Skip to content
Network as Code

Changelog

1.4.0 April 10, 2026

Section titled “1.4.0 April 10, 2026”

Tested versions: link

UX 1.0:

  • add support for cloud_qos and cloud_qos_service_side in sdwan_localized_policy
  • add support for policy_version in sdwan_zone_based_firewall_policy_definition
  • move device types to defaults for SIG credentials feature template
  • fix nat fallback default behaviour in centralized data policy
  • fix match region_id bug in custom control policy
  • fix an issue where the route_policy_variable was not being correctly applied in sdwan_cisco_ospf_feature_template
  • fix an issue where the SIG fallback_to_routing set to false was still getting applied in sdwan_traffic_data_policy_definition

UX 2.0:

  • add support for application priority settings
  • add support for application priority traffic policy
  • add support for embedded security NGFW feature profile, NGFW policy and embedded security policy (settings)
  • add support for policy object security advanced inspection profile
  • add support for policy object security advanced malware protection profile
  • add support for policy object security data IP prefix
  • add support for policy object security fqdn list
  • add support for policy object security geolocation list
  • add support for policy object security intrusion prevention profile
  • add support for policy object security ips signature list
  • add support for policy object security local application list
  • add support for policy object security port list
  • add support for policy object security protocol list
  • add support for policy object security url allow list
  • add support for policy object security url block list
  • add support for policy object security url filtering profile
  • add support for policy object security zone
  • add support for service multicast
  • add support for service LAN VPN GRE interface
  • add support for service LAN VPN IPsec interface
  • add support for service LAN VPN SVI interface
  • add support for service OSPFv3 IPv4
  • add support for service OSPFv3 IPv6
  • add support for service switchport
  • add support for system CA certificate
  • add support for system mrf in versions 20.13 and higher
  • add support for transport WAN VPN GRE interface
  • add support for transport WAN VPN IPsec interface
  • add support for new 20.15 attributes in policy object app probe class (sdwan_policy_object_app_probe_class): forwarding_class_id (replacing direct forwarding class mapping)
  • add support for new 20.15 attributes in service BGP (sdwan_service_routing_bgp_feature): metric, metric_variable, ospf_match_route, ospf_match_route_variable
  • add support for new 20.15 attributes in service IPv4 ACL (sdwan_service_ipv4_acl_feature): accept_set_service_chain_fallback, accept_set_service_chain_fallback_variable, accept_set_service_chain_name, accept_set_service_chain_name_variable, accept_set_service_chain_vpn, accept_set_service_chain_vpn_variable
  • add support for new 20.15 attributes in service IPv6 ACL (sdwan_service_ipv6_acl_feature): accept_set_service_chain_fallback, accept_set_service_chain_fallback_variable, accept_set_service_chain_name, accept_set_service_chain_name_variable, accept_set_service_chain_vpn, accept_set_service_chain_vpn_variable
  • add support for new 20.15 attributes in service LAN VPN (sdwan_service_lan_vpn_feature): static route interface gateway handling, administrative_distance, administrative_distance_variable, sse_instance, sse_instance_variable, static_nat_subnets and variable-capable subfields
  • add support for new 20.15 attributes in service LAN VPN ethernet interface (sdwan_service_lan_vpn_interface_ethernet_feature): port-channel/member-link support, VRRP additions (min_preempt_delay, IPv6 follow-HA), subinterface primary/secondary interface fields with variable support
  • add support for new 20.15 attributes in system basic (sdwan_system_basic_feature): tracker_dia_stabilize_status, tracker_dia_stabilize_status_variable
  • add support for new 20.15 attributes in system aaa (sdwan_system_aaa_feature): TACACS/RADIUS key_variable, users key_string_variable
  • add support for new 20.15 attributes in system global (sdwan_system_global_feature): bgp_community_new_format, bgp_community_new_format_variable, etherchannel_flow_load_balance, etherchannel_flow_load_balance_variable, etherchannel_vlan_load_balance, etherchannel_vlan_load_balance_variable, lacp_system_priority, lacp_system_priority_variable
  • add support for new 20.15 attributes in system OMP (sdwan_system_omp_feature): aspath_auto_translation, aspath_auto_translation_variable, site-type mapping update for transport gateway
  • add support for new 20.15 attributes in system SNMP (sdwan_system_snmp_feature): community name_variable
  • add support for new 20.15 attributes in transport BGP (sdwan_transport_routing_bgp_feature): metric, metric_variable, ospf_match_route, ospf_match_route_variable
  • add support for new 20.15 attributes in transport IPv4 ACL (sdwan_transport_ipv4_acl_feature): accept_set_service_chain_fallback, accept_set_service_chain_fallback_variable, accept_set_service_chain_name, accept_set_service_chain_name_variable, accept_set_service_chain_vpn, accept_set_service_chain_vpn_variable
  • add support for new 20.15 attributes in transport IPv6 ACL (sdwan_transport_ipv6_acl_feature): accept_set_service_chain_fallback, accept_set_service_chain_fallback_variable, accept_set_service_chain_name, accept_set_service_chain_name_variable, accept_set_service_chain_vpn, accept_set_service_chain_vpn_variable
  • add support for new 20.15 attributes in transport IPv4 tracker (sdwan_transport_tracker_feature): icmp_interval, icmp_interval_variable, endpoint tracker type mapping cleanup
  • add support for new 20.15 attributes in transport IPv6 tracker (sdwan_transport_ipv6_tracker_feature): icmp_interval, icmp_interval_variable, endpoint tracker type mapping cleanup
  • add support for new 20.15 attributes in transport WAN VPN ethernet (sdwan_transport_wan_vpn_interface_ethernet_feature): MRF core/secondary region fields, port-channel model/member links, NAT extensions (nat_ipv4_pools, loopbacks, match-interface, static port forwards), tunnel additions (allow_fragmentation, set_sdwan_tunnel_mtu_to_max) with variable support
  • add topology_label attribute to configuration group
  • rename traffic_class to traffic_classes in both transport and service IPv6 ACL match actions
  • rename ipv4_configuration_type/ipv6_configuration_type to ipv4_address_type/ipv6_address_type and add ipv4_address_type_variable/ipv6_address_type_variable in service LAN VPN ethernet interface, transport management VPN ethernet interface and transport WAN VPN ethernet interface
  • rename fw to FW, ids to IDS, idp to IDP in traffic policy action service type and service LAN VPN service_type
  • rename sc1-sc16 to SC1-SC16 in traffic policy action service chain type, service IPv4/IPv6 ACL service_chain_name and transport IPv4/IPv6 ACL service_chain_name
  • rename local-as to local-AS in policy object standard community list standard_communities and transport route policy action communities
  • rename internal to Internal, external-type1 to External-type1, external-type2 to External-type2 in service BGP IPv4/IPv6 redistribute ospf_match_route and transport BGP IPv4/IPv6 redistribute ospf_match_route
  • rename decrement to Decrement, shutdown to Shutdown in service LAN VPN ethernet interface IPv4 VRRP tracking object action
  • rename bgp to BGP, ospf to OSPF, connected to Connected, static to Static, network to Network, aggregate to Aggregate in service LAN VPN IPv6 OMP advertise route protocol
  • rename nat64 to NAT64, nat66 to NAT66 in service LAN VPN IPv6 static route nat, transport management VPN IPv6 static route nat and transport WAN VPN IPv6 static route nat
  • rename tcp to TCP, udp to UDP in service LAN VPN NAT port forward protocol
  • rename sig to SIG, sse to SSE in service LAN VPN service routes service
  • rename cisco-secure-access to Cisco-Secure-Access, zscaler to zScaler in service LAN VPN service routes sse_instance
  • rename te to TE in service LAN VPN service_type and transport WAN VPN services
  • fix service bgp and transport bgp failing when ipv6 neighbor has maximum_prefix_reach_policy set to off
  • fix configuration group feature_versions not tracking DHCP server association changes for service LAN VPN ethernet and SVI interfaces

1.3.0 November 12, 2025

Section titled “1.3.0 November 12, 2025”

Tested versions: link

UX 1.0:

  • add support for UX 1.0 PIM feature template
  • add support for UX 1.0 policy object port list
  • add support for UX 1.0 unified security policy and unified firewall
  • add support for default_action in UX 1.0 application aware routing policy
  • add support for queue 0 in UX 1.0 QoS Map which contains no class map id
  • add support for enhanced_app_aware_routing_variable parameter in system feature template
  • use default names Cisco-Umbrella-Global-Credentials and Cisco-Zscaler-Global-Credentials for SIG credentials feature template
  • move UX 1.0 route policy sequence name from hardcoded value to defaults
  • fix backup_interface to consider none as None in Secure Internet Gateway feature template
  • fix logging_feature_template custom_profile attribute logic (null in case tls_profile is not configured)
  • fix route policy standard_community_lists to properly handle both single and multiple community list entries
  • fix trunk_allowed_vlans_variable not being set correctly in switchport feature template
  • fix vpn_name_variable not being set in VPN feature template
  • fix vpn feature template service route failing during device template push

UX 2.0:

  • add support for application priority feature profile
  • add support for application priority qos policy
  • add support for policy groups
  • add support for policy object color list
  • add support for policy object preferred color group
  • add support for policy object SLA class
  • add support for service BGP
  • add support for service EIGRP
  • add support for service IPv4 ACL
  • add support for service IPv6 ACL
  • add support for service LAN VPN Ethernet Interface
  • add support for service OSPF
  • add support for transport BGP
  • add support for transport IPv4 ACL
  • add support for transport IPv6 ACL
  • add support for transport OSPF
  • rename LAN VPN etherent interface DHCP server association from ...dhcp to ...dhcp_server
  • remove secret_key from tacacs and radius server configuration in AAA feature

1.2.0 August 29, 2025

Section titled “1.2.0 August 29, 2025”

Tested versions: link

UX 1.0:

  • add support for IGMP feature template
  • add support for multicast feature template
  • add enhanced_app_aware_routing parameter in system feature template
  • add default handling of ip_type in route policy
  • add expanded_community_list_variable parameter in route policy
  • add destination_ip_prefix_variable and source_ip_prefix_variable parameters in IPv4 acl policy IPv6 device acl policy
  • fix sdwan_attach_feature_device_template resource to be generated per template, not per device
  • fix local_tloc_list encaps parameter to be optional in traffic data policy
  • fix nat_pool action not being set correctly in traffic data policy

UX 2.0:

  • add support for service route policy
  • add support for transport cellular profile
  • add support for transport GPS
  • add support for transport route policy
  • add support for policy object application list
  • add support for policy object app probe class
  • fix devices and feature_versions parameters of configuration group to be null when empty
  • fix id parameter in system IPv4 device access and IPv6 device access features
  • fix administrative_distance_variable parameter not being set in the transport management VPN feature
  • fix UX 2.0 enum values to be lowercase wherever possible

1.1.0 April 18, 2025

Section titled “1.1.0 April 18, 2025”

Tested versions: link

  • Fix vty_line_logging parameter not being set in sdwan_system_global_feature
  • Add support for sdwan_policy_object_as_path_list resource
  • Add support for sdwan_policy_object_standard_community_list resource
  • Fix ipv4_dhcp_helpers_variable not being set when configuring sdwan_transport_management_vpn_interface_ethernet_feature and sdwan_transport_wan_vpn_interface_ethernet_feature
  • Change sdwan_transport_wan_vpn_interface_ethernet_feature_associateX_feature resources names to match name logic
  • Fix dhcp parameter logic for sdwan_cisco_vpn_interface_feature_template
  • Fix VRRP prefix_variable parameter for sdwan_cisco_vpn_interface_feature_template and sdwan_vpn_interface_svi_feature_template
  • Fix ascii_variable parameter for sdwan_cisco_dhcp_server_feature_template
  • Add support for sdwan_system_ipv4_device_access_feature resource
  • Add support for sdwan_system_ipv6_device_access_feature resource
  • Add support for sdwan_service_dhcp_server_feature resource
  • Add support for sdwan_configuration_group resource
  • Add support for sdwan_tag resource

1.0.0 January 17, 2025

Section titled “1.0.0 January 17, 2025”

Tested versions: link

  • Provide default value for name if not explicitly set for sdwan_system_basic_feature, sdwan_system_omp_feature, sdwan_system_performance_monitoring_feature, sdwan_system_security_feature, sdwan_system_snmp_feature and sdwan_transport_wan_vpn_feature
  • Simplify default feature name from profile_name-feature_name to feature_name
  • Add support for sdwan_policy_object_feature_profile resource
  • Add support for sdwan_policy_object_class_map resource
  • Add support for sdwan_policy_object_data_ipv4_prefix_list resource
  • Add support for sdwan_policy_object_data_ipv6_prefix_list resource
  • Add support for sdwan_policy_object_expanded_community_list resource
  • Add support for sdwan_policy_object_extended_community_list resource
  • Add support for sdwan_policy_object_ipv4_prefix_list resource
  • Add support for sdwan_policy_object_ipv6_prefix_list resource
  • Add support for sdwan_policy_object_mirror resource
  • Add support for sdwan_policy_object_policer resource
  • Add support for sdwan_policy_object_tloc_list resource
  • Add support for variables in secure app hosting feature template
  • Fix issue where sdwan_custom_control_topology_policy_definition always shows diff when match_criterias or actions are not configured in data model
  • Fix issue where sdwan_traffic_data_policy_definition always shows diff when match_criterias or actions are not configured in data model
  • Fix issue where sdwan_application_aware_routing_policy_definition always shows diff when match_criterias or actions are not configured in data model
  • Fix issue where certain parameters were required by sdwan_cflowd_policy_definition resource, but are optional in the UI
  • Fix issue where authentication_type_variable was not configurable with sdwan_cisco_security_feature_template
  • In sdwan_cflowd_policy_definition, fix export_spreading to be optional
  • Add gateway parameter to ipv6_static_routes of sdwan_transport_wan_vpn_feature
  • Add support for sdwan_other_ucse_feature resource
  • Add support for sdwan_transport_management_vpn_feature resource
  • Add support for sdwan_transport_management_vpn_interface_ethernet_feature resource
  • Separate sdwan_profile_parcels.tf into sdwan_features_cli.tf, sdwan_features_other.tf, sdwan_features_service.tf, sdwan_features_system.tf and sdwan_features_transport.tf
  • Rename sdwan_system_performance_monitoring_feature resources from ...-performance_monitor to ...-perfmonitor
  • Add support for sdwan_transport_wan_vpn_ethernet_interface resource
  • Add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature resource
  • Add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature resource
  • Add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature resource
  • Add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature resource
  • Add support for sdwan_cellular_controller_feature_template resource
  • Add support for sdwan_cellular_cedge_profile_feature_template resource
  • Add support for sdwan_cisco_vpn_interface_gre_feature_template resource
  • Add support for sdwan_vpn_interface_cellular_feature_template resource

0.1.0 November 1, 2024

Section titled “0.1.0 November 1, 2024”

Tested versions: link

  • Initial release