All scripts
sase
Expert
3–10 min

Zscaler ZIA/ZPA Policy Auditor

ZIA firewall + URL rules: shadow detection, ANY/ANY overpermissive, disabled rules, ZPA app segments without policy, posture bypass, DLP pattern overlap and HTML report.

Zscaler ZIA
Zscaler ZPA
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • ZIA OAuth API
  • Firewall+URL rule audit
  • Shadow rule detection
  • ANY/ANY overpermissive flag
  • ZPA app segments without policy
  • Posture bypass check
  • DLP overlap

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Flag disabled rules
flag_disabled
booltrue
Flag any/any rules
flag_any
booltrue
Audit ZPA segments
check_zpa
booltrue

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Zscaler ZIA, Zscaler ZPA) so the generated sase logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Flag disabled rules, Flag any/any rules, Audit ZPA segments instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can zIA OAuth API and firewall+URL rule audit. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
[2026-06-12] INFO  Zscaler ZIA: pulling firewall + URL filtering rules...
RULE              TYPE      ISSUE              STATUS
Allow-All-Web     url       any/any allow      OVERPERMISSIVE ←
Block-Malware     url       -                  OK
Legacy-FTP        fw        disabled 287d      STALE ←
ZPA: 3 app segments with no access policy ←
Summary: 1 overpermissive · 1 stale · 3 ZPA gaps