diff --git a/manage/resources/understanding-resources.mdx b/manage/resources/understanding-resources.mdx
index c6bb931..2cd8ff5 100644
--- a/manage/resources/understanding-resources.mdx
+++ b/manage/resources/understanding-resources.mdx
@@ -33,6 +33,26 @@ There are two types of resources: public resources and private resources.
### Public Resources
+
+
+ Supported.
+
+ Best option for most deployments.
+
+
+
+ Supported.
+
+ Use when the resource runs on the same host as your Pangolin server.
+
+
+
+ Supported.
+
+ Intended for more manual and advanced self-hosted setups.
+
+
+
Public resources are protocol-aware and TCP/UDP proxies to services that are made available to the public internet.
#### HTTPS Resources
@@ -51,8 +71,30 @@ Since these resources are not protocol aware and are publicly proxied, they do n
### Private Resources
+
+
+ Supported.
+
+ Private resources require a Newt site.
+
+
+
+ Not supported.
+
+ Local sites can only host public resources.
+
+
+
+ Not supported.
+
+ Basic WireGuard sites can only host public resources.
+
+
+
Private resources require users to be connected with Pangolin client in order for them to be accessed. Any TCP and UDP traffic can be made available.
+Private resources can only be created on Newt sites.
+
**Private resources function like a zero-trust virtual private network (VPN).** Explicit access to resources must be granted for users and roles to be able to access them. For this reason, we recommend using private resources for all raw TCP/UDP traffic that doesn't need a public proxy, instead of relying on raw TCP/UDP public resources (as discussed above).
Private resources support single hosts or entire network ranges (CIDR). Private resources can also have internal DNS alias hostnames assigned for easy, human-readable naming. Users don't choose to connect to specific resources; rather, when they connect via a client to your organization, they can access all resources their account has access to at once.