Zscaler Cloud & Branch Connector (ZTW) Tools

The Zscaler Cloud & Branch Connector (ZTW) tools provide functionality for managing network resources, IP groups, and administrative functions.

Available Tools

ZTW Tools

Tool Name

Description

ztw_ip_destination_groups

Manages ZTW IP Destination Groups (create, read, update, delete)

ztw_ip_group

Manages ZTW IP Pool Groups (create, read, update, delete)

ztw_ip_source_groups

Manages ZTW IP Source Groups (create, read, update, delete)

ztw_network_service_groups

Manages ZTW Network Service Groups (create, read, update, delete)

ztw_list_roles

List all existing admin roles in Zscaler Cloud & Branch Connector

ztw_list_admins

List all existing admin users or get details for a specific admin user

Tool Details

ztw_ip_destination_groups

Manages ZTW IP Destination Groups with full CRUD operations.

Parameters:

param action:

Action to perform (“create”, “read”, “update”, “delete”)

type action:

str

param group_id:

Group ID for read, update, delete operations

type group_id:

Optional[str]

param name:

Group name for create/update operations

type name:

Optional[str]

param description:

Group description for create/update operations

type description:

Optional[str]

param ip_addresses:

List of IP addresses for create/update operations

type ip_addresses:

Optional[List[str]]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - Dictionary with group information or list of groups

Example:

# Create a new IP destination group
group = ztw_ip_destination_groups(
    action="create",
    name="Office Network",
    description="Office IP addresses",
    ip_addresses=["192.168.1.0/24", "10.0.0.0/8"]
)

ztw_ip_group

Manages ZTW IP Pool Groups with full CRUD operations.

Parameters:

param action:

Action to perform (“create”, “read”, “update”, “delete”)

type action:

str

param group_id:

Group ID for read, update, delete operations

type group_id:

Optional[str]

param name:

Group name for create/update operations

type name:

Optional[str]

param description:

Group description for create/update operations

type description:

Optional[str]

param ip_addresses:

List of IP addresses for create/update operations

type ip_addresses:

Optional[List[str]]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - Dictionary with group information or list of groups

Example:

# List all IP groups
groups = ztw_ip_group(action="list")

ztw_ip_source_groups

Manages ZTW IP Source Groups with full CRUD operations.

Parameters:

param action:

Action to perform (“create”, “read”, “update”, “delete”)

type action:

str

param group_id:

Group ID for read, update, delete operations

type group_id:

Optional[str]

param name:

Group name for create/update operations

type name:

Optional[str]

param description:

Group description for create/update operations

type description:

Optional[str]

param ip_addresses:

List of IP addresses for create/update operations

type ip_addresses:

Optional[List[str]]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - Dictionary with group information or list of groups

Example:

# Update an existing IP source group
group = ztw_ip_source_groups(
    action="update",
    group_id="12345",
    name="Updated Source Group",
    description="Updated description"
)

ztw_network_service_groups

Manages ZTW Network Service Groups with full CRUD operations.

Parameters:

param action:

Action to perform (“create”, “read”, “update”, “delete”)

type action:

str

param group_id:

Group ID for read, update, delete operations

type group_id:

Optional[str]

param name:

Group name for create/update operations

type name:

Optional[str]

param description:

Group description for create/update operations

type description:

Optional[str]

param services:

List of network services for create/update operations

type services:

Optional[List[dict]]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - Dictionary with group information or list of groups

Example:

# Create a network service group
group = ztw_network_service_groups(
    action="create",
    name="Web Services",
    description="Common web services",
    services=[
        {"port": 80, "protocol": "TCP"},
        {"port": 443, "protocol": "TCP"}
    ]
)

ztw_list_roles

List all existing admin roles in Zscaler Cloud & Branch Connector (ZTW).

Parameters:

param include_auditor_role:

Include or exclude auditor user information

type include_auditor_role:

Optional[bool]

param include_partner_role:

Include or exclude admin user information

type include_partner_role:

Optional[bool]

param include_api_roles:

Include or exclude API role information

type include_api_roles:

Optional[bool]

param role_ids:

Include or exclude role ID information

type role_ids:

Optional[List[str]]

param search:

Search string to filter roles by name

type search:

Optional[str]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - List of role dictionaries

Example:

# List all roles with search filter
roles = ztw_list_roles(search="admin", include_api_roles=True)

ztw_list_admins

List all existing admin users or get details for a specific admin user in Zscaler Cloud & Branch Connector (ZTW).

Parameters:

param action:

Action to perform (“list_admins” or “get_admin”)

type action:

str

param admin_id:

Admin ID for get_admin action

type admin_id:

Optional[str]

param include_auditor_users:

Include/exclude auditor users

type include_auditor_users:

Optional[bool]

param include_admin_users:

Include/exclude admin users

type include_admin_users:

Optional[bool]

param include_api_roles:

Include/exclude API roles

type include_api_roles:

Optional[bool]

param search:

Search string to filter by

type search:

Optional[str]

param page:

Page offset to return

type page:

Optional[int]

param page_size:

Number of records per page

type page_size:

Optional[int]

param version:

Specifies admins from a backup version

type version:

Optional[int]

param service:

The service to use (default: “ztw”)

type service:

str

Returns: - List of admin dictionaries or single admin dictionary

Example:

# List all admins
admins = ztw_list_admins(action="list_admins", page_size=50)

# Get specific admin
admin = ztw_list_admins(action="get_admin", admin_id="12345")

Authentication

ZTW tools authenticate through OneAPI (OAuth2 client credentials). Required environment variables:

  • ZSCALER_CLIENT_ID

  • ZSCALER_CLIENT_SECRET

  • ZSCALER_VANITY_DOMAIN

  • ZSCALER_CLOUD

Common Use Cases

  1. Network Management: Create and manage IP groups for network segmentation

  2. Service Configuration: Define network service groups for traffic management

  3. Administrative Control: Manage admin roles and user permissions

  4. Resource Organization: Organize network resources for better management

Error Handling

All ZTW tools include comprehensive error handling:

  • Authentication errors: Invalid credentials or expired tokens

  • Permission errors: Insufficient privileges for the requested operation

  • Validation errors: Invalid parameters or malformed requests

  • Rate limiting: Automatic retry with exponential backoff

For detailed error information, check the tool response for error messages and status codes.