zscaler
diff --git a/‎CHANGELOG.md‎
Lines changed: 25 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎GNUmakefile‎
Lines changed: 3 additions & 3 deletions b/‎GNUmakefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/guides/release-notes.md‎
Lines changed: 26 additions & 1 deletion b/‎docs/guides/release-notes.md‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎docs/resources/zia_firewall_dns_rules.md‎
Lines changed: 31 additions & 0 deletions b/‎docs/resources/zia_firewall_dns_rules.md‎
Lines changed: 31 additions & 0 deletions
@@ -1,5 +1,30 @@
 # Changelog
 
+## 4.0.4 (February, 6 2025)
+
+### Notes
+
+- Release date: **(February, 6  2025)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #392](https://github.com/zscaler/terraform-provider-zia/pull/392) - Improved the rule reorder logic to expedite reorder process for the following resources:
+  - `zia_firewall_filtering_rule`
+  - `zia_firewall_dns_rule`
+  - `zia_firewall_ips_rule`
+  - `zia_file_type_control_rules`
+  - `zia_forwarding_control_rule`
+  - `zia_ssl_inspection_rules`
+  - `zia_sandbox_rules`
+
+### Documentation
+
+- [PR #392](https://github.com/zscaler/terraform-provider-zia/pull/392) - Updated documentation for tghe following resources describing reorder process and concept of predefined vs default rules
+  - `zia_firewall_filtering_rule`
+  - `zia_firewall_dns_rule`
+  - `zia_ssl_inspection_rules`
+
 ## 4.0.3 (February, 5 2025)
 
 ### Notes
 
@@ -196,14 +196,14 @@ test\:integration\:zscalertwo:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.0.2/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.0.4/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.0.2/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.0.4/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v4.0.2
+	go build -o $(DESTINATION)/terraform-provider-zia_v4.0.4
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."
 
@@ -12,10 +12,35 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v4.0.3``
+``Last updated: v4.0.4``
 
 ---
 
+## 4.0.4 (February, 6 2025)
+
+### Notes
+
+- Release date: **(February, 6  2025)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #392](https://github.com/zscaler/terraform-provider-zia/pull/392) - Improved the rule reorder logic to expedite reorder process for the following resources:
+  - `zia_firewall_filtering_rule`
+  - `zia_firewall_dns_rule`
+  - `zia_firewall_ips_rule`
+  - `zia_file_type_control_rules`
+  - `zia_forwarding_control_rule`
+  - `zia_ssl_inspection_rules`
+  - `zia_sandbox_rules`
+
+### Documentation
+
+- [PR #392](https://github.com/zscaler/terraform-provider-zia/pull/392) - Updated documentation for tghe following resources describing reorder process and concept of predefined vs default rules
+  - `zia_firewall_filtering_rule`
+  - `zia_firewall_dns_rule`
+  - `zia_ssl_inspection_rules`
+
 ## 4.0.3 (February, 5 2025)
 
 ### Notes
 
@@ -10,6 +10,37 @@ description: |-
 
 The **zia_firewall_dns_rule** resource allows the creation and management of ZIA Cloud Firewall DNS rules in the Zscaler Internet Access.
 
+**NOTE 1** Zscaler Cloud Firewall DNS Rules contain default and predefined rules which are placed in their respective orders. These rules `CANNOT` be deleted. When configuring your rules make sure that the `order` attributue value consider these pre-existing rules so that Terraform can place the new rules in the correct position, and drifts can be avoided. i.e If there are 2 pre-existing rules, you should start your rule order at `3` and manage your rule sets from that number onwards. The provider will reorder the rules automatically while ignoring the order of pre-existing rules, as the API will be responsible for moving these rules to their respective positions as API calls are made.
+
+The most common default and predefined rules:
+
+|              Rule Names                      |  Default or Predefined   |   Rule Number Associated |
+|:--------------------------------------------:|:------------------------:|:------------------------:|
+|-----------------------------|--------------------------|-------------------|
+|  `Office 365 One Click Rule`                 |      `Predefined`       |           `Yes`          |
+|  `ZPA Resolver for Road Warrior`             |      `Predefined`       |           `Yes`          |
+|  `Critical risk DNS categories`              |      `Predefined`       |           `Yes`          |
+|  `Critical risk DNS tunnels`                 |      `Predefined`       |           `Yes`          |
+|  `High risk DNS categories`                  |      `Predefined`       |           `Yes`          |
+|  `High risk DNS tunnels`                     |      `Predefined`       |           `Yes`          |
+|  `Risky DNS categories`                      |      `Predefined`       |           `Yes`          |
+|  `Risky DNS Risky DNS tunnels`               |      `Predefined`       |           `Yes`          |
+|  `Unknown DNS Traffic`                       |      `Predefined`       |           `Yes`          |
+|  `Default Firewall DNS Rule`                 |      `Predefined`       |           `Yes`          |
+|  `ZPA Resolver for Locations`                |        `Default`        |           `No`           |
+|  `Fallback ZPA Resolver for Locations`       |        `Default`        |           `No`           |
+|  `Fallback ZPA Resolver for Road Warrior`    |        `Default`        |           `No`           |
+|-------------------------|-------------------------|-----------------|
+
+**NOTE 2** Certain attributes on `predefined` rules can still be managed or updated via Terraform such as:
+
+- `description` - (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.
+- `state` - (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to
+- `labels` (list) - Labels that are applicable to the rule.
+      - `id` - (Integer) Identifier that uniquely identifies an entity
+
+**NOTE 3** The import of `predefined` rules is still possible in case you want o have them under the Terraform management; however, remember that these rules cannot be deleted. That means, the provider will fail when executing `terraform destroy`; hence, you must remove the rules you want to delete, and re-run `terraform apply` instead.
+
 ## Example Usage - Create Firewall DNS Rules - Redirect Action
 
 ```hcl