] - xff
Forward booleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl booleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup_
block_ boolinternet_ until_ accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup_
enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- aup_
force_ boolssl_ inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup_
timeout_ intin_ days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth_
required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic_
auth_ boolenabled - Enable Basic Authentication at the location
- caution_
enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country str
- Country
- description str
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest_
auth_ boolenabled - Enable Digest Authentication at the location
- display_
time_ strunit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn_
bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle_
time_ intin_ minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot_
discovery_ boolenabled - Enable IOT Discovery at the location
- ip_
addresses Sequence[str] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips_
control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6_
dns64prefix bool - Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6_
enabled bool - If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos_
auth_ boolenabled - Enable Kerberos Authentication at the location
- name str
- The configured name of the entity
- ofw_
enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent_
id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports str
- IP ports that are associated with the location.
- profile str
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl_
scan_ boolenabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate_
ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate_
ip_ boolenforced_ for_ known_ browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate_
refresh_ inttime_ in_ minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate_
refresh_ strtime_ unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz str
- Timezone of the location. If not specified, it defaults to GMT.
- up_
bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn_
credentials Sequence[LocationManagement Vpn Credential Args] - xff_
forward_ boolenabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp_
ssl_ boolscan_ enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout NumberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country String
- Country
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Number - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time NumberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- name String
- The configured name of the entity
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Number - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan BooleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh NumberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Number - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials List<Property Map> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Outputs
All input properties are implicitly available as output properties. Additionally, the LocationManagement resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Location
Id int
- Id string
- The provider-assigned unique ID for this managed resource.
- Location
Id int
- id String
- The provider-assigned unique ID for this managed resource.
- location
Id Integer
- id string
- The provider-assigned unique ID for this managed resource.
- location
Id number
- id str
- The provider-assigned unique ID for this managed resource.
- location_
id int
- id String
- The provider-assigned unique ID for this managed resource.
- location
Id Number
Look up Existing LocationManagement Resource
Get an existing LocationManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LocationManagementState, opts?: CustomResourceOptions): LocationManagement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aup_block_internet_until_accepted: Optional[bool] = None,
aup_enabled: Optional[bool] = None,
aup_force_ssl_inspection: Optional[bool] = None,
aup_timeout_in_days: Optional[int] = None,
auth_required: Optional[bool] = None,
basic_auth_enabled: Optional[bool] = None,
caution_enabled: Optional[bool] = None,
country: Optional[str] = None,
description: Optional[str] = None,
digest_auth_enabled: Optional[bool] = None,
display_time_unit: Optional[str] = None,
dn_bandwidth: Optional[int] = None,
idle_time_in_minutes: Optional[int] = None,
iot_discovery_enabled: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
ips_control: Optional[bool] = None,
ipv6_dns64prefix: Optional[bool] = None,
ipv6_enabled: Optional[bool] = None,
kerberos_auth_enabled: Optional[bool] = None,
location_id: Optional[int] = None,
name: Optional[str] = None,
ofw_enabled: Optional[bool] = None,
other6_sublocation: Optional[bool] = None,
other_sublocation: Optional[bool] = None,
parent_id: Optional[int] = None,
ports: Optional[str] = None,
profile: Optional[str] = None,
ssl_scan_enabled: Optional[bool] = None,
surrogate_ip: Optional[bool] = None,
surrogate_ip_enforced_for_known_browsers: Optional[bool] = None,
surrogate_refresh_time_in_minutes: Optional[int] = None,
surrogate_refresh_time_unit: Optional[str] = None,
tz: Optional[str] = None,
up_bandwidth: Optional[int] = None,
vpn_credentials: Optional[Sequence[LocationManagementVpnCredentialArgs]] = None,
xff_forward_enabled: Optional[bool] = None,
zapp_ssl_scan_enabled: Optional[bool] = None) -> LocationManagementfunc GetLocationManagement(ctx *Context, name string, id IDInput, state *LocationManagementState, opts ...ResourceOption) (*LocationManagement, error)public static LocationManagement Get(string name, Input<string> id, LocationManagementState? state, CustomResourceOptions? opts = null)public static LocationManagement get(String name, Output<String> id, LocationManagementState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Country string
- Country
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Ip
Addresses List<string> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Location
Id int - Name string
- The configured name of the entity
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - Ssl
Scan boolEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Vpn
Credentials List<zscaler.Pulumi Package. Zia. Inputs. Location Management Vpn Credential> - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Aup
Block boolInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- Aup
Enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- Aup
Force boolSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- Aup
Timeout intIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- Auth
Required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- Basic
Auth boolEnabled - Enable Basic Authentication at the location
- Caution
Enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- Country string
- Country
- Description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- Digest
Auth boolEnabled - Enable Digest Authentication at the location
- Display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- Dn
Bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Idle
Time intIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- Iot
Discovery boolEnabled - Enable IOT Discovery at the location
- Ip
Addresses []string - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - Ips
Control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- Ipv6Dns64prefix bool
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- Ipv6Enabled bool
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- Kerberos
Auth boolEnabled - Enable Kerberos Authentication at the location
- Location
Id int - Name string
- The configured name of the entity
- Ofw
Enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- Other6Sublocation bool
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- Other
Sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- Parent
Id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - Ports string
- IP ports that are associated with the location.
- Profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - Ssl
Scan boolEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- Surrogate
Ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- Surrogate
Ip boolEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- Surrogate
Refresh intTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- Surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- Tz string
- Timezone of the location. If not specified, it defaults to GMT.
- Up
Bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - Vpn
Credentials []LocationManagement Vpn Credential Args - Xff
Forward boolEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- Zapp
Ssl boolScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout IntegerIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country String
- Country
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Integer - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time IntegerIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- location
Id Integer - name String
- The configured name of the entity
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Integer - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan BooleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh IntegerTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Integer - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials List<LocationManagement Vpn Credential> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block booleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force booleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout numberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth booleanEnabled - Enable Basic Authentication at the location
- caution
Enabled boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country string
- Country
- description string
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth booleanEnabled - Enable Digest Authentication at the location
- display
Time stringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth number - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time numberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery booleanEnabled - Enable IOT Discovery at the location
- ip
Addresses string[] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth booleanEnabled - Enable Kerberos Authentication at the location
- location
Id number - name string
- The configured name of the entity
- ofw
Enabled boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id number - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports string
- IP ports that are associated with the location.
- profile string
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan booleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip booleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh numberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh stringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz string
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth number - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials LocationManagement Vpn Credential[] - xff
Forward booleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl booleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup_
block_ boolinternet_ until_ accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup_
enabled bool - Enable AUP. When set to true, AUP is enabled for the location.
- aup_
force_ boolssl_ inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup_
timeout_ intin_ days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth_
required bool - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic_
auth_ boolenabled - Enable Basic Authentication at the location
- caution_
enabled bool - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country str
- Country
- description str
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest_
auth_ boolenabled - Enable Digest Authentication at the location
- display_
time_ strunit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn_
bandwidth int - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle_
time_ intin_ minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot_
discovery_ boolenabled - Enable IOT Discovery at the location
- ip_
addresses Sequence[str] - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips_
control bool - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6_
dns64prefix bool - Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6_
enabled bool - If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos_
auth_ boolenabled - Enable Kerberos Authentication at the location
- location_
id int - name str
- The configured name of the entity
- ofw_
enabled bool - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other_
sublocation bool - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent_
id int - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports str
- IP ports that are associated with the location.
- profile str
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl_
scan_ boolenabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate_
ip bool - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate_
ip_ boolenforced_ for_ known_ browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate_
refresh_ inttime_ in_ minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate_
refresh_ strtime_ unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz str
- Timezone of the location. If not specified, it defaults to GMT.
- up_
bandwidth int - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn_
credentials Sequence[LocationManagement Vpn Credential Args] - xff_
forward_ boolenabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp_
ssl_ boolscan_ enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- aup
Block BooleanInternet Until Accepted - For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
- aup
Enabled Boolean - Enable AUP. When set to true, AUP is enabled for the location.
- aup
Force BooleanSsl Inspection - For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
- aup
Timeout NumberIn Days - Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
- auth
Required Boolean - Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
- basic
Auth BooleanEnabled - Enable Basic Authentication at the location
- caution
Enabled Boolean - Enable Caution. When set to true, a caution notifcation is enabled for the location.
- country String
- Country
- description String
- Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
- digest
Auth BooleanEnabled - Enable Digest Authentication at the location
- display
Time StringUnit - Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
- dn
Bandwidth Number - Download bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - idle
Time NumberIn Minutes - Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
- iot
Discovery BooleanEnabled - Enable IOT Discovery at the location
- ip
Addresses List<String> - For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g.,
238.10.33.9). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g.,10.10.33.0/24), or range (e.g.,10.10.33.1-10.10.33.10)). The value is required ifvpn_credentialsare not defined. - ips
Control Boolean - Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
- ipv6Dns64prefix Boolean
- Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
- ipv6Enabled Boolean
- If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
- kerberos
Auth BooleanEnabled - Enable Kerberos Authentication at the location
- location
Id Number - name String
- The configured name of the entity
- ofw
Enabled Boolean - Enable Firewall. When set to true, Firewall is enabled for the location.
- other6Sublocation Boolean
- If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
- other
Sublocation Boolean - If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
- parent
Id Number - Parent Location ID. If this ID does not exist or is
0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo:SUB - ports String
- IP ports that are associated with the location.
- profile String
- Profile tag that specifies the location traffic type. If not specified, this tag defaults to
Unassigned. The supported options are:NONE,CORPORATE,SERVER,GUESTWIFI,IOT,WORKLOAD. - ssl
Scan BooleanEnabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
- surrogate
Ip Boolean - Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.
- surrogate
Ip BooleanEnforced For Known Browsers - Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.
- surrogate
Refresh NumberTime In Minutes - Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
- surrogate
Refresh StringTime Unit - Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
- tz String
- Timezone of the location. If not specified, it defaults to GMT.
- up
Bandwidth Number - Upload bandwidth in bytes. The value
0implies no Bandwidth Control enforcement. - vpn
Credentials List<Property Map> - xff
Forward BooleanEnabled - Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
- zapp
Ssl BooleanScan Enabled - This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Supporting Types
LocationManagementVpnCredential, LocationManagementVpnCredentialArgs
- comments str
- fqdn str
- id int
- Identifier that uniquely identifies an entity
- ip_
address str - str
- type str
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_location_management can be imported by using <LOCATION_ID> or <LOCATION_NAME> as the import ID.
For example:
$ pulumi import zia:index/locationManagement:LocationManagement example <location_id>
or
$ pulumi import zia:index/locationManagement:LocationManagement example <location_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.