zscaler
diff --git a/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎GNUmakefile‎
Lines changed: 3 additions & 3 deletions b/‎GNUmakefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/data-sources/zia_firewall_filtering_rule.md‎
Lines changed: 3 additions & 1 deletion b/‎docs/data-sources/zia_firewall_filtering_rule.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎docs/data-sources/zia_traffic_capture_rules.md‎
Lines changed: 150 additions & 0 deletions b/‎docs/data-sources/zia_traffic_capture_rules.md‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎docs/data-sources/zia_url_categories.md‎
Lines changed: 48 additions & 5 deletions b/‎docs/data-sources/zia_url_categories.md‎
Lines changed: 48 additions & 5 deletions
diff --git a/‎docs/guides/release-notes.md‎
Lines changed: 21 additions & 1 deletion b/‎docs/guides/release-notes.md‎
Lines changed: 21 additions & 1 deletion
@@ -1,5 +1,25 @@
 # Changelog
 
+## 4.6.3 (November, 24 2025)
+
+### Notes
+
+- Release date: **(November, 24  2025)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Added the following new datasources and resources `zia_traffic_capture_rules` - Manage Traffic Capture Policy Rules in ZIA. This resource can be used to create, update, delete and retrieve traffic capture rules.
+
+### Bug Fixes
+
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Enhanced `zia_traffic_forwarding_static_ip` resource documentation with comprehensive examples, migration guide, and troubleshooting for automatic coordinate determination feature.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_groups` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_users` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_fw_filtering_time_window` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_rule_labels` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_departments` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+
 ## 4.6.2 (November, 20 2025)
 
 ### Notes
 
@@ -196,14 +196,14 @@ test\:integration\:zscalertwo:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.6.2/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.6.3/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.6.2/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.6.3/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v4.6.2
+	go build -o $(DESTINATION)/terraform-provider-zia_v4.6.3
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."
 
@@ -1,7 +1,7 @@
 ---
 subcategory: "Firewall Policies"
 layout: "zscaler"
-page_title: "ZIA): firewall_filtering_rule"
+page_title: "ZIA: firewall_filtering_rule"
 description: |-
   Official documentation https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post
   API documentation https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post
@@ -87,6 +87,8 @@ In addition to all arguments above, the following attributes are exported:
       - `extensions` - (Map of String)
 * `src_ips` - (Optional) You can enter individual IP addresses, subnets, or address ranges.
 
+* `exclude_src_countries` - (Boolean) Indicates whether the countries specified in the sourceCountries field are included or excluded from the rule. A true value denotes that the specified source countries are excluded from the rule. A false value denotes that the rule is applied to the source countries if there is a match.
+
 `destinations` supports the following attributes:
 
 * `dest_addresses`** - (List of String) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
 
@@ -0,0 +1,150 @@
+---
+subcategory: "Traffic Capture Policy"
+layout: "zscaler"
+page_title: "ZIA: traffic_capture_rules"
+description: |-
+  Official documentation https://help.zscaler.com/zia/about-traffic-capture-policy
+  API documentation https://help.zscaler.com/zia/traffic-capture-policy#/trafficCaptureRules-get
+  Get information about traffic capture rules
+---
+
+# zia_traffic_capture_rules (Data Source)
+
+* [Official documentation](https://help.zscaler.com/zia/about-traffic-capture-policy)
+* [API documentation](https://help.zscaler.com/zia/traffic-capture-policy#/trafficCaptureRules-get)
+
+Use the **zia_traffic_capture_rules** data source to get information about a traffic capture rules available in the Zscaler Internet Access cloud firewall.
+
+## Example Usage - Retrieve by Name
+
+```hcl
+data "zia_traffic_capture_rules" "example" {
+    name = "Capture_Rule01"
+}
+```
+
+## Example Usage - Retrieve by ID
+
+```hcl
+data "zia_traffic_capture_rules" "example" {
+    id = 1254674585
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+### Required
+
+At least one of the following must be provided:
+
+* `id` - (Integer) Unique identifier for the Traffic Capture policy rule
+* `name` - (String) Name of the Traffic Capture policy rule
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `description` - (String) Additional information about the rule. Cannot exceed 10,240 characters.
+* `order` - (Integer) Rule order number. Policy rules are evaluated in ascending numerical order.
+* `rank` - (Integer) Admin rank of the Traffic Capture policy rule. Default value is `7`.
+* `state` - (String) Rule state. An enabled rule is actively enforced. Values: `ENABLED`, `DISABLED`
+* `action` - (String) The action the rule takes when packets match. Values: `CAPTURE`, `SKIP`
+* `access_control` - (String) The admin's access privilege to this rule based on the assigned role
+* `default_rule` - (Boolean) Indicates if this is a default rule
+* `predefined` - (Boolean) Indicates if this is a predefined rule
+* `txn_size_limit` - (String) The maximum size of traffic to capture per connection. Supported Values: `NONE`, `UNLIMITED`, `THIRTY_TWO_KB`, `TWO_FIFTY_SIX_KB`, `TWO_MB`, `FOUR_MB`, `THIRTY_TWO_MB`, `SIXTY_FOUR_MB`
+
+* `txn_sampling` - (String) The percentage of connections sampled for capturing each time the rule is triggered. Supported Values: `NONE`, `ONE_PERCENT`, `TWO_PERCENT`, `FIVE_PERCENT`, `TEN_PERCENT`, `TWENTY_FIVE_PERCENT`, `HUNDRED_PERCENT`
+
+* `last_modified_time` - (Integer) Timestamp when the rule was last modified
+
+### Last Modified By
+
+* `last_modified_by` - (List) User who last modified the rule
+  * `id` - (Integer) Identifier of the user
+  * `name` - (String) Name of the user
+  * `extensions` - (Map of String) Additional user extensions
+
+### Who, Where and When
+
+* `locations` - (List) Locations for which the rule applies. You can manually select up to `8` locations.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional location extensions
+
+* `location_groups` - (List) Location groups for which the rule applies. You can manually select up to `32` location groups.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional location group extensions
+
+* `users` - (List) Users for which the rule applies. You can manually select up to `4` general and/or special users.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional user extensions
+
+* `groups` - (List) Groups for which the rule applies. You can manually select up to `8` groups.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional group extensions
+
+* `departments` - (List) Departments for which the rule applies. You can apply to any number of departments.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional department extensions
+
+* `time_windows` - (List) Time intervals in which the rule applies. You can manually select up to `2` time intervals.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional time window extensions
+
+### Network Services
+
+* `nw_services` - (List) Network services for which the rule applies. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional network service extensions
+
+* `nw_service_groups` - (List) Network service groups for which the rule applies.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional network service group extensions
+
+### Network Applications
+
+* `nw_applications` - (List of String) Network service applications. The service provides predefined applications.
+
+* `nw_application_groups` - (List) Network application groups for which the rule applies.
+  * `id` - (Integer) Identifier that uniquely identifies an entity
+  * `name` - (String) The configured name of the entity
+  * `extensions` - (Map of String) Additional network application group extensions
+
+### Source IP
+
+* `src_ip_groups` - (Optional) Any number of source IP address groups that you want to control with this rule.
+      - `id` - (String) Identifier that uniquely identifies an entity
+      - `name` - (String) The configured name of the entity
+      - `extensions` - (Map of String)
+
+* `src_ips` - (Optional) You can enter individual IP addresses, subnets, or address ranges.
+
+* `source_countries`** - (List of String) Identify destinations based on the location of a server. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"``
+
+* `exclude_src_countries` - (Boolean) Indicates whether the countries specified in the sourceCountries field are included or excluded from the rule. A true value denotes that the specified source countries are excluded from the rule. A false value denotes that the rule is applied to the source countries if there is a match.
+
+### Destination IP
+
+* `dest_ip_groups`** - (Optional) Any number of destination IP address groups that you want to control with this rule.
+      - `id` - (String) Identifier that uniquely identifies an entity
+      - `name` - (String) The configured name of the entity
+      - `extensions` - (Map of String)
+
+* `dest_addresses`** - (List of String) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.
+* `dest_countries`** - (List of String) Identify destinations based on the location of a server. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"``
+
+### Workload Group
+
+* `workload_groups` (List) The list of preconfigured workload groups to which the policy must be applied
+  * `id` - (Number) A unique identifier assigned to the workload group
+  * `name` - (String) The name of the workload group
@@ -15,25 +15,68 @@ description: |-
 
 Use the **zia_url_categories** data source to get information about all or custom URL categories. By default, the response includes keywords.
 
+## Example Usage - Query a URL Category by Name (Default - All Types)
+
 ```hcl
-// Query a URL Category by Name
-data "zia_url_categories" "this"{
+data "zia_url_categories" "this" {
     configured_name = "Example"
 }
 ```
 
+## Example Usage - Query a URL Category by ID
+
 ```hcl
-// Query a URL Category by its Custom ID
-data "zia_url_categories" "this"{
+data "zia_url_categories" "this" {
     id = "CUSTOM_08"
 }
 ```
 
+## Example Usage - Query a URL_CATEGORY Type
+
+```hcl
+data "zia_url_categories" "url_category_example" {
+    configured_name = "My URL Category"
+    type            = "URL_CATEGORY"
+}
+```
+
+## Example Usage - Query a TLD_CATEGORY Type
+
+```hcl
+data "zia_url_categories" "tld_category_example" {
+    configured_name = "tld_russia"
+    type            = "TLD_CATEGORY"
+}
+```
+
+## Example Usage - Query All Category Types (Explicit)
+
+```hcl
+data "zia_url_categories" "all_types_example" {
+    configured_name = "Example"
+    type            = "ALL"
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
 
-* `id` - (String) URL category
+### Required
+
+At least one of the following must be provided:
+
+* `id` - (String) URL category ID
+* `configured_name` - (String) Name of the URL category
+
+### Optional
+
+* `type` - (String) Type of URL categories to retrieve. Valid values:
+  * `ALL` (default) - Retrieves all category types (URL_CATEGORY and TLD_CATEGORY)
+  * `URL_CATEGORY` - Retrieves only URL-based custom categories
+  * `TLD_CATEGORY` - Retrieves only TLD-based custom categories
+  
+  **Note:** When searching by name, this parameter filters which types of categories are searched. For TLD categories, you must either use `type = "TLD_CATEGORY"` or `type = "ALL"` (default).
 
 ## Attribute Reference
 
 
@@ -12,10 +12,30 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v4.6.2``
+``Last updated: v4.6.3``
 
 ---
 
+## 4.6.3 (November, 24 2025)
+
+### Notes
+
+- Release date: **(November, 24  2025)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Added the following new datasources and resources `zia_traffic_capture_rules` - Manage Traffic Capture Policy Rules in ZIA. This resource can be used to create, update, delete and retrieve traffic capture rules.
+
+### Bug Fixes
+
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Enhanced `zia_traffic_forwarding_static_ip` resource documentation with comprehensive examples, migration guide, and troubleshooting for automatic coordinate determination feature.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_groups` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_users` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_fw_filtering_time_window` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_rule_labels` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+- [PR #500](https://github.com/zscaler/terraform-provider-zia/pull/500) - Optimized `zia_user_management_departments` datasource to use bulk `GetAll` API call with local filtering for better performance and rate limit management.
+
 ## 4.6.2 (November, 20 2025)
 
 ### Notes