PaloAltoNetworks · create-pr-on-fork-for-pan-dev · Apr 2, 2026
diff --git a/products/terraform/docs/swfw/azure/cloudngfw/modules/loadbalancer.md b/products/terraform/docs/swfw/azure/cloudngfw/modules/loadbalancer.md
@@ -111,11 +111,11 @@ module "lbe" {
 ### Requirements
 
 - `terraform`, version: >= 1.5, < 2.0
-- `azurerm`, version: ~> 4.0
+- `azurerm`, version: ~> 4.42
 
 ### Providers
 
-- `azurerm`, version: ~> 4.0
+- `azurerm`, version: ~> 4.42
 
 
 
@@ -344,14 +344,15 @@ map(object({
     private_ip_address            = optional(string)
     gwlb_fip_id                   = optional(string)
     in_rules = optional(map(object({
-      name                = string
-      protocol            = string
-      port                = number
-      backend_port        = optional(number)
-      health_probe_key    = optional(string, "default")
-      floating_ip         = optional(bool, true)
-      session_persistence = optional(string, "Default")
-      nsg_priority        = optional(number)
+      name                    = string
+      protocol                = string
+      port                    = number
+      backend_port            = optional(number)
+      health_probe_key        = optional(string, "default")
+      floating_ip             = optional(bool, true)
+      session_persistence     = optional(string, "Default")
+      nsg_priority            = optional(number)
+      idle_timeout_in_minutes = optional(number)
     })), {})
     out_rules = optional(map(object({
       name                     = string

diff --git a/products/terraform/docs/swfw/azure/cloudngfw/modules/name_templater.md b/products/terraform/docs/swfw/azure/cloudngfw/modules/name_templater.md
@@ -61,7 +61,7 @@ As you can see:
 * the `prefix` key is just a placeholder that eventually is replaced with the value of `name_prefix`
 * the `__random__` string is replaced with a name of a [random pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) (in case you need to randomize some name, for testing purposes for example)
 * the `__default__` string is replaced with a resource abbreviation.
-  This abbreviations are defined with `var.abbreviations` variable. The module contains basic abbreviations following Microsoft suggestions, but they can be overridden with custom definitions.
+  This abbreviations are defined with `var.abbreviations` variable. The module contains basic abbreviations following Microsoft suggestions, but they can be overriden with custom definitions.
   The important part is that the `resource_type` has to match an entry in `abbreviations` variable, otherwise the abbreviation will be replaced with an empty string.
 
 To create the actual resource name the following code can be used:
@@ -199,4 +199,4 @@ Type: map(string)
 
 Default value: `map[application_gw:agw application_insights:appi availability_set:avail bastion:bas data_disk:disk file_share:share load_balancer:lb log_analytics_workspace:log managed_identity:id nat_gw:ng network_interface:nic nsg:nsg nsg_rule:nsgsr os_disk:osdisk public_ip:pip public_ip_prefix:ippre resource_group:rg route_table:rt service_endpoint:se storage_account:st subnet:snet udr:udr virtual_machine:vm virtual_machine_scale_set:vmss virtual_network_gateway:vgw vnet:vnet vnet_peering:peer]`
 
-<sup>[back to list](#modules-optional-inputs)</sup>
+<sup>[back to list](#modules-optional-inputs)</sup>
diff --git a/products/terraform/docs/swfw/azure/cloudngfw/modules/vmseries.md b/products/terraform/docs/swfw/azure/cloudngfw/modules/vmseries.md
@@ -212,7 +212,7 @@ Firewall parameters configuration.
 This map contains basic, as well as some optional Firewall parameters. Both types contain sane defaults.
 Nevertheless they should be at least reviewed to meet deployment requirements.
 
-List of either required or important properties: 
+List of either required or important properties:
 
 - `size`              - (`string`, optional, defaults to `Standard_D3_v2`) Azure VM size (type). Consult the *VM-Series
                         Deployment Guide* as only a few selected sizes are supported.
@@ -231,7 +231,7 @@ List of either required or important properties:
 
   For more details on bootstrapping [see documentation](https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/bootstrap-the-vm-series-firewall/create-the-init-cfgtxt-file/init-cfgtxt-file-components).
 
-List of other, optional properties: 
+List of other, optional properties:
 
 - `avset_id`                      - (`string`, optional, default to `null`) identifier of the Availability Set to use.
 - `capacity_reservation_group_id` - (`string`, optional, defaults to `null`) specifies the ID of the Capacity Reservation Group
@@ -250,7 +250,7 @@ List of other, optional properties:
 - `identity_type`                 - (`string`, optional, defaults to `SystemAssigned`) type of Managed Service Identity that
                                     should be configured on this VM. Can be one of "SystemAssigned", "UserAssigned" or
                                     "SystemAssigned, UserAssigned".
-- `identity_ids`                  - (`list`, optional, defaults to `[]`) a list of User Assigned Managed Identity IDs to be 
+- `identity_ids`                  - (`list`, optional, defaults to `[]`) a list of User Assigned Managed Identity IDs to be
                                     assigned to this VM. Required only if `identity_type` is not "SystemAssigned".
 
 
@@ -290,26 +290,30 @@ Interfaces will be attached to VM in the order you define here, therefore:
 
 - The first should be the management interface, which does not participate in data filtering.
 - The remaining ones are the dataplane interfaces.
-  
+
 Following configuration options are available:
 
 - `name`                          - (`string`, required) the interface name.
 - `subnet_id`                     - (`string`, required) ID of an existing subnet to create the interface in.
-- `ip_configuration_name`         - (`string`, optional, defaults to `primary`) the name of the interface IP configuration.
-- `private_ip_address`            - (`string`, optional, defaults to `null`) static private IP to assign to the interface. When
-                                    skipped Azure will assign one dynamically. Keep in mind that a dynamic IP is guarantied not
-                                    to change as long as the VM is running. Any stop/deallocate/restart operation might cause
-                                    the IP to change.
-- `create_public_ip`              - (`bool`, optional, defaults to `false`) if `true`, creates a public IP for the interface.
-- `public_ip_name`                - (`string`, optional, defaults to `null`) name of the public IP to associate with the
-                                    interface. When `create_public_ip` is set to `true` this will become a name of a newly
-                                    created Public IP interface. Otherwise this is a name of an existing interfaces that will
-                                    be sourced and attached to the interface. Not used when using `public_ip` module.
-- `public_ip_resource_group_name` - (`string`, optional, defaults to `var.resource_group_name`) name of a Resource Group that
-                                    contains public IP that that will be associated with the interface. Used only when 
-                                    `create_public_ip` is `false`.
-- `public_ip_id`                  - (`string`, optional, defaults to `null`) ID of the public IP to associate with the
-                                    interface. Property is used when public IP is not created or sourced within this module.
+- ip_configurations               - (`map`, required) A map that contains the IP configurations for the interface.
+  - `name`                          - (`string`, optional, defaults to `primary`) the name of the interface IP configuration.
+  - `primary`                       - (`bool`, optional, defaults to `true`) sets the current IP configuration as the primary
+                                      one.
+  - `private_ip_address`            - (`string`, optional, defaults to `null`) static private IP to assign to the interface. 
+                                      When skipped Azure will assign one dynamically. Keep in mind that a dynamic IP is
+                                      guaranteed not to change as long as the VM is running. Any stop/deallocate/restart
+                                      operation might cause the IP to change.
+  - `create_public_ip`              - (`bool`, optional, defaults to `false`) if `true`, creates a public IP for the interface.
+                                      **Note!** When you define multiple IP configurations, exactly one must be the primary.
+  - `public_ip_name`                - (`string`, optional, defaults to `null`) name of the public IP to associate with the
+                                      interface. When `create_public_ip` is set to `true` this will become a name of a newly
+                                      created Public IP interface. Otherwise this is a name of an existing interfaces that will
+                                      be sourced and attached to the interface. Not used when using `public_ip` module.
+  - `public_ip_resource_group_name` - (`string`, optional, defaults to `var.resource_group_name`) name of a Resource Group that
+                                      contains public IP that that will be associated with the interface. Used only when
+                                      `create_public_ip` is `false`.
+  - `public_ip_id`                  - (`string`, optional, defaults to `null`) ID of the public IP to associate with the
+                                      interface. Property is used when public IP is not created or sourced within this module.
 - `attach_to_lb_backend_pool`     - (`bool`, optional, defaults to `false`) set to `true` if you would like to associate this
                                     interface with a Load Balancer backend pool.
 - `lb_backend_pool_id`            - (`string`, optional, defaults to `null`) ID of an existing backend pool to associate the
@@ -327,17 +331,49 @@ Example:
   {
     name                 = "fw-mgmt"
     subnet_id            = azurerm_subnet.my_mgmt_subnet.id
-    public_ip_name       = "fw-mgmt-pip"
-    create_public_ip     = true
+    ip_configurations = {
+      primary-ip = {
+        name = "primary-ip"
+        primary               = true
+        create_public_ip      = true
+        public_ip_name       = "fw-mgmt-pip"
+      }
   },
   # public interface reusing an existing public IP resource
   {
     name                      = "fw-public"
     subnet_id                 = azurerm_subnet.my_pub_subnet.id
     attach_to_lb_backend_pool = true
     lb_backend_pool_id        = module.inbound_lb.backend_pool_id
-    create_public_ip          = false
-    public_ip_name            = "fw-public-pip"
+    ip_configurations = {
+      primary-ip = {
+        name = "primary-ip"
+        primary               = true
+        create_public_ip      = false
+        public_ip_name        = "fw-public-pip"
+      }
+  },
+  # interface with 2 IP addresses
+  {
+    name                      = "fw-two-ips"
+    subnet_id                 = azurerm_subnet.my_pub_subnet.id
+    attach_to_lb_backend_pool = true
+    lb_backend_pool_id        = module.inbound_lb.backend_pool_id
+    ip_configurations = {
+      primary-ip = {
+        name = "primary-ip"
+        primary               = true
+        create_public_ip      = false
+        private_ip_address    = "10.0.0.5"
+        public_ip_name        = "fw-public-pip"
+      },
+      secondary-ip = {
+        name = "secondary-ip"
+        primary               = false
+        create_public_ip      = false
+        private_ip_address    = "10.0.0.6"
+        public_ip_name        = "fw-public-pip"
+      }
   },
 ]
 ```
@@ -347,18 +383,21 @@ Type:
 
 ```hcl
 list(object({
-    name                          = string
-    subnet_id                     = string
-    ip_configuration_name         = optional(string, "primary")
-    create_public_ip              = optional(bool, false)
-    public_ip_name                = optional(string)
-    public_ip_resource_group_name = optional(string)
-    public_ip_id                  = optional(string)
-    private_ip_address            = optional(string)
-    lb_backend_pool_id            = optional(string)
-    attach_to_lb_backend_pool     = optional(bool, false)
-    appgw_backend_pool_id         = optional(string)
-    attach_to_appgw_backend_pool  = optional(bool, false)
+    name      = string
+    subnet_id = string
+    ip_configurations = map(object({
+      name                          = optional(string, "primary")
+      primary                       = optional(bool, true)
+      create_public_ip              = optional(bool, false)
+      public_ip_name                = optional(string)
+      public_ip_resource_group_name = optional(string)
+      public_ip_id                  = optional(string)
+      private_ip_address            = optional(string)
+    }))
+    lb_backend_pool_id           = optional(string)
+    attach_to_lb_backend_pool    = optional(bool, false)
+    appgw_backend_pool_id        = optional(string)
+    attach_to_appgw_backend_pool = optional(bool, false)
   }))
 ```