Merge pull request #3261 from fosrl/dev

1.19.2
Allow missing agent host
2026-06-13 10:59:52 +00:00 · 2026-06-12 15:02:58 -07:00 · 2026-06-12 15:01:09 -07:00 · 2026-06-12 14:44:45 -07:00 · 2026-06-12 14:22:17 -07:00 · 2026-06-12 14:12:01 -07:00
288 changed files with 10005 additions and 5200 deletions
--- a/.cursor/rules/Components.mdc
+++ b/.cursor/rules/Components.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+When creating UI for popup dialogs or modals, use the Credenza componennt. This component is mobile responsive and works on desktop and wraps the dialog component and sheet into one.
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,4 +34,5 @@ build.ts
 tsconfig.json
 Dockerfile*
 drizzle.config.ts
-allowedDevOrigins.json
+allowedDevOrigins.json
+scratch/
--- a/cli/commands/setServerAdmin.ts
+++ b/cli/commands/setServerAdmin.ts
@@ -4,19 +4,26 @@ import { eq } from "drizzle-orm";

 type SetServerAdminArgs = {
    email: string;
+    remove: boolean;
 };

 export const setServerAdmin: CommandModule<{}, SetServerAdminArgs> = {
    command: "set-server-admin",
-    describe: "Mark any user as a server admin by email address",
+    describe: "Add or remove server admin by email address",
    builder: (yargs) => {
-        return yargs.option("email", {
-            type: "string",
-            demandOption: true,
-            describe: "User email address"
-        });
+        return yargs
+            .option("email", {
+                type: "string",
+                demandOption: true,
+                describe: "User email address"
+            })
+            .option("remove", {
+                type: "boolean",
+                default: false,
+                describe: "Remove server admin status from the user"
+            });
    },
-    handler: async (argv: { email: string }) => {
+    handler: async (argv: SetServerAdminArgs) => {
        try {
            const email = argv.email.trim().toLowerCase();

@@ -31,6 +38,33 @@ export const setServerAdmin: CommandModule<{}, SetServerAdminArgs> = {
                process.exit(1);
            }

+            if (argv.remove) {
+                if (!user.serverAdmin) {
+                    console.log(`User '${email}' is not a server admin`);
+                    process.exit(0);
+                }
+
+                const serverAdmins = await db
+                    .select()
+                    .from(users)
+                    .where(eq(users.serverAdmin, true));
+
+                if (serverAdmins.length <= 1) {
+                    console.error(
+                        "Cannot remove server admin: at least one server admin must exist"
+                    );
+                    process.exit(1);
+                }
+
+                await db
+                    .update(users)
+                    .set({ serverAdmin: false })
+                    .where(eq(users.userId, user.userId));
+
+                console.log(`Server admin status removed from user '${email}'`);
+                process.exit(0);
+            }
+
            if (user.serverAdmin) {
                console.log(`User '${email}' is already a server admin`);
                process.exit(0);
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Вижте частни ресурси",
    "siteInstallNewt": "Инсталирайте Newt",
    "siteInstallNewtDescription": "Пуснете Newt на вашата система",
+    "siteInstallKubernetesDocsDescription": "За повече и актуална информация относно инсталацията на Kubernetes, вижте <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "За инструкции за инсталиране на Advantech модем, вижте <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard конфигурация",
    "WgConfigurationDescription": "Използвайте следната конфигурация, за да се свържете с мрежата",
    "operatingSystem": "Операционна система",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Ще можете да виждате това само веднъж. Уверете се да го копирате на сигурно място.",
    "siteInfo": "Информация за сайта",
    "status": "Статус",
-    "shareTitle": "Управление на връзки за споделяне",
+    "shareTitle": "Управление на споделими връзки",
    "shareDescription": "Създайте споделими връзки, за да предоставите временен или постоянен достъп до прокси ресурсите",
-    "shareSearch": "Търсене на връзки за споделяне...",
-    "shareCreate": "Създайте връзка за споделяне",
+    "shareSearch": "Търсене на споделими връзки...",
+    "shareCreate": "Създаване на споделима връзка",
    "shareErrorDelete": "Неуспешно изтриване на връзката",
    "shareErrorDeleteMessage": "Възникна грешка при изтриване на връзката",
    "shareDeleted": "Връзката беше изтрита",
    "shareDeletedDescription": "Връзката беше премахната",
-    "shareDelete": "Изтрийте споделената връзка",
-    "shareDeleteConfirm": "Потвърдете изтриването на споделената връзка",
+    "shareDelete": "Изтриване на споделима връзка",
+    "shareDeleteConfirm": "Потвърдете изтриването на споделима връзка",
    "shareQuestionRemove": "Сигурни ли сте, че искате да изтриете тази споделена връзка?",
    "shareMessageRemove": "След изтриване връзката вече няма да работи и всеки, който я използва, ще загуби достъп до ресурса.",
    "shareTokenDescription": "Достъпният токен може да бъде предаван по два начина: като параметър или в хедърите на заявките. Те трябва да бъдат предавани от клиента при всяка заявка за удостоверен достъп.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Всеки с тази връзка може да получи достъп до ресурса",
    "shareTitleOptional": "Заглавие (по избор)",
    "sharePathOptional": "Път (по избор)",
+    "sharePathDescription": "След удостоверяване, линкът ще препрати потребителите на този път.",
    "expireIn": "Изтече",
    "neverExpire": "Никога не изтича",
    "shareExpireDescription": "Времето на изтичане е колко дълго връзката ще бъде използваема и ще предоставя достъп до ресурса. След това време, връзката няма да работи и потребителите, които са я използвали, ще загубят достъп до ресурса.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Моля, изберете ресурс",
    "proxyResourceTitle": "Управление на обществени ресурси",
    "proxyResourceDescription": "Създайте и управлявайте ресурси, които са общодостъпни чрез уеб браузър.",
-    "publicResourcesBannerTitle": "Публичен достъп чрез уеб.",
-    "publicResourcesBannerDescription": "Публичните ресурси са HTTPS или TCP/UDP проксита, достъпни за всеки в интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват софтуер от страна на клиента и могат да включват издентити и контексто-осъзнати политики за достъп.",
+    "publicResourcesBannerTitle": "Публичен достъп през Интернет",
+    "publicResourcesBannerDescription": "Публичните ресурси са HTTPS проксита, достъпни за всеки в Интернет чрез уеб браузър. За разлика от частните ресурси, те не изискват клиентски софтуер и могат да включват издентити и контексто-осъзнати политики за достъп.",
    "clientResourceTitle": "Управление на частни ресурси",
    "clientResourceDescription": "Създайте и управлявайте ресурси, които са достъпни само чрез свързан клиент.",
    "privateResourcesBannerTitle": "Достъп до частни ресурси с нулево доверие.",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Търсене на ресурси...",
    "resourceAdd": "Добавете ресурс",
    "resourceErrorDelte": "Грешка при изтриване на ресурс",
-    "resourcePoliciesTitle": "Управление на политики за ресурси",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Свързани ресурси",
+    "resourcePoliciesBannerTitle": "Повторно използване на Удостоверяване и Правила за Достъп",
+    "resourcePoliciesBannerDescription": "Споделените ресурсни политики ви позволяват да дефинирате методи за удостоверяване и правила за достъп веднъж, след което ги прикачвате към множество публични ресурси. Когато актуализирате политика, всеки свързан ресурс автоматично унаследява промените.",
+    "resourcePoliciesBannerButtonText": "Научете Повече",
+    "resourcePoliciesTitle": "Управление на публични ресурсни политики",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ресурси",
    "resourcePoliciesAttachedResources": "{count} ресурс(а)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} other {# ресурси}}",
    "resourcePoliciesAttachedResourcesEmpty": "няма ресурси",
-    "resourcePoliciesDescription": "Създавай и управлявай политики за автентикация, за да контролирате достъпа до вашите ресурси",
+    "resourcePoliciesDescription": "Създайте и управлявайте политики за удостоверяване за контролиране на достъпа до вашите публични ресурси",
    "resourcePoliciesSearch": "Търсене на политики...",
    "resourcePoliciesAdd": "Добавяне на политика",
    "resourcePoliciesDefaultBadgeText": "Стандартна политика",
-    "resourcePoliciesCreate": "Създаване на политика за ресурс",
+    "resourcePoliciesCreate": "Създаване на публична ресурсна политика",
    "resourcePoliciesCreateDescription": "Следвайте стъпките по-долу, за да създадете нова политика",
    "resourcePolicyName": "Име на политика",
    "resourcePolicyNameDescription": "Дайте на тази политика име, за да я идентифицирате в цялото ви ресурси",
@@ -274,7 +281,7 @@
    "back": "Назад",
    "cancel": "Отмяна",
    "resourceConfig": "Конфигурационни фрагменти",
-    "resourceConfigDescription": "Копирайте и поставете тези конфигурационни отрязъци, за да настроите TCP/UDP ресурса",
+    "resourceConfigDescription": "Копирайте и поставете тези фрагменти от конфигурация за настройка на TCP/UDP ресурса.",
    "resourceAddEntrypoints": "Traefik: Добавете Входни точки",
    "resourceExposePorts": "Gerbil: Изложете портове в Docker Compose",
    "resourceLearnRaw": "Научете как да конфигурирате TCP/UDP ресурси",
@@ -287,6 +294,8 @@
    "labelDelete": "Изтриване на етикета",
    "labelAdd": "Добавяне на етикет",
    "labelCreateSuccessMessage": "Етикетът е създаден успешно",
+    "labelDuplicateError": "Дублиран етикет",
+    "labelDuplicateErrorDescription": "Етикет с това име вече съществува.",
    "labelEditSuccessMessage": "Етикетът е променен успешно",
    "labelNameField": "Име на етикет",
    "labelColorField": "Цвят на етикет",
@@ -311,7 +320,7 @@
    "rules": "Правила",
    "resourceSettingDescription": "Конфигурирайте настройките на ресурса",
    "resourceSetting": "Настройки на {resourceName}",
-    "resourcePolicySettingDescription": "Конфигурирайте настройките на политиката за ресурс",
+    "resourcePolicySettingDescription": "Конфигурирайте настройките на тази публична ресурсна политика",
    "resourcePolicySetting": "Настройки за {policyName}",
    "alwaysAllow": "Заобикаляне на Ауторизацията",
    "alwaysDeny": "Блокиране на Достъпа",
@@ -719,7 +728,7 @@
    "targetSubmit": "Добавяне на цел",
    "targetNoOne": "Този ресурс няма цели. Добавете цел, за да конфигурирате къде да се изпращат заявките към бекенда.",
    "targetNoOneDescription": "Добавянето на повече от една цел ще активира натоварването на баланса.",
-    "targetsSubmit": "Запазване на целите",
+    "targetsSubmit": "Запази Настройки",
    "addTarget": "Добавете цел",
    "proxyMultiSiteRoundRobinNodeHelp": "Роунд Робин маршрутизирането няма да работи между сайтове, които не са свързани към един и същ възел, но автоматичното превключване ще работи.",
    "targetErrorInvalidIp": "Невалиден IP адрес",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Дубликат на правило",
    "rulesErrorDuplicateDescription": "Правило с тези настройки вече съществува",
    "rulesErrorInvalidIpAddressRange": "Невалиден CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Моля, въведете валидна стойност на CIDR",
-    "rulesErrorInvalidUrl": "Невалиден URL път",
-    "rulesErrorInvalidUrlDescription": "Моля, въведете валидна стойност за URL път",
-    "rulesErrorInvalidIpAddress": "Невалиден IP",
-    "rulesErrorInvalidIpAddressDescription": "Моля, въведете валиден IP адрес",
+    "rulesErrorInvalidIpAddressRangeDescription": "Въведете валиден CIDR диапазон (напр., 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Невалиден път",
+    "rulesErrorInvalidUrlDescription": "Въведете валиден път на URL или шаблон (напр., /api/*).",
+    "rulesErrorInvalidIpAddress": "Невалиден IP адрес",
+    "rulesErrorInvalidIpAddressDescription": "Въведете валиден IPv4 или IPv6 адрес.",
    "rulesErrorUpdate": "Неуспешно актуализиране на правилата",
    "rulesErrorUpdateDescription": "Възникна грешка при актуализиране на правилата",
    "rulesUpdated": "Активиране на правилата",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Въведете IP адрес (напр. 103.21.244.12)",
    "rulesMatchUrl": "Въведете URL път или модел (напр. /api/v1/todos или /api/v1/*)",
    "rulesErrorInvalidPriority": "Невалиден приоритет",
-    "rulesErrorInvalidPriorityDescription": "Моля, въведете валиден приоритет",
-    "rulesErrorDuplicatePriority": "Дублирани приоритети",
-    "rulesErrorDuplicatePriorityDescription": "Моля, въведете уникални приоритети",
+    "rulesErrorInvalidPriorityDescription": "Въведете цяло число 1 или по-голямо.",
+    "rulesErrorDuplicatePriority": "Дублирания на приоритети",
+    "rulesErrorDuplicatePriorityDescription": "Всяко правило трябва да има уникален номер на приоритет.",
+    "rulesErrorValidation": "Невалидни правила",
+    "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Изберете валиден тип съвпадение (път, IP, CIDR, държава, регион или ASN).",
+    "rulesErrorValueRequired": "Въведете стойност за това правило.",
+    "rulesErrorInvalidCountry": "Невалидна държава",
+    "rulesErrorInvalidCountryDescription": "Изберете валидна държава.",
+    "rulesErrorInvalidAsn": "Невалиден ASN",
+    "rulesErrorInvalidAsnDescription": "Въведете валиден ASN (напр., AS15169).",
    "ruleUpdated": "Правилата са актуализирани",
    "ruleUpdatedDescription": "Правилата бяха успешно актуализирани",
    "ruleErrorUpdate": "Операцията не бе успешна",
    "ruleErrorUpdateDescription": "Възникна грешка по време на операцията за запис",
    "rulesPriority": "Приоритет",
+    "rulesReorderDragHandle": "Плъзнете за преаранжиране на приоритети на правилата",
    "rulesAction": "Действие",
    "rulesMatchType": "Тип на съвпадение",
    "value": "Стойност",
@@ -792,7 +810,7 @@
    "rulesResource": "Конфигурация на правилата за ресурси",
    "rulesResourceDescription": "Конфигурирайте правила за контролиране на достъпа до ресурса",
    "ruleSubmit": "Добави правило",
-    "rulesNoOne": "Няма правила. Добавете правило чрез формуляра.",
+    "rulesNoOne": "Все още няма правила.",
    "rulesOrder": "Правилата се оценяват по приоритет в нарастващ ред.",
    "rulesSubmit": "Запазване на правилата",
    "policyErrorCreate": "Грешка при създаване на политика",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Възникна неочаквана грешка",
    "policyCreatedSuccess": "Политиката за ресурс е създадена успешно",
    "policyUpdatedSuccess": "Политиката за ресурс е актуализирана успешно",
-    "authMethodsSave": "Запазете методите за идентификация",
+    "authMethodsSave": "Запази Настройки",
+    "policyAuthStackTitle": "Удостоверяване",
+    "policyAuthStackDescription": "Контролирайте кои методи за удостоверяване са необходими за достъп до този ресурс",
+    "policyAuthOrLogicTitle": "Множество активни методи за удостоверяване",
+    "policyAuthOrLogicBanner": "Посетителите могат да се удостоверяват чрез който и да е от активните методи по-долу. Не е необходимо да преминават през всичките.",
+    "policyAuthMethodActive": "Активен",
+    "policyAuthMethodOff": "Изключено",
+    "policyAuthSsoTitle": "Платформено SSO",
+    "policyAuthSsoDescription": "Изисква вход чрез удостоверител на вашата организация",
+    "policyAuthSsoSummary": "{idp} · {users} потребители, {roles} роли",
+    "policyAuthSsoDefaultIdp": "По подразбиране удостоверител",
+    "policyAuthAddDefaultIdentityProvider": "Добавете удостоверител по подразбиране",
+    "policyAuthOtherMethodsTitle": "Други Методи",
+    "policyAuthOtherMethodsDescription": "Опционални методи, които посетителите могат да използват вместо или заедно с платформния SSO",
+    "policyAuthPasscodeTitle": "Парола",
+    "policyAuthPasscodeDescription": "Изисква споделена алфанумерична парола за достъп до ресурса",
+    "policyAuthPasscodeSummary": "Зададена парола",
+    "policyAuthPincodeTitle": "ПИН код",
+    "policyAuthPincodeDescription": "Кратък цифров код, необходим за достъп до ресурса",
+    "policyAuthPincodeSummary": "Зададен 6-цифрен ПИН код",
+    "policyAuthEmailTitle": "Списък с имейл адреси",
+    "policyAuthEmailDescription": "Позволете изброените имейл адреси с еднократни пароли",
+    "policyAuthEmailSummary": "{count} адреси са позволени",
+    "policyAuthEmailOtpCallout": "Активирането на списъка с имейл адреси изпраща еднократна парола на имейла на посетителя при влизане.",
+    "policyAuthHeaderAuthTitle": "Базово удостоверяване чрез заглавие",
+    "policyAuthHeaderAuthDescription": "Валидирайте собствено HTTP заглавие и стойност при всяка заявка",
+    "policyAuthHeaderAuthSummary": "Конфигурирано заглавие",
+    "policyAuthHeaderName": "Име на заглавието",
+    "policyAuthHeaderValue": "Очаквана стойност",
+    "policyAuthSetPasscode": "Задайте парола",
+    "policyAuthSetPincode": "Задайте ПИН код",
+    "policyAuthSetEmailWhitelist": "Задайте списък с имейли",
+    "policyAuthSetHeaderAuth": "Задайте базово удостоверяване чрез заглавие",
+    "policyAccessRulesTitle": "Правила за достъп",
+    "policyAccessRulesEnableDescription": "Когато е включено, правилата се оценяват в низходящ ред, докато едно не се оцени като вярно.",
+    "policyAccessRulesFirstMatch": "Правилата се оценяват от горе надолу. Първото съвпадащо правило определя резултата.",
+    "policyAccessRulesHowItWorks": "Правилата съпоставят заявки по път, IP адрес, местоположение или друг критерий. Всяко правило прилага действие: заобикаля удостоверяване, блокира достъп или преминава към удостоверяване. Ако няма съвпадение, трафикът продължава към удостоверяване.",
+    "policyAccessRulesFallthroughOff": "Когато правилата са изключени, целият трафик преминава към удостоверяване.",
+    "policyAccessRulesFallthroughOn": "Когато няма съвпадение, трафикът преминава към удостоверяване.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Запазете правилата",
    "resourceErrorCreate": "Грешка при създаване на ресурс",
    "resourceErrorCreateDescription": "Възникна грешка при създаването на ресурса",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Възникна грешка при актуализиране на ресурса",
    "access": "Достъп",
    "accessControl": "Контрол на достъпа",
-    "shareLink": "{resource} Сподели връзка",
+    "shareLink": "{resource} Споделима връзка",
    "resourceSelect": "Изберете ресурс",
-    "shareLinks": "Споделени връзки",
+    "shareLinks": "Споделими връзки",
    "share": "Споделени връзки",
    "shareDescription2": "Създайте връзки за достъп до ресурси. Връзките предоставят временен или неограничен достъп до вашия ресурс. Можете да конфигурирате продължителността на изтичане на връзката, когато я създавате.",
    "shareEasyCreate": "Лесно за създаване и споделяне",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Администраторите винаги могат да имат достъп до този ресурс.",
    "resourcePolicySelectTitle": "Политика за достъп до ресурс",
    "resourcePolicySelectDescription": "Изберете типа на политиката за ресурс за идентификация",
+    "resourcePolicyTypeLabel": "Тип политика",
+    "resourcePolicyLabel": "Ресурсна политика",
    "resourcePolicyInline": "Инлайн Политика за Ресурс",
    "resourcePolicyInlineDescription": "Политика за достъп, ограничена само до този ресурс",
    "resourcePolicyShared": "Споделена Политика за Ресурс",
-    "resourcePolicySharedDescription": "Този ресурс използва споделена политика. Настройки на ниво политика (методи за идентификация, бял списък на имейли) са заключени. Можете да добавите правила за ресурса, роли и потребители по-долу.",
+    "resourcePolicySharedDescription": "Този ресурс използва споделена политика.",
+    "sharedPolicy": "Споделена политика",
+    "sharedPolicyNoneDescription": "Този ресурс има своя собствена политика.",
+    "resourceSharedPolicyOwnDescription": "Този ресурс има свои собствени контроли за удостоверяване и правила за достъп.",
+    "resourceSharedPolicyInheritedDescription": "Този ресурс наследява от <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Този ресурс използва споделена политика. Някои настройки на удостоверяване могат да се редактират на този ресурс, за да се добавят към политиката. За да промените основната политика, трябва да редактирате <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Този ресурс използва споделена политика. Някои правила за достъп могат да се редактират на този ресурс. За да промените основната политика, трябва да редактирате <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Контроли за достъп",
    "resourceUsersRolesDescription": "Конфигурирайте кои потребители и роли могат да посещават този ресурс",
    "resourceUsersRolesSubmit": "Запазване на управлението на достъп.",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Видимост",
    "resourceVisibilityTitleDescription": "Напълно активирайте или деактивирайте видимостта на ресурса",
    "resourceGeneral": "Общи настройки",
-    "resourceGeneralDescription": "Конфигурирайте общите настройки за този ресурс",
+    "resourceGeneralDescription": "Конфигурирайте име, адрес и политика за достъп за този ресурс.",
+    "resourceGeneralDetailsSubsection": "Подробности за ресурса",
+    "resourceGeneralDetailsSubsectionDescription": "Задайте показвано име, идентификатор и публично достъпен домейн за този ресурс.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Задайте показвано име, идентификатор и публичен порт за този ресурс.",
+    "resourceGeneralPublicAddressSubsection": "Публичен Адрес",
+    "resourceGeneralPublicAddressSubsectionDescription": "Конфигурирайте как потребителите достигат до този ресурс.",
+    "resourceGeneralAuthenticationAccessSubsection": "Удостоверяване и Достъп",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Изберете дали този ресурс използва собствена политика или наследява от споделена политика.",
    "resourceEnable": "Активирайте ресурс",
    "resourceTransfer": "Прехвърлете ресурс",
    "resourceTransferDescription": "Прехвърлете този ресурс към различен сайт",
@@ -1220,11 +1294,14 @@
    "addLabels": "Добавяне на етикети",
    "siteLabelsTab": "Етикети",
    "siteLabelsDescription": "Управление на етикети, свързани с този сайт.",
-    "labelsNotFound": "Етикети не са намерени",
+    "labelsNotFound": "Не са намерени етикети.",
+    "labelsEmptyCreateHint": "Започнете да пишете горе, за да създадете етикет.",
    "labelSearch": "Търсене на етикети",
+    "labelSearchOrCreate": "Търсене или създаване на етикет",
    "accessLabelFilterCount": "{count, plural, one {# етикет} other {# етикети}}",
    "labelOverflowCount": "+{count, plural, one {# етикет} other {# етикети}}",
    "accessLabelFilterClear": "Изчисти филтрите за етикети",
+    "accessFilterClear": "Изчистване на филтри",
    "selectColor": "Изберете цвят",
    "createNewLabel": "Създайте нов организационен етикет \"{label}\"",
    "inviteInvalidDescription": "Линкът към поканата е невалиден.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Ресурси",
    "sidebarProxyResources": "Публично",
    "sidebarClientResources": "Частно",
-    "sidebarPolicies": "Политики",
-    "sidebarResourcePolicies": "Ресурси",
+    "sidebarPolicies": "Споделени политики",
+    "sidebarResourcePolicies": "Публични ресурси",
    "sidebarAccessControl": "Контрол на достъпа",
    "sidebarLogsAndAnalytics": "Дневници и анализи",
    "sidebarTeam": "Екип",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Администратор",
    "sidebarInvitations": "Покани",
    "sidebarRoles": "Роли",
-    "sidebarShareableLinks": "Връзки",
+    "sidebarShareableLinks": "Споделими връзки",
    "sidebarApiKeys": "API ключове",
    "sidebarProvisioning": "Осигуряване",
    "sidebarSettings": "Настройки",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Ресурс {id}",
    "blueprints": "Чертежи",
    "blueprintsLog": "Регистър на скицописи",
-    "blueprintsDescription": "Вижте предишни приложения и техните резултати",
+    "blueprintsDescription": "Прегледайте съществуващите blueprint приложения и резултатите им или приложете нов blueprint",
    "blueprintAdd": "Добави Чертеж",
    "blueprintGoBack": "Виж всички Чертежи",
    "blueprintCreate": "Създай Чертеж",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Активиране на Docker Чернова",
    "enableDockerSocketDescription": "Активирайте изтегляне с етикети на Docker Socket за скицописи. Пътят на гнездото трябва да бъде предоставен на конектора на сайта. Прочетете как работи това в <docsLink>документацията</docsLink>.",
    "newtAutoUpdate": "Активиране на автоматично обновяване на сайта",
-    "newtAutoUpdateDescription": "Когато е активно, конекторите на сайта автоматично ще се актуализират до най-новата версия при наличието на ново издание.",
+    "newtAutoUpdateDescription": "Когато е активирана, свързочният възел на сайта автоматично ще изтегли последната версия и ще се рестартира сам. Това може да бъде преодоляно на ниво сайт.",
    "siteAutoUpdate": "Автоматично обновяване на сайта",
    "siteAutoUpdateLabel": "Активиране на автоматично обновяване",
-    "siteAutoUpdateDescription": "Управлявайте дали конекторът за този сайт автоматично изтегля последната версия.",
+    "siteAutoUpdateDescription": "Когато е активирана, конекторът на този сайт автоматично ще изтегли последната версия и ще се рестартира сам.",
    "siteAutoUpdateOrgDefault": "По подразбиране за организацията: {state}",
    "siteAutoUpdateOverriding": "Преодоляване на настройката на организацията",
    "siteAutoUpdateResetToOrg": "Възстановяване към организацията по подразбиране",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Настройката на профила завърши успешно! Добре дошли в Pangolin!",
    "documentation": "Документация",
    "saveAllSettings": "Запазване на всички настройки",
-    "saveResourceTargets": "Запазване на целеви ресурси.",
-    "saveResourceHttp": "Запазване на прокси настройките.",
-    "saveProxyProtocol": "Запазване на настройките на прокси протокола.",
+    "saveResourceTargets": "Запази Настройки",
+    "saveResourceHttp": "Запази Настройки",
+    "saveProxyProtocol": "Запази Настройки",
    "settingsUpdated": "Настройките са обновени",
    "settingsUpdatedDescription": "Настройките са успешно актуализирани.",
    "settingsErrorUpdate": "Неуспешно обновяване на настройките",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Неизвестен",
    "healthCheck": "Проверка на здравето",
    "configureHealthCheck": "Конфигуриране на проверка на здравето",
-    "configureHealthCheckDescription": "Настройте мониторинг на здравето за {target}",
+    "configureHealthCheckDescription": "Настройте мониторинг за вашия ресурс, за да се уверите, че винаги е на разположение",
    "enableHealthChecks": "Разрешаване на проверки на здравето",
    "healthCheckDisabledStateDescription": "Когато е деактивиран, сайтът не изпълнява проверки и състоянието се счита за неизвестно.",
    "enableHealthChecksDescription": "Мониторинг на здравето на тази цел. Можете да наблюдавате различен краен пункт от целта, ако е необходимо.",
    "healthScheme": "Метод",
    "healthSelectScheme": "Избор на метод",
-    "healthCheckPortInvalid": "Портът за проверка на състоянието трябва да е между 1 и 65535",
+    "healthCheckPortInvalid": "Портът трябва да бъде между 1 и 65535",
    "healthCheckPath": "Път",
    "healthHostname": "IP / Хост",
    "healthPort": "Порт",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Изискват одобрение на устройства",
    "requireDeviceApprovalDescription": "Потребители с тази роля трябва да имат нови устройства одобрени от администратор преди да могат да се свържат и да имат достъп до ресурси.",
    "sshSettings": "Настройки за SSH",
+    "sshAccess": "SSH Достъп",
    "rdpSettings": "Настройки за RDP",
    "vncSettings": "Настройки за VNC",
    "sshServer": "SSH сървър",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Уверете се, че вашата целева хост машина е правилно конфигурирана за изпълнение на демона за идентификация преди завършване на тази настройка, в противен случай осигуряването ще се провали.",
    "sshDaemonPort": "Порт на демона",
    "sshServerDestination": "Дестинация на сървъра",
-    "sshServerDestinationDescription": "Конфигуриране на дестинацията и порта на SSH сървъра",
+    "sshServerDestinationDescription": "Конфигурирайте дестинацията на SSH сървъра",
    "destination": "Дестинация",
+    "destinationRequired": "Дестинацията е необходима.",
+    "domainRequired": "Домейнът е необходим.",
+    "proxyPortRequired": "Портът е необходим.",
+    "invalidPathConfiguration": "Невалидна конфигурация на пътя.",
+    "invalidRewritePathConfiguration": "Невалидна конфигурация на пренаписване на пътя.",
    "bgTargetMultiSiteDisclaimer": "Избиране на множество сайтове позволява устойчиво маршрутизиране и сокетно превключване за висока наличност.",
    "roleAllowSsh": "Разреши SSH",
    "roleAllowSshAllow": "Разреши",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.",
    "sshSudo": "Разреши sudo",
    "sshSudoCommands": "Sudo команди",
-    "sshSudoCommandsDescription": "Списък с командите, разрешени да се изпълняват от потребителя с sudo. Трябва да се използват абсолютни пътища.",
+    "sshSudoCommandsDescription": "Списък с команди, които потребителят има право да изпълнява със sudo, разделени със запетаи, интервали или нови редове. Необходимо е да се използват абсолютни пътища.",
    "sshCreateHomeDir": "Създай начална директория",
    "sshUnixGroups": "Unix групи",
-    "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.",
+    "sshUnixGroupsDescription": "Unix групи, за добавяне на потребителя на целевия хост, разделени със запетаи, интервали или нови редове.",
+    "roleTextFieldPlaceholder": "Въведете стойности или пуснете .txt или .csv файл",
+    "roleTextImportTitle": "Импортиране от файл",
+    "roleTextImportDescription": "Импортиране на {fileName} в {fieldLabel}.",
+    "roleTextImportSkipHeader": "Пропускане на първи ред (заглавие)",
+    "roleTextImportOverride": "Заместване на съществуващите",
+    "roleTextImportAppend": "Добавяне към съществуващите",
+    "roleTextImportMode": "Режим на импортиране",
+    "roleTextImportPreview": "Преглед",
+    "roleTextImportItemCount": "{count, plural, =0 {Няма артикули за импортиране} one {1 артикул за импортиране} other {# артикули за импортиране}}",
+    "roleTextImportTotalCount": "{existing} съществуващи + {imported} импортирани = {total} общо",
+    "roleTextImportConfirm": "Импортиране",
+    "roleTextImportInvalidFile": "Неподдържан тип файл",
+    "roleTextImportInvalidFileDescription": "Само .txt и .csv файлове са поддържани.",
+    "roleTextImportEmpty": "Няма намерени елементи във файла",
+    "roleTextImportEmptyDescription": "Файлът не съдържа подлежащи на импортиране елементи.",
    "retryAttempts": "Опити за повторно",
    "expectedResponseCodes": "Очаквани кодове за отговор",
    "expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Активирайте прокси протокола",
    "proxyProtocolInfo": "Запазете IP адресите на клиентите за TCP бекендове",
    "proxyProtocolVersion": "Версия на прокси протокола",
-    "version1": "Версия 1 (Препоръчително)",
+    "version1": "Версия 1 (Препоръчана)",
    "version2": "Версия 2",
-    "versionDescription": "Версия 1 е текстово-базирана и широко поддържана. Версия 2 е бърна и по-ефективна, но по-малко съвместима.",
+    "version1Description": "Текстово-базирана и широко поддържана. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
+    "version2Description": "Двоична и по-ефективна, но по-малко съвместима. Уверете се, че транспортът на сървърите е добавен към динамичната конфигурация.",
    "warning": "Предупреждение",
    "proxyProtocolWarning": "Вашето бекенд приложение трябва да бъде конфигурирано да приема прокси протоколни връзки. Ако вашият бекенд не поддържа прокси протокол, активирането му ще прекъсне всички връзки. Уверете се, че сте конфигурирали вашия бекенд да се доверява на заглавията на прокси протокола от Traefik.",
    "restarting": "Рестартиране...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Въведете потвърждение.",
    "blueprintViewDetails": "Подробности.",
    "defaultIdentityProvider": "По подразбиране доставчик на идентичност.",
-    "defaultIdentityProviderDescription": "Когато е избран основен доставчик на идентичност, потребителят ще бъде автоматично пренасочен към доставчика за удостоверяване.",
+    "defaultIdentityProviderDescription": "Потребителят автоматично ще бъде пренасочен към този удостоверител за удостоверяване.",
    "editInternalResourceDialogNetworkSettings": "Мрежови настройки.",
    "editInternalResourceDialogAccessPolicy": "Политика за достъп.",
    "editInternalResourceDialogAddRoles": "Добавяне на роли.",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Тип режим на поддръжка.",
    "showMaintenancePage": "Показване на страницата за поддръжка на посетители.",
    "enableMaintenanceMode": "Активиране на режим на поддръжка.",
+    "enableMaintenanceModeDescription": "При включване, посетителите ще виждат страница за поддръжка вместо вашия ресурс.",
    "automatic": "Автоматично.",
    "automaticModeDescription": "Показване на страницата за поддръжка само когато всички целеви подсистеми са неработоспособни или в лошо състояние. Вашият ресурс продължава да работи нормално, докато поне един целеви подсистемен елемент е в здравия диапазон.",
    "forced": "Наложително.",
@@ -3082,6 +3182,8 @@
    "warning:": "Предупреждение:",
    "forcedeModeWarning": "Целият трафик ще бъде пренасочен към страницата за поддръжка. Вашите подсистемни ресурси няма да получат никакви заявки.",
    "pageTitle": "Заглавие на страницата.",
+    "maintenancePageContentSubsection": "Съдържание на страницата",
+    "maintenancePageContentSubsectionDescription": "Персонализирайте съдържанието, показвано на страницата за поддръжка",
    "pageTitleDescription": "Основното заглавие, показвано на страницата за поддръжка.",
    "maintenancePageMessage": "Съобщение за поддръжка.",
    "maintenancePageMessagePlaceholder": "Ще се върнем скоро! Нашият сайт понастоящем е в процес на планирана поддръжка.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Сигурни ли сте, че искате да отвържете този доставчик на самоличност от тази организация?",
    "idpUnassociateDescription": "Всички потребители, свързани с този доставчик на самоличност, ще бъдат премахнати от тази организация, но доставчика на самоличност ще продължи да съществува за други свързани организации.",
    "idpUnassociateConfirm": "Потвърдете отвързване на доставчика на самоличност",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "ИЗТРИВАНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
+    "idpUnassociateAndRemoveMeFromOrg": "ОДЕЛЯНЕ И ПРЕМАХВАНЕ МЕ ОТ ОРГ",
    "idpUnassociateWarning": "Това не може да бъде отменено за тази организация.",
    "idpUnassociatedDescription": "Доставчика на самоличност е успешно отвързан от тази организация",
    "idpUnassociateMenu": "Отвързване",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Свързване…",
    "sshInitializing": "Инициализиране…",
    "sshSignInTitle": "Вход в SSH",
-    "sshSignInDescription": "Въведете данните за SSH",
+    "sshSignInDescription": "Въведете вашите SSH данни за свързване",
    "sshPasswordTab": "Парола",
    "sshPrivateKeyTab": "Частен ключ",
    "sshPrivateKeyField": "Частен ключ",
    "sshPrivateKeyDisclaimer": "Частният ви ключ не се съхранява или видима за Панголиин. Като алтернатива, можете да използвате краткотрайни сертификати за безпроблемна автентикация с вашата съществуваща идентичност в Панголиин.",
    "sshLearnMore": "Научете повече",
    "sshPrivateKeyFile": "Файл с частен ключ",
-    "sshAuthenticate": "Идентичност",
+    "sshAuthenticate": "Свързване",
    "sshTerminate": "Прекратяване",
    "sshPoweredBy": "Подпомогнато от",
    "sshErrorNoTarget": "Няма посочена цел",
    "sshErrorWebSocket": "Неуспешно създаване на WebSocket връзка",
    "sshErrorAuthFailed": "Неуспешна идентификация",
-    "sshErrorConnectionClosed": "Връзката е затворена преди завършване на идентификацията"
+    "sshErrorConnectionClosed": "Връзката е затворена преди завършване на идентификацията",
+    "sitePangolinSshDescription": "Позволете SSH достъп до ресурси на този сайт. Това може да бъде променено по-късно.",
+    "browserGatewayNoResourceForDomain": "Не е намерен ресурс за този домейн",
+    "browserGatewayNoTarget": "Няма цел",
+    "browserGatewayConnect": "Свързване",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Неуспешно подписване на SSH ключ за PAM push удостоверяване. Вписахте ли се като потребител?",
+    "sshTerminalError": "Грешка: {error}",
+    "sshConnectionClosedCode": "Връзката е затворена (код {code})",
+    "sshPrivateKeyPlaceholder": "-----НАЧАЛО НА OPENSSH ЧАСТЕН КЛЮЧ-----",
+    "sshPrivateKeyRequired": "Изисква се частен ключ",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Въведете вашата VNC парола за свързване",
+    "vncPasswordOptional": "Парола (по избор)",
+    "vncNoResourceTarget": "Не е налична цел за ресурса",
+    "vncFailedToLoadNovnc": "Неуспешно зареждане на noVNC",
+    "vncAuthFailedStatus": "Статус {status}",
+    "vncPasteClipboard": "Поставяне на клепач",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Вписване в Отдалечен Работен Плот",
+    "rdpSignInDescription": "Въведете данните за вашата Windows, за да се свържете",
+    "rdpLoadingModule": "Зареждане на модул...",
+    "rdpFailedToLoadModule": "Неуспешно зареждане на RDP модул",
+    "rdpNotReady": "Не е готов",
+    "rdpModuleInitializing": "RDP модулът все още се инициализира",
+    "rdpDownloadingFiles": "Изтегляне на {count} файл/файлове от отдалечено...",
+    "rdpDownloadFailed": "Изтеглянето е неуспешно: {fileName}",
+    "rdpUploaded": "Качено: {fileName}",
+    "rdpNoConnectionTarget": "Няма налична цел за свързване",
+    "rdpConnectionFailed": "Връзката неуспешна",
+    "rdpFit": "Напасване",
+    "rdpFull": "Пълен",
+    "rdpReal": "Реален",
+    "rdpMeta": "Мета",
+    "rdpUploadFiles": "Качване на файловете",
+    "rdpFilesReadyToPaste": "Файлове готови за поставяне",
+    "rdpFilesReadyToPasteDescription": "{count} файл(ове) копирани в отдалечения клипборд — натиснете Ctrl+V на отдалечения работен плот за поставяне.",
+    "rdpUploadFailed": "Качването неуспешно",
+    "rdpUnicodeKeyboardMode": "Режим на unicode клавиатура",
+    "sessionToolbarShow": "Показване на лентата с инструменти",
+    "sessionToolbarHide": "Скриване на лентата с инструменти"
 }
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Zobrazit soukromé zdroje",
    "siteInstallNewt": "Nainstalovat Newt",
    "siteInstallNewtDescription": "Spustit Newt na vašem systému",
+    "siteInstallKubernetesDocsDescription": "Pro více aktuálních informací o instalaci Kubernetes navštivte <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Pro pokyny k instalaci modemu Advantech navštivte <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Konfigurace WireGuard",
    "WgConfigurationDescription": "K připojení k síti použijte následující konfiguraci",
    "operatingSystem": "Operační systém",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Toto nastavení uvidíte pouze jednou. Ujistěte se, že jej zkopírujete na bezpečné místo.",
    "siteInfo": "Údaje o lokalitě",
    "status": "Stav",
-    "shareTitle": "Spravovat sdílení odkazů",
+    "shareTitle": "Spravovat sdílné odkazy",
    "shareDescription": "Vytvořit sdílitelné odkazy pro udělení dočasného nebo trvalého přístupu ke zdrojům proxy",
-    "shareSearch": "Hledat sdílené odkazy...",
-    "shareCreate": "Vytvořit odkaz",
+    "shareSearch": "Hledat sdílné odkazy...",
+    "shareCreate": "Vytvořit sdílný odkaz",
    "shareErrorDelete": "Nepodařilo se odstranit odkaz",
    "shareErrorDeleteMessage": "Došlo k chybě při odstraňování odkazu",
    "shareDeleted": "Odkaz odstraněn",
    "shareDeletedDescription": "Odkaz byl odstraněn",
-    "shareDelete": "Smazat odkaz ke sdílení",
-    "shareDeleteConfirm": "Potvrdit smazání odkazu ke sdílení",
+    "shareDelete": "Odstranit sdílný odkaz",
+    "shareDeleteConfirm": "Potvrdit odstranění sdílného odkazu",
    "shareQuestionRemove": "Jste si jisti, že chcete smazat tento odkaz ke sdílení?",
    "shareMessageRemove": "Jakmile bude smazán, odkaz přestane fungovat a všichni, kdo jej používají, ztratí přístup k prostředku.",
    "shareTokenDescription": "Přístupový token může být předán dvěma způsoby: jako parametr dotazu nebo v záhlaví požadavku. Tyto údaje musí být předány klientovi na každé žádosti o ověřený přístup.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Kdokoliv s tímto odkazem může přistupovat ke zdroji",
    "shareTitleOptional": "Název (volitelné)",
    "sharePathOptional": "Cesta (volitelně)",
+    "sharePathDescription": "Odkaz přesměruje uživatele na tuto cestu po autentikaci.",
    "expireIn": "Platnost vyprší za",
    "neverExpire": "Nikdy nevyprší",
    "shareExpireDescription": "Doba platnosti určuje, jak dlouho bude odkaz použitelný a bude poskytovat přístup ke zdroji. Po této době odkaz již nebude fungovat a uživatelé kteří tento odkaz používali ztratí přístup ke zdroji.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Zvolte prosím zdroj",
    "proxyResourceTitle": "Spravovat veřejné zdroje",
    "proxyResourceDescription": "Vytváření a správa zdrojů, které jsou veřejně přístupné prostřednictvím webového prohlížeče",
-    "publicResourcesBannerTitle": "Veřejný přístup založený na webu",
-    "publicResourcesBannerDescription": "Veřejné prostředky jsou HTTPS nebo TCP/UDP proxy, které jsou přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
+    "publicResourcesBannerTitle": "Webové Veřejné Přístupy",
+    "publicResourcesBannerDescription": "Veřejné prostředky jsou HTTPS proxy přístupné každému na internetu prostřednictvím webového prohlížeče. Na rozdíl od soukromých prostředků nevyžadují software na straně klienta a mohou zahrnovat politiky přístupu orientované na identitu a kontext.",
    "clientResourceTitle": "Spravovat soukromé zdroje",
    "clientResourceDescription": "Vytváření a správa zdrojů, které jsou přístupné pouze prostřednictvím připojeného klienta",
    "privateResourcesBannerTitle": "Zero-Trust soukromý přístup",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Prohledat zdroje...",
    "resourceAdd": "Přidat zdroj",
    "resourceErrorDelte": "Chyba při odstraňování zdroje",
-    "resourcePoliciesTitle": "Spravovat zásady zdrojů",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Připojené zdroje",
+    "resourcePoliciesBannerTitle": "Opětovné použití pravidel pro autentifikaci a přístup",
+    "resourcePoliciesBannerDescription": "Sdílené politiky zdrojů vám umožňují definovat metody autentifikace a přístupová pravidla jednou, poté je připojit k více veřejným zdrojům. Při aktualizaci politiky každý propojený zdroj automaticky dědí změnu.",
+    "resourcePoliciesBannerButtonText": "Zjistit více",
+    "resourcePoliciesTitle": "Správa Veřejných Zásad Zdrojů",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Zdroje",
    "resourcePoliciesAttachedResources": "{count} zdroj(e/ů)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zdroj} few {# zdroje} many {# zdrojů} other {# zdrojů}}",
    "resourcePoliciesAttachedResourcesEmpty": "žádné zdroje",
-    "resourcePoliciesDescription": "Vytvářejte a spravujte zásady ověřování k řízení přístupu ke svým zdrojům",
+    "resourcePoliciesDescription": "Vytvořte a spravujte zásady autentifikace pro řízení přístupu k vašim veřejným zdrojům",
    "resourcePoliciesSearch": "Hledat zásady...",
    "resourcePoliciesAdd": "Přidat zásadu",
    "resourcePoliciesDefaultBadgeText": "Výchozí zásada",
-    "resourcePoliciesCreate": "Vytvořit zásadu zdroje",
+    "resourcePoliciesCreate": "Vytvořit Veřejnou Zásadu Zdroje",
    "resourcePoliciesCreateDescription": "Postupujte podle následujících kroků k vytvoření nové zásady",
    "resourcePolicyName": "Název zásady",
    "resourcePolicyNameDescription": "Pojmenujte tuto zásadu, aby byla rozpoznatelná napříč vašimi zdroji",
@@ -274,7 +281,7 @@
    "back": "Zpět",
    "cancel": "Zrušit",
    "resourceConfig": "Konfigurační snippety",
-    "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační textové bloky pro nastavení TCP/UDP zdroje",
+    "resourceConfigDescription": "Zkopírujte a vložte tyto konfigurační úryvky pro nastavení TCP/UDP zdroje.",
    "resourceAddEntrypoints": "Traefik: Přidat vstupní body",
    "resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
    "resourceLearnRaw": "Naučte se konfigurovat zdroje TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Smazat štítek",
    "labelAdd": "Přidat štítek",
    "labelCreateSuccessMessage": "Štítek byl úspěšně vytvořen",
+    "labelDuplicateError": "Duplikátní štítek",
+    "labelDuplicateErrorDescription": "Štítek s tímto názvem již existuje.",
    "labelEditSuccessMessage": "Štítek byl úspěšně změněn",
    "labelNameField": "Název štítku",
    "labelColorField": "Barva štítku",
@@ -311,7 +320,7 @@
    "rules": "Pravidla",
    "resourceSettingDescription": "Konfigurace nastavení na zdroji",
    "resourceSetting": "Nastavení {resourceName}",
-    "resourcePolicySettingDescription": "Nakonfigurujte nastavení na zásadě zdroje",
+    "resourcePolicySettingDescription": "Konfigurujte nastavení této veřejné zásady zdrojů",
    "resourcePolicySetting": "Nastavení {policyName}",
    "alwaysAllow": "Obejít Auth",
    "alwaysDeny": "Blokovat přístup",
@@ -719,7 +728,7 @@
    "targetSubmit": "Add Target",
    "targetNoOne": "Tento zdroj nemá žádné cíle. Přidejte cíl pro konfiguraci kam poslat žádosti na backend.",
    "targetNoOneDescription": "Přidáním více než jednoho cíle se umožní vyvážení zatížení.",
-    "targetsSubmit": "Uložit cíle",
+    "targetsSubmit": "Uložit Nastavení",
    "addTarget": "Add Target",
    "proxyMultiSiteRoundRobinNodeHelp": "Round robin routing nebude fungovat mezi lokalitami, které nejsou připojeny ke stejnému uzlu, ale failover bude fungovat.",
    "targetErrorInvalidIp": "Neplatná IP adresa",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Duplikovat pravidlo",
    "rulesErrorDuplicateDescription": "Pravidlo s těmito nastaveními již existuje",
    "rulesErrorInvalidIpAddressRange": "Neplatný CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Zadejte prosím platnou hodnotu CIDR",
-    "rulesErrorInvalidUrl": "Neplatná URL cesta",
-    "rulesErrorInvalidUrlDescription": "Zadejte platnou hodnotu URL cesty",
+    "rulesErrorInvalidIpAddressRangeDescription": "Zadejte platný rozsah CIDR (např. 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Neplatná cesta",
+    "rulesErrorInvalidUrlDescription": "Zadejte platnou URL cestu nebo vzor (např. /api/*).",
    "rulesErrorInvalidIpAddress": "Neplatná IP adresa",
-    "rulesErrorInvalidIpAddressDescription": "Zadejte prosím platnou IP adresu",
+    "rulesErrorInvalidIpAddressDescription": "Zadejte platnou IPv4 nebo IPv6 adresu.",
    "rulesErrorUpdate": "Aktualizace pravidel se nezdařila",
    "rulesErrorUpdateDescription": "Při aktualizaci pravidel došlo k chybě",
    "rulesUpdated": "Povolit pravidla",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "Zadejte adresu ve formátu CIDR (např. 103.21.244.0/22)",
    "rulesMatchIpAddress": "Zadejte IP adresu (např. 103.21.244.12)",
    "rulesMatchUrl": "Zadejte URL cestu nebo vzor (např. /api/v1/todos nebo /api/v1/*)",
-    "rulesErrorInvalidPriority": "Neplatná Priorita",
-    "rulesErrorInvalidPriorityDescription": "Zadejte prosím platnou prioritu",
-    "rulesErrorDuplicatePriority": "Duplikovat priority",
-    "rulesErrorDuplicatePriorityDescription": "Zadejte prosím unikátní priority",
+    "rulesErrorInvalidPriority": "Neplatná priorita",
+    "rulesErrorInvalidPriorityDescription": "Zadejte celé číslo 1 nebo vyšší.",
+    "rulesErrorDuplicatePriority": "Duplicitní priority",
+    "rulesErrorDuplicatePriorityDescription": "Každé pravidlo musí mít unikátní číslo priority.",
+    "rulesErrorValidation": "Neplatná pravidla",
+    "rulesErrorValidationRuleDescription": "Pravidlo {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Vyberte platný typ shody (cesta, IP, CIDR, země, oblast nebo ASN).",
+    "rulesErrorValueRequired": "Zadejte hodnotu pro toto pravidlo.",
+    "rulesErrorInvalidCountry": "Neplatná země",
+    "rulesErrorInvalidCountryDescription": "Vyberte platnou zemi.",
+    "rulesErrorInvalidAsn": "Neplatný ASN",
+    "rulesErrorInvalidAsnDescription": "Zadejte platný ASN (např. AS15169).",
    "ruleUpdated": "Pravidla byla aktualizována",
    "ruleUpdatedDescription": "Pravidla byla úspěšně aktualizována",
    "ruleErrorUpdate": "Operace selhala",
    "ruleErrorUpdateDescription": "Při ukládání došlo k chybě",
    "rulesPriority": "Priorita",
+    "rulesReorderDragHandle": "Přetažením změňte prioritu pravidel",
    "rulesAction": "Akce",
    "rulesMatchType": "Typ shody",
    "value": "Hodnota",
@@ -792,7 +810,7 @@
    "rulesResource": "Konfigurace pravidel zdroje",
    "rulesResourceDescription": "Nastavit pravidla pro kontrolu přístupu ke zdroji",
    "ruleSubmit": "Přidat pravidlo",
-    "rulesNoOne": "Žádná pravidla. Přidejte pravidlo pomocí formuláře.",
+    "rulesNoOne": "Žádná pravidla zatím nejsou.",
    "rulesOrder": "Pravidla jsou hodnocena podle priority vzestupně.",
    "rulesSubmit": "Uložit pravidla",
    "policyErrorCreate": "Chyba při vytváření zásady",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Došlo k neočekávané chybě",
    "policyCreatedSuccess": "Zásada zdroje byla úspěšně vytvořena",
    "policyUpdatedSuccess": "Zásada zdroje byla úspěšně aktualizována",
-    "authMethodsSave": "Uložit metody ověřování",
+    "authMethodsSave": "Uložit nastavení",
+    "policyAuthStackTitle": "Autentifikace",
+    "policyAuthStackDescription": "Určete, které metody autentifikace jsou požadovány pro přístup k tomuto zdroji",
+    "policyAuthOrLogicTitle": "Více metod autentifikace je aktivních",
+    "policyAuthOrLogicBanner": "Návštěvníci mohou použít jakoukoli aktivní metodu uvedenou níže. Nemusí splnit všechny z nich.",
+    "policyAuthMethodActive": "Aktivní",
+    "policyAuthMethodOff": "Vypnuto",
+    "policyAuthSsoTitle": "Platformové SSO",
+    "policyAuthSsoDescription": "Požadujte přihlášení prostřednictvím identifikačního poskytovatele vaší organizace",
+    "policyAuthSsoSummary": "{idp} · {users} uživatelé, {roles} role",
+    "policyAuthSsoDefaultIdp": "Výchozí poskytovatel",
+    "policyAuthAddDefaultIdentityProvider": "Přidat výchozího identifikačního poskytovatele",
+    "policyAuthOtherMethodsTitle": "Ostatní metody",
+    "policyAuthOtherMethodsDescription": "Volitelné metody, které návštěvníci mohou použít místo nebo vedle platformového SSO",
+    "policyAuthPasscodeTitle": "Heslo",
+    "policyAuthPasscodeDescription": "Vyžadovat sdílené alfanumerické heslo pro přístup ke zdroji",
+    "policyAuthPasscodeSummary": "Sada hesel",
+    "policyAuthPincodeTitle": "PIN Kód",
+    "policyAuthPincodeDescription": "Krátký číselný kód vyžadován pro přístup ke zdroji",
+    "policyAuthPincodeSummary": "Nastaven 6místný PIN",
+    "policyAuthEmailTitle": "Email Whitelist",
+    "policyAuthEmailDescription": "Povolit vybraným emailovým adresám s jednorázovými hesly",
+    "policyAuthEmailSummary": "Povoleno {count} adres(y)",
+    "policyAuthEmailOtpCallout": "Povolení seznamu povolených e-mailů odešle jednorázové heslo na e-mail návštěvníka při přihlášení.",
+    "policyAuthHeaderAuthTitle": "Základní Ověření Záhlaví",
+    "policyAuthHeaderAuthDescription": "Ověřit vlastní HTTP hlavičku názvu a hodnoty při každém požadavku",
+    "policyAuthHeaderAuthSummary": "Nastaveno hlavička",
+    "policyAuthHeaderName": "Název hlavičky",
+    "policyAuthHeaderValue": "Očekávaná hodnota",
+    "policyAuthSetPasscode": "Nastavit přístupový kód",
+    "policyAuthSetPincode": "Nastavit PIN kód",
+    "policyAuthSetEmailWhitelist": "Nastavit e-mailový whitelist",
+    "policyAuthSetHeaderAuth": "Nastavit základní autentizaci hlavičkou",
+    "policyAccessRulesTitle": "Pravidla Přístupu",
+    "policyAccessRulesEnableDescription": "Když je povoleno, pravidla jsou hodnocena sestupně, dokud jedno není vyhodnoceno jako pravda.",
+    "policyAccessRulesFirstMatch": "Pravidla jsou vyhodnocována shora dolů. První odpovídající pravidlo určuje výsledek.",
+    "policyAccessRulesHowItWorks": "Pravidla odpovídají požadavkům podle cesty, IP adresy, lokace nebo jiného kritéria. Každé pravidlo aplikuje akci: obejít autentizaci, zablokovat přístup nebo předat k autentizaci. Pokud žádné neodpovídá, provoz pokračuje k autentizaci.",
+    "policyAccessRulesFallthroughOff": "Když jsou pravidla zakázána, veškerý provoz přechází k autentizaci.",
+    "policyAccessRulesFallthroughOn": "Když žádné pravidlo neodpovídá, provoz přechází k autentizaci.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Uložit pravidla",
    "resourceErrorCreate": "Chyba při vytváření zdroje",
    "resourceErrorCreateDescription": "Při vytváření zdroje došlo k chybě",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Došlo k chybě při aktualizaci zdroje",
    "access": "Přístup",
    "accessControl": "Kontrola přístupu",
-    "shareLink": "{resource} Sdílet odkaz",
+    "shareLink": "{resource} Sdílný odkaz",
    "resourceSelect": "Vyberte zdroj",
-    "shareLinks": "Sdílet odkazy",
+    "shareLinks": "Sdíletelné odkazy",
    "share": "Sdílené odkazy",
    "shareDescription2": "Vytvořte sdílitelné odkazy na zdroje. Odkazy poskytují dočasný nebo neomezený přístup k vašemu zdroji. Můžete nakonfigurovat dobu vypršení platnosti odkazu při jeho vytvoření.",
    "shareEasyCreate": "Snadné vytváření a sdílení",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Administrátoři mají vždy přístup k tomuto zdroji.",
    "resourcePolicySelectTitle": "Zásada přístupu ke zdrojům",
    "resourcePolicySelectDescription": "Vyberte typ zásady zdroje ověřování",
+    "resourcePolicyTypeLabel": "Typ zásady zdroje",
+    "resourcePolicyLabel": "Zásada zdroje",
    "resourcePolicyInline": "Inline Zásada Zdroje",
    "resourcePolicyInlineDescription": "Zásada přístupu se zaměřením pouze na tento zdroj",
    "resourcePolicyShared": "Sdílená Zásada Zdroje",
-    "resourcePolicySharedDescription": "Tento zdroj používá sdílenou zásadu. Nastavení na úrovni zásady (metody ověřování, seznam povolených emailů) jsou uzamčena. Níže můžete přidat pravidla, role a uživatele specifické pro zdroj.",
+    "resourcePolicySharedDescription": "Tento zdroj používá sdílenou zásadu.",
+    "sharedPolicy": "Sdílená Zásada",
+    "sharedPolicyNoneDescription": "Tento zdroj má vlastní zásadu.",
+    "resourceSharedPolicyOwnDescription": "Tento zdroj má vlastní ovládání autentifikace a přístupových pravidel.",
+    "resourceSharedPolicyInheritedDescription": "Tento zdroj dědí ze <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Tento zdroj používá sdílenou politiku. Některá nastavení autentizace lze upravit na tomto zdroji k doplnění politiky. Pro úpravu základní politiky musíte upravit <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Tento zdroj používá sdílenou politiku. Některá přístupová pravidla lze upravit na tomto zdroji. Chcete-li změnit základní politiku, musíte upravit <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Kontrola přístupu",
    "resourceUsersRolesDescription": "Nastavení, kteří uživatelé a role mohou navštívit tento zdroj",
    "resourceUsersRolesSubmit": "Uložit přístupové řízení",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Viditelnost",
    "resourceVisibilityTitleDescription": "Zcela povolit nebo zakázat viditelnost zdrojů",
    "resourceGeneral": "Obecná nastavení",
-    "resourceGeneralDescription": "Konfigurace obecných nastavení tohoto zdroje",
+    "resourceGeneralDescription": "Nakonfigurujte název, adresu a přístupovou politiku pro tento zdroj.",
+    "resourceGeneralDetailsSubsection": "Detaily zdroje",
+    "resourceGeneralDetailsSubsectionDescription": "Nastavte zobrazovaný název, identifikátor a veřejně dostupnou doménu pro tento zdroj.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Nastavte zobrazovaný název, identifikátor a veřejný port pro tento zdroj.",
+    "resourceGeneralPublicAddressSubsection": "Veřejná Adresa",
+    "resourceGeneralPublicAddressSubsectionDescription": "Nakonfigurujte, jak uživatelé dosáhnou tento zdroj.",
+    "resourceGeneralAuthenticationAccessSubsection": "Autentizace & Přístup",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Vyberte, zda tento zdroj používá vlastní politiku, nebo dědí od sdílené politiky.",
    "resourceEnable": "Povolit dokument",
    "resourceTransfer": "Přenos zdroje",
    "resourceTransferDescription": "Přenést tento zdroj na jiný web",
@@ -1220,11 +1294,14 @@
    "addLabels": "Přidat štítky",
    "siteLabelsTab": "Štítky",
    "siteLabelsDescription": "Spravujte štítky přiřazené k této lokalitě.",
-    "labelsNotFound": "Štítky nenalezeny",
+    "labelsNotFound": "Nebyly nalezeny žádné štítky.",
+    "labelsEmptyCreateHint": "Začněte psát výše k vytvoření štítku.",
    "labelSearch": "Hledat štítky",
+    "labelSearchOrCreate": "Hledání nebo vytvoření štítku",
    "accessLabelFilterCount": "{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
    "labelOverflowCount": "+{count, plural, one {# štítek} few {# štítky} other {# štítků}}",
    "accessLabelFilterClear": "Vymazat filtry štítků",
+    "accessFilterClear": "Vymazat filtry",
    "selectColor": "Vybrat barvu",
    "createNewLabel": "Vytvořit nový štítek organizace \"{label}\"",
    "inviteInvalidDescription": "Odkaz pro pozvání je neplatný.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Zdroje",
    "sidebarProxyResources": "Veřejnost",
    "sidebarClientResources": "Soukromé",
-    "sidebarPolicies": "Zásady",
-    "sidebarResourcePolicies": "Zdroje",
+    "sidebarPolicies": "Sdílené Odkazy",
+    "sidebarResourcePolicies": "Veřejné Zdroje",
    "sidebarAccessControl": "Kontrola přístupu",
    "sidebarLogsAndAnalytics": "Logy & Analytika",
    "sidebarTeam": "Tým",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Pozvánky",
    "sidebarRoles": "Role",
-    "sidebarShareableLinks": "Odkazy",
+    "sidebarShareableLinks": "Sdílené Odkazy",
    "sidebarApiKeys": "API klíče",
    "sidebarProvisioning": "Zajištění",
    "sidebarSettings": "Nastavení",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Zdroj {id}",
    "blueprints": "Plány",
    "blueprintsLog": "Protokol plánů",
-    "blueprintsDescription": "Prohlédněte si aplikace předchozích plánů a jejich výsledky",
+    "blueprintsDescription": "Zobrazit předchozí aplikace modrotisku a jejich výsledky nebo aplikovat nový modrotisk",
    "blueprintAdd": "Přidat plán",
    "blueprintGoBack": "Zobrazit všechny plány",
    "blueprintCreate": "Vytvořit plán",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Povolit Docker plán",
    "enableDockerSocketDescription": "Povolte seškrábání štítků pro Docker Socket pro štítky plánů. Před připojením na lokalitní konektor musí být uvedena cesta k soketu. Přečtěte si, jak to funguje <docsLink>v dokumentaci</docsLink>.",
    "newtAutoUpdate": "Povolit automatickou aktualizaci stránek",
-    "newtAutoUpdateDescription": "Když je zapnuto, konektory lokality se automaticky aktualizují na nejnovější verzi, když je k dispozici nové vydání.",
+    "newtAutoUpdateDescription": "Když je povoleno, konektory stránek automaticky stáhnou nejnovější verzi a restartují se. To lze přepsat na základě jednotlivých míst.",
    "siteAutoUpdate": "Automatická aktualizace stránek",
    "siteAutoUpdateLabel": "Povolte automatickou aktualizaci",
-    "siteAutoUpdateDescription": "Ovládněte, zda bude konektor tohoto webu automaticky stahovat nejnovější verzi.",
+    "siteAutoUpdateDescription": "Když je povoleno, konektor této stránky automaticky stáhne nejnovější verzi a restartuje se sám.",
    "siteAutoUpdateOrgDefault": "Výchozí organizace: {state}",
    "siteAutoUpdateOverriding": "Přepsání nastavení organizace",
    "siteAutoUpdateResetToOrg": "Obnovit na výchozí organizaci",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Nastavení účtu dokončeno! Vítejte v Pangolinu!",
    "documentation": "Dokumentace",
    "saveAllSettings": "Uložit všechna nastavení",
-    "saveResourceTargets": "Uložit cíle",
-    "saveResourceHttp": "Uložit nastavení proxy",
-    "saveProxyProtocol": "Uložit nastavení proxy protokolu",
+    "saveResourceTargets": "Uložit Nastavení",
+    "saveResourceHttp": "Uložit Nastavení",
+    "saveProxyProtocol": "Uložit Nastavení",
    "settingsUpdated": "Nastavení aktualizováno",
    "settingsUpdatedDescription": "Nastavení úspěšně aktualizována",
    "settingsErrorUpdate": "Aktualizace nastavení se nezdařila",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Neznámý",
    "healthCheck": "Kontrola stavu",
    "configureHealthCheck": "Konfigurace kontroly stavu",
-    "configureHealthCheckDescription": "Nastavit sledování zdravotního stavu pro {target}",
+    "configureHealthCheckDescription": "Nastavte monitorování vašeho zdroje, abyste zajistili, že je vždy dostupný",
    "enableHealthChecks": "Povolit kontrolu stavu",
    "healthCheckDisabledStateDescription": "Pokud je zakázáno, web nebude provádět zdravotní kontroly a stav bude považován za neznámý.",
    "enableHealthChecksDescription": "Sledujte zdraví tohoto cíle. V případě potřeby můžete sledovat jiný cílový bod, než je cíl.",
    "healthScheme": "Způsob",
    "healthSelectScheme": "Vybrat metodu",
-    "healthCheckPortInvalid": "Přístav kontroly stavu musí být mezi 1 a 65535",
+    "healthCheckPortInvalid": "Port musí být mezi 1 a 65535",
    "healthCheckPath": "Cesta",
    "healthHostname": "IP / Hostitel",
    "healthPort": "Přístav",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Vyžadovat schválení zařízení",
    "requireDeviceApprovalDescription": "Uživatelé s touto rolí potřebují nová zařízení schválená správcem, než se mohou připojit a přistupovat ke zdrojům.",
    "sshSettings": "Nastavení SSH",
+    "sshAccess": "SSH Přístup",
    "rdpSettings": "Nastavení RDP",
    "vncSettings": "Nastavení VNC",
    "sshServer": "SSH server",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Ujistěte se, že váš cílový hostitel je správně nakonfigurován k přímu spuštění ověřovacího démona, jinak zřizování selže.",
    "sshDaemonPort": "Port démona",
    "sshServerDestination": "Cíl serveru",
-    "sshServerDestinationDescription": "Nakonfigurujte cíl a port SSH serveru",
+    "sshServerDestinationDescription": "Nakonfigurujte cíl serveru SSH",
    "destination": "Cíl",
+    "destinationRequired": "Destinace je vyžadována.",
+    "domainRequired": "Doména je vyžadována.",
+    "proxyPortRequired": "Port je vyžadován.",
+    "invalidPathConfiguration": "Neplatná konfigurace cesty.",
+    "invalidRewritePathConfiguration": "Neplatná konfigurace přepsat cesty.",
    "bgTargetMultiSiteDisclaimer": "Výběr více lokalit umožňuje odolné směrování a převzetí služeb při selhání pro vysokou dostupnost.",
    "roleAllowSsh": "Povolit SSH",
    "roleAllowSshAllow": "Povolit",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.",
    "sshSudo": "Povolit sudo",
    "sshSudoCommands": "Sudo příkazy",
-    "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které je uživatel povolen spustit s sudo. Musí být použity absolutní cesty.",
+    "sshSudoCommandsDescription": "Seznam příkazů, které je uživateli povoleno spouštět se sudo, oddělený čárkami, mezerami, nebo novými řádky. Je třeba používat absolutní cesty.",
    "sshCreateHomeDir": "Vytvořit domovský adresář",
    "sshUnixGroups": "Unixové skupiny",
-    "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.",
+    "sshUnixGroupsDescription": "Unixové skupiny, do kterých má být uživatel přidán na cílovém hostu, oddělené čárkami, mezerami, nebo novými řádky.",
+    "roleTextFieldPlaceholder": "Zadejte hodnoty nebo přetáhněte soubor .txt nebo .csv",
+    "roleTextImportTitle": "Importovat ze souboru",
+    "roleTextImportDescription": "Importuje se {fileName} do {fieldLabel}.",
+    "roleTextImportSkipHeader": "Přeskočit první řádek (záhlaví)",
+    "roleTextImportOverride": "Nahradit existující",
+    "roleTextImportAppend": "Přidat k existujícímu",
+    "roleTextImportMode": "Režim importu",
+    "roleTextImportPreview": "Náhled",
+    "roleTextImportItemCount": "{count, plural, =0 {Žádné položky k importu} one {1 položka k importu} few {# položky k importu} many {# položek k importu} other {# položek k importu}}",
+    "roleTextImportTotalCount": "{existing} existující + {imported} importované = {total} celkem",
+    "roleTextImportConfirm": "Importovat",
+    "roleTextImportInvalidFile": "Nepodporovaný typ souboru",
+    "roleTextImportInvalidFileDescription": "Podporovány jsou pouze soubory .txt a .csv.",
+    "roleTextImportEmpty": "V souboru nebyly nalezeny žádné položky",
+    "roleTextImportEmptyDescription": "Soubor neobsahuje žádné položky k importu.",
    "retryAttempts": "Opakovat pokusy",
    "expectedResponseCodes": "Očekávané kódy odezvy",
    "expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Povolit Proxy protokol",
    "proxyProtocolInfo": "Zachovat IP adresu klienta pro TCP zálohy",
    "proxyProtocolVersion": "Verze proxy protokolu",
-    "version1": " Verze 1 (doporučeno)",
+    "version1": "Verze 1 (Doporučeno)",
    "version2": "Verze 2",
-    "versionDescription": "Verze 1 je textová a široce podporovaná. Verze 2 je binární a efektivnější, ale méně kompatibilní.",
+    "version1Description": "Textově založený a široce podporovaný. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
+    "version2Description": "Binární a efektivnější, ale méně kompatibilní. Ujistěte se, že je transport serveru přidán do dynamické konfigurace.",
    "warning": "Varování",
    "proxyProtocolWarning": "Aplikace backend musí být nakonfigurována, aby mohla přijímat připojení k Proxy protokolu. Pokud vaše backend nepodporuje Proxy protokol, povolením tohoto protokolu dojde k přerušení všech připojení, takže toto povolíte pouze pokud víte, co děláte. Ujistěte se, že nastavíte svou backend a důvěřujte hlavičkám Proxy protokolu z Traefik.",
    "restarting": "Restartování...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Zadejte potvrzení",
    "blueprintViewDetails": "Detaily",
    "defaultIdentityProvider": "Výchozí poskytovatel identity",
-    "defaultIdentityProviderDescription": "Pokud je vybrán výchozí poskytovatel identity, uživatel bude automaticky přesměrován na poskytovatele pro ověření.",
+    "defaultIdentityProviderDescription": "Uživatel bude automaticky přesměrován na tohoto identifikačního poskytovatele pro autentifikaci.",
    "editInternalResourceDialogNetworkSettings": "Nastavení sítě",
    "editInternalResourceDialogAccessPolicy": "Přístupová politika",
    "editInternalResourceDialogAddRoles": "Přidat role",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Typ režimu údržby",
    "showMaintenancePage": "Zobrazit stránku údržby návštěvníkům",
    "enableMaintenanceMode": "Povolit režim údržby",
+    "enableMaintenanceModeDescription": "Když je povoleno, návštěvníci uvidí údržbu místo vašeho zdroje.",
    "automatic": "Automatické",
    "automaticModeDescription": "Zobrazte stránku údržby pouze, když jsou všechny cílové servery uživatele nebo prostředku nefunkční nebo nezdravé. Vaše prostředky budou nadále fungovat normálně, pokud je alespoň jeden cíl v pořádku.",
    "forced": "Nucené",
@@ -3082,6 +3182,8 @@
    "warning:": "Varování:",
    "forcedeModeWarning": "Veškerý provoz bude směrován na stránku údržby. Vaše prostředky backendu neobdrží žádné žádosti.",
    "pageTitle": "Název stránky",
+    "maintenancePageContentSubsection": "Obsah Stránky",
+    "maintenancePageContentSubsectionDescription": "Přizpůsobte obsah zobrazovaný na stránce údržby",
    "pageTitleDescription": "Hlavní titulek zobrazovaný na stránce údržby",
    "maintenancePageMessage": "Zpráva údržby",
    "maintenancePageMessagePlaceholder": "Vrátíme se brzy! Naše stránka právě prochází plánovanou údrbou.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Opravdu chcete odpojit tohoto poskytovatele identity od této organizace?",
    "idpUnassociateDescription": "Všichni uživatelé spojení s tímto poskytovatelem identity budou odstraněni z této organizace, ale poskytovatel identity zůstane nadále existovat pro ostatní přidružené organizace.",
    "idpUnassociateConfirm": "Potvrdit odpojení poskytovatele identity",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "SMAZAT A ODSTRANIT MĚ Z ORGANIZACE",
+    "idpUnassociateAndRemoveMeFromOrg": "ODPOJIT A ODSTRANIT MĚ Z ORGANIZACE",
    "idpUnassociateWarning": "Toto nelze pro tuto organizaci vrátit.",
    "idpUnassociatedDescription": "Poskytovatel identity byl úspěšně odpojen od této organizace",
    "idpUnassociateMenu": "Odpojit",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Připojení…",
    "sshInitializing": "Inicializace…",
    "sshSignInTitle": "Přihlášení do SSH",
-    "sshSignInDescription": "Zadejte své SSH přihlašovací údaje",
+    "sshSignInDescription": "Zadejte své údaje SSH pro připojení",
    "sshPasswordTab": "Heslo",
    "sshPrivateKeyTab": "Soukromý klíč",
    "sshPrivateKeyField": "Soukromý klíč",
    "sshPrivateKeyDisclaimer": "Váš soukromý klíč není ukládán ani viditelný pro Pangolin. Alternativně můžete použít krátkodobé certifikáty pro bezproblémové ověřování pomocí vaší stávající identity Pangolin.",
    "sshLearnMore": "Přečtěte si více",
    "sshPrivateKeyFile": "Soubor soukromého klíče",
-    "sshAuthenticate": "Ověřit",
+    "sshAuthenticate": "Připojit",
    "sshTerminate": "Ukončit",
    "sshPoweredBy": "Vytváří",
    "sshErrorNoTarget": "Cíl nebyl určen",
    "sshErrorWebSocket": "Chyba připojení WebSocketu",
    "sshErrorAuthFailed": "Ověření selhalo",
-    "sshErrorConnectionClosed": "Připojení bylo uzavřeno před dokončením ověřování"
+    "sshErrorConnectionClosed": "Připojení bylo uzavřeno před dokončením ověřování",
+    "sitePangolinSshDescription": "Povolte SSH přístup k zdrojům na tomto místě. Toto lze změnit později.",
+    "browserGatewayNoResourceForDomain": "Pro tuto doménu nebyl nalezen žádný zdroj",
+    "browserGatewayNoTarget": "Žádný cíl",
+    "browserGatewayConnect": "Připojit",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Nepodařilo se podepsat klíč SSH pro ověřování pomocí PAM push. Přihlásili jste se jako uživatel?",
+    "sshTerminalError": "Chyba: {error}",
+    "sshConnectionClosedCode": "Připojení bylo uzavřeno (kód {code})",
+    "sshPrivateKeyPlaceholder": "-----ZAČÁTEK SOUKROMÉHO KLÍČE OPENSSH-----",
+    "sshPrivateKeyRequired": "Je vyžadován soukromý klíč",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Zadejte své heslo VNC pro připojení",
+    "vncPasswordOptional": "Heslo (nepovinné)",
+    "vncNoResourceTarget": "Není k dispozici žádný cíl zdroje",
+    "vncFailedToLoadNovnc": "Nepodařilo se načíst noVNC",
+    "vncAuthFailedStatus": "Stav {status}",
+    "vncPasteClipboard": "Vložit schránku",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Přihlásit se k Vzdálené ploše",
+    "rdpSignInDescription": "Zadejte přihlašovací údaje pro Windows k připojení",
+    "rdpLoadingModule": "Načítá se modul...",
+    "rdpFailedToLoadModule": "Nepodařilo se načíst modul RDP",
+    "rdpNotReady": "Není připraveno",
+    "rdpModuleInitializing": "Modul RDP se stále inicializuje",
+    "rdpDownloadingFiles": "Stahuje se {count} soubor(y) z dálky...",
+    "rdpDownloadFailed": "Stažení se nezdařilo: {fileName}",
+    "rdpUploaded": "Nahráno: {fileName}",
+    "rdpNoConnectionTarget": "Žádný dostupný cíl připojení",
+    "rdpConnectionFailed": "Připojení se nezdařilo",
+    "rdpFit": "Přizpůsobit",
+    "rdpFull": "Celé",
+    "rdpReal": "Skutečný",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Nahrát soubory",
+    "rdpFilesReadyToPaste": "Soubory připravené ke vložení",
+    "rdpFilesReadyToPasteDescription": "{count} soubor(y) zkopírován(y) do vzdálené schránky — stiskněte Ctrl+V na vzdálené ploše pro vložení.",
+    "rdpUploadFailed": "Nahrání selhalo",
+    "rdpUnicodeKeyboardMode": "Režim Unicode klávesnice",
+    "sessionToolbarShow": "Zobrazit panel nástrojů",
+    "sessionToolbarHide": "Skrýt panel nástrojů"
 }
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Private Ressourcen anzeigen",
    "siteInstallNewt": "Newt installieren",
    "siteInstallNewtDescription": "Installiere Newt auf deinem System.",
+    "siteInstallKubernetesDocsDescription": "Für aktuelle Installationsinformationen zu Kubernetes, siehe <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Für Installationsanweisungen für Advantech-Modems siehe <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Konfiguration",
    "WgConfigurationDescription": "Verwenden Sie folgende Konfiguration, um sich mit dem Netzwerk zu verbinden",
    "operatingSystem": "Betriebssystem",
@@ -157,7 +159,7 @@
    "shareDeleted": "Link gelöscht",
    "shareDeletedDescription": "Der Link wurde gelöscht",
    "shareDelete": "Freigabelink löschen",
-    "shareDeleteConfirm": "Löschen des Freigabelinks bestätigen",
+    "shareDeleteConfirm": "Löschung des Freigabelinks bestätigen",
    "shareQuestionRemove": "Sind Sie sicher, dass Sie diesen Freigabelink löschen möchten?",
    "shareMessageRemove": "Nach dem Löschen funktioniert der Link nicht mehr, und jeder, der ihn nutzt, verliert den Zugriff auf die Ressource.",
    "shareTokenDescription": "Das Zugriffstoken kann auf zwei Arten übergeben werden: als Abfrageparameter oder in den Request-Headern. Diese müssen vom Client auf jeder Anfrage für authentifizierten Zugriff weitergegeben werden.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Jeder mit diesem Link kann auf die Ressource zugreifen",
    "shareTitleOptional": "Titel (optional)",
    "sharePathOptional": "Pfad (optional)",
+    "sharePathDescription": "Der Link leitet Benutzer nach der Authentifizierung zu diesem Pfad weiter.",
    "expireIn": "Läuft ab in",
    "neverExpire": "Läuft nie ab",
    "shareExpireDescription": "Ablaufzeit ist, wie lange der Link verwendet werden kann und bietet Zugriff auf die Ressource. Nach dieser Zeit wird der Link nicht mehr funktionieren und Benutzer, die diesen Link benutzt haben, verlieren den Zugriff auf die Ressource.",
@@ -201,7 +204,7 @@
    "proxyResourceTitle": "Öffentliche Ressourcen verwalten",
    "proxyResourceDescription": "Erstelle und verwalte Ressourcen, die über einen Webbrowser öffentlich zugänglich sind",
    "publicResourcesBannerTitle": "Web-basierter öffentlicher Zugang",
-    "publicResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS oder TCP/UDP-Proxys, die über einen Webbrowser für jeden zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextbezogene Zugriffsrichtlinien beinhalten.",
+    "publicResourcesBannerDescription": "Öffentliche Ressourcen sind HTTPS-Proxys, die über einen Webbrowser für jeden im Internet zugänglich sind. Im Gegensatz zu privaten Ressourcen benötigen sie keine Client-seitige Software und können Identitäts- und kontextuelle Zugriffsrichtlinien enthalten.",
    "clientResourceTitle": "Private Ressourcen verwalten",
    "clientResourceDescription": "Erstelle und verwalte Ressourcen, die nur über einen verbundenen Client zugänglich sind",
    "privateResourcesBannerTitle": "Zero-Trust-Zugriff auf private Ressourcen",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Suche Ressourcen...",
    "resourceAdd": "Ressource hinzufügen",
    "resourceErrorDelte": "Fehler beim Löschen der Ressource",
-    "resourcePoliciesTitle": "Ressourcenrichtlinien verwalten",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Angehängte Ressourcen",
+    "resourcePoliciesBannerTitle": "Authentifizierungs- und Zugriffsregeln wiederverwenden",
+    "resourcePoliciesBannerDescription": "Freigegebene Ressourcenrichtlinien ermöglichen es Ihnen, Authentifizierungsmethoden und Zugriffsregeln einmal zu definieren und sie dann an mehrere öffentliche Ressourcen zu binden. Wenn Sie eine Richtlinie aktualisieren, übernimmt jede verknüpfte Ressource die Änderung automatisch.",
+    "resourcePoliciesBannerButtonText": "Mehr erfahren",
+    "resourcePoliciesTitle": "Öffentliche Ressourcen Richtlinien verwalten",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ressourcen",
    "resourcePoliciesAttachedResources": "{count} Ressource(n)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# Ressource} other {# Ressourcen}}",
    "resourcePoliciesAttachedResourcesEmpty": "keine Ressourcen",
-    "resourcePoliciesDescription": "Erstellen und verwalten Sie Authentifizierungsrichtlinien, um den Zugang zu Ihren Ressourcen zu steuern",
+    "resourcePoliciesDescription": "Erstellen und verwalten Sie Authentifizierungsrichtlinien, um den Zugriff auf Ihre öffentlichen Ressourcen zu steuern",
    "resourcePoliciesSearch": "Richtlinien suchen...",
    "resourcePoliciesAdd": "Richtlinie hinzufügen",
    "resourcePoliciesDefaultBadgeText": "Standardrichtlinie",
-    "resourcePoliciesCreate": "Ressourcenrichtlinie erstellen",
+    "resourcePoliciesCreate": "Öffentliche Ressourcen Richtlinie erstellen",
    "resourcePoliciesCreateDescription": "Befolgen Sie die unten stehenden Schritte, um eine neue Richtlinie zu erstellen",
    "resourcePolicyName": "Richtlinienname",
    "resourcePolicyNameDescription": "Geben Sie dieser Richtlinie einen Namen, um sie für Ihre Ressourcen zu identifizieren",
@@ -274,7 +281,7 @@
    "back": "Zurück",
    "cancel": "Abbrechen",
    "resourceConfig": "Konfiguration Snippets",
-    "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurations-Snippets ein, um die TCP/UDP Ressource einzurichten",
+    "resourceConfigDescription": "Kopieren und fügen Sie diese Konfigurationsschnipsel ein, um die TCP/UDP-Ressource einzurichten.",
    "resourceAddEntrypoints": "Traefik: Einstiegspunkte hinzufügen",
    "resourceExposePorts": "Gerbil: Ports im Docker Compose freigeben",
    "resourceLearnRaw": "Lernen Sie, wie Sie TCP/UDP Ressourcen konfigurieren",
@@ -287,6 +294,8 @@
    "labelDelete": "Etikett löschen",
    "labelAdd": "Etikett hinzufügen",
    "labelCreateSuccessMessage": "Etikett erfolgreich erstellt",
+    "labelDuplicateError": "Doppeltes Label",
+    "labelDuplicateErrorDescription": "Ein Label mit diesem Namen existiert bereits.",
    "labelEditSuccessMessage": "Etikett erfolgreich bearbeitet",
    "labelNameField": "Etikettenname",
    "labelColorField": "Etikettenfarbe",
@@ -311,7 +320,7 @@
    "rules": "Regeln",
    "resourceSettingDescription": "Einstellungen für die Ressource konfigurieren",
    "resourceSetting": "{resourceName} Einstellungen",
-    "resourcePolicySettingDescription": "Konfigurieren Sie die Einstellungen der Ressourcenrichtlinie",
+    "resourcePolicySettingDescription": "Richten Sie die Einstellungen für diese öffentliche Ressourcenrichtlinie ein",
    "resourcePolicySetting": "{policyName} Einstellungen",
    "alwaysAllow": "Authentifizierung umgehen",
    "alwaysDeny": "Zugriff blockieren",
@@ -719,7 +728,7 @@
    "targetSubmit": "Ziel hinzufügen",
    "targetNoOne": "Diese Ressource hat keine Ziele. Fügen Sie ein Ziel hinzu, um zu konfigurieren, wo Anfragen an das Backend gesendet werden sollen.",
    "targetNoOneDescription": "Das Hinzufügen von mehr als einem Ziel aktiviert den Lastausgleich.",
-    "targetsSubmit": "Ziele speichern",
+    "targetsSubmit": "Einstellungen speichern",
    "addTarget": "Ziel hinzufügen",
    "proxyMultiSiteRoundRobinNodeHelp": "Round-Robin-Routing funktioniert nicht zwischen Standorten, die nicht mit demselben Knoten verbunden sind, aber Failover funktioniert.",
    "targetErrorInvalidIp": "Ungültige IP-Adresse",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Doppelte Regel",
    "rulesErrorDuplicateDescription": "Eine Regel mit diesen Einstellungen existiert bereits",
    "rulesErrorInvalidIpAddressRange": "Ungültiger CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Bitte geben Sie einen gültigen CIDR-Wert ein",
-    "rulesErrorInvalidUrl": "Ungültiger URL-Pfad",
-    "rulesErrorInvalidUrlDescription": "Bitte geben Sie einen gültigen URL-Pfad-Wert ein",
-    "rulesErrorInvalidIpAddress": "Ungültige IP",
-    "rulesErrorInvalidIpAddressDescription": "Bitte geben Sie eine gültige IP-Adresse ein",
+    "rulesErrorInvalidIpAddressRangeDescription": "Geben Sie einen gültigen CIDR-Bereich ein (z.B., 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Ungültiger Pfad",
+    "rulesErrorInvalidUrlDescription": "Geben Sie einen gültigen URL-Pfad oder ein gültiges Muster ein (z.B., /api/*).",
+    "rulesErrorInvalidIpAddress": "Ungültige IP-Adresse",
+    "rulesErrorInvalidIpAddressDescription": "Geben Sie eine gültige IPv4 oder IPv6 Adresse ein.",
    "rulesErrorUpdate": "Fehler beim Aktualisieren der Regeln",
    "rulesErrorUpdateDescription": "Beim Aktualisieren der Regeln ist ein Fehler aufgetreten",
    "rulesUpdated": "Regeln aktivieren",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Geben Sie eine IP-Adresse ein (z.B. 103.21.244.12)",
    "rulesMatchUrl": "Geben Sie einen URL-Pfad oder -Muster ein (z.B. /api/v1/todos oder /api/v1/*)",
    "rulesErrorInvalidPriority": "Ungültige Priorität",
-    "rulesErrorInvalidPriorityDescription": "Bitte geben Sie eine gültige Priorität ein",
+    "rulesErrorInvalidPriorityDescription": "Geben Sie eine ganze Zahl von 1 oder höher ein.",
    "rulesErrorDuplicatePriority": "Doppelte Prioritäten",
-    "rulesErrorDuplicatePriorityDescription": "Bitte geben Sie eindeutige Prioritäten ein",
+    "rulesErrorDuplicatePriorityDescription": "Jede Regel muss eine eindeutige Prioritätsnummer haben.",
+    "rulesErrorValidation": "Ungültige Regeln",
+    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Wählen Sie einen gültigen Vergleichstyp (Pfad, IP, CIDR, Land, Region oder ASN).",
+    "rulesErrorValueRequired": "Geben Sie einen Wert für diese Regel ein.",
+    "rulesErrorInvalidCountry": "Ungültiges Land",
+    "rulesErrorInvalidCountryDescription": "Wählen Sie ein gültiges Land aus.",
+    "rulesErrorInvalidAsn": "Ungültiges ASN",
+    "rulesErrorInvalidAsnDescription": "Geben Sie ein gültiges ASN ein (z.B., AS15169).",
    "ruleUpdated": "Regeln aktualisiert",
    "ruleUpdatedDescription": "Regeln erfolgreich aktualisiert",
    "ruleErrorUpdate": "Operation fehlgeschlagen",
    "ruleErrorUpdateDescription": "Während des Speichervorgangs ist ein Fehler aufgetreten",
    "rulesPriority": "Priorität",
+    "rulesReorderDragHandle": "Ziehen, um die Regelpriorität neu zu ordnen",
    "rulesAction": "Aktion",
    "rulesMatchType": "Übereinstimmungstyp",
    "value": "Wert",
@@ -792,7 +810,7 @@
    "rulesResource": "Ressourcen-Regelkonfiguration",
    "rulesResourceDescription": "Regeln konfigurieren, um den Zugriff auf die Ressource zu steuern",
    "ruleSubmit": "Regel hinzufügen",
-    "rulesNoOne": "Keine Regeln. Fügen Sie eine Regel über das Formular hinzu.",
+    "rulesNoOne": "Noch keine Regeln vorhanden.",
    "rulesOrder": "Regeln werden nach aufsteigender Priorität ausgewertet.",
    "rulesSubmit": "Regeln speichern",
    "policyErrorCreate": "Fehler beim Erstellen der Richtlinie",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten",
    "policyCreatedSuccess": "Ressourcenrichtlinie erfolgreich erstellt",
    "policyUpdatedSuccess": "Ressourcenrichtlinie erfolgreich aktualisiert",
-    "authMethodsSave": "Authentifizierungsmethoden speichern",
+    "authMethodsSave": "Einstellungen speichern",
+    "policyAuthStackTitle": "Authentifizierung",
+    "policyAuthStackDescription": "Kontrollieren Sie, welche Authentifizierungsmethoden erforderlich sind, um auf diese Ressource zuzugreifen",
+    "policyAuthOrLogicTitle": "Mehrere Authentifizierungsmethoden aktiv",
+    "policyAuthOrLogicBanner": "Besucher können sich mit einer der unten aktiven Methoden authentifizieren. Sie müssen nicht alle abschließen.",
+    "policyAuthMethodActive": "Aktiv",
+    "policyAuthMethodOff": "Aus",
+    "policyAuthSsoTitle": "Plattform SSO",
+    "policyAuthSsoDescription": "Anmeldung über den Identitätsanbieter Ihrer Organisation erforderlich",
+    "policyAuthSsoSummary": "{idp} · {users} Benutzer, {roles} Rollen",
+    "policyAuthSsoDefaultIdp": "Standardanbieter",
+    "policyAuthAddDefaultIdentityProvider": "Standardidentitätsanbieter hinzufügen",
+    "policyAuthOtherMethodsTitle": "Andere Methoden",
+    "policyAuthOtherMethodsDescription": "Optionale Methoden, die Besucher anstelle von oder zusammen mit Plattform-SSO verwenden können",
+    "policyAuthPasscodeTitle": "Passwort",
+    "policyAuthPasscodeDescription": "Erfordere einen geteilten alphanumerischen Passcode für den Zugriff auf die Ressource",
+    "policyAuthPasscodeSummary": "Passcode festgelegt",
+    "policyAuthPincodeTitle": "PIN-Code",
+    "policyAuthPincodeDescription": "Ein kurzer numerischer Code, der erforderlich ist, um auf die Ressource zuzugreifen",
+    "policyAuthPincodeSummary": "6-stelliger PIN festgelegt",
+    "policyAuthEmailTitle": "E-Mail-Whitelist",
+    "policyAuthEmailDescription": "Erlaubte E-Mail-Adressen mit Einmalpasswörtern",
+    "policyAuthEmailSummary": "{count} Adressen erlaubt",
+    "policyAuthEmailOtpCallout": "Durch Aktivieren der E-Mail-Whitelist wird beim Einloggen ein Einmalpasswort an die E-Mail des Besuchers gesendet.",
+    "policyAuthHeaderAuthTitle": "Grundlegende Header-Authentifizierung",
+    "policyAuthHeaderAuthDescription": "Überprüfen Sie einen benutzerdefinierten HTTP-Headernamen und -wert bei jeder Anfrage",
+    "policyAuthHeaderAuthSummary": "Header konfiguriert",
+    "policyAuthHeaderName": "Header-Name",
+    "policyAuthHeaderValue": "Erwarteter Wert",
+    "policyAuthSetPasscode": "Passcode setzen",
+    "policyAuthSetPincode": "PIN-Code festlegen",
+    "policyAuthSetEmailWhitelist": "E-Mail-Whitelist festlegen",
+    "policyAuthSetHeaderAuth": "Grundlegende Header-Authentifizierung festlegen",
+    "policyAccessRulesTitle": "Zugriffsregeln",
+    "policyAccessRulesEnableDescription": "Bei Aktivierung werden die Regeln in absteigender Reihenfolge ausgewertet, bis eine als wahr ausgewertet wird.",
+    "policyAccessRulesFirstMatch": "Regeln werden von oben nach unten ausgewertet. Die erste übereinstimmende Regel bestimmt das Ergebnis.",
+    "policyAccessRulesHowItWorks": "Regeln vergleichen Anfragen nach Pfad, IP-Adresse, Standort oder anderen Kriterien. Jede Regel wendet eine Aktion an: Authentifizierung umgehen, Zugriff blockieren oder zur Authentifizierung weiterleiten. Wenn keine Regel zutrifft, wird der Verkehr zur Authentifizierung weitergeleitet.",
+    "policyAccessRulesFallthroughOff": "Wenn Regeln deaktiviert sind, wird der gesamte Verkehr zur Authentifizierung weitergeleitet.",
+    "policyAccessRulesFallthroughOn": "Wenn keine Regel übereinstimmt, wird der Verkehr zur Authentifizierung weitergeleitet.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Regeln speichern",
    "resourceErrorCreate": "Fehler beim Erstellen der Ressource",
    "resourceErrorCreateDescription": "Beim Erstellen der Ressource ist ein Fehler aufgetreten",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Beim Aktualisieren der Ressource ist ein Fehler aufgetreten",
    "access": "Zugriff",
    "accessControl": "Zugriffskontrolle",
-    "shareLink": "{resource} Freigabe-Link",
+    "shareLink": "{resource} Freigabelink",
    "resourceSelect": "Ressource auswählen",
-    "shareLinks": "Freigabe-Links",
+    "shareLinks": "Teilbare Links",
    "share": "Teilbare Links",
    "shareDescription2": "Erstellen Sie teilbare Links zu Ressourcen. Links bieten temporären oder unbegrenzten Zugriff auf Ihre Ressource. Sie können die Verfallsdauer des Links beim Erstellen eines Links festlegen.",
    "shareEasyCreate": "Einfach zu erstellen und zu teilen",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Administratoren haben immer Zugriff auf diese Ressource.",
    "resourcePolicySelectTitle": "Zugriffsrichtlinie für Ressourcen",
    "resourcePolicySelectDescription": "Wählen Sie den Ressourcentransfertyp für die Authentifizierung",
+    "resourcePolicyTypeLabel": "Richtlinientyp",
+    "resourcePolicyLabel": "Ressourcenrichtlinie",
    "resourcePolicyInline": "Inline-Ressourcenrichtlinie",
    "resourcePolicyInlineDescription": "Zugriffsrichtlinie nur für diese Ressource",
    "resourcePolicyShared": "Geteilte Ressourcenrichtlinie",
-    "resourcePolicySharedDescription": "Diese Ressource verwendet eine geteilte Richtlinie. Richtlinienebene Einstellungen (Authentifizierungsmethoden, E-Mail-Whitelist) sind gesperrt. Sie können ressourcenspezifische Regeln, Rollen und Benutzer hinzufügen.",
+    "resourcePolicySharedDescription": "Diese Ressource verwendet eine gemeinsame Richtlinie.",
+    "sharedPolicy": "Gemeinsame Richtlinie",
+    "sharedPolicyNoneDescription": "Diese Ressource hat ihre eigene Richtlinie.",
+    "resourceSharedPolicyOwnDescription": "Diese Ressource hat eigene Authentifizierungs- und Zugriffsregel-Kontrollen.",
+    "resourceSharedPolicyInheritedDescription": "Diese Ressource erbt von <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Diese Ressource verwendet eine geteilte Richtlinie. Einige Authentifizierungseinstellungen können in dieser Ressource bearbeitet werden, um zur Richtlinie beizutragen. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie zu <policyLink>{policyName}</policyLink> wechseln.",
+    "resourceSharedPolicyRulesNotice": "Diese Ressource verwendet eine gemeinsame Richtlinie. Einige Zugriffsregeln können in dieser Ressource bearbeitet werden. Um die zugrunde liegende Richtlinie zu ändern, müssen Sie <policyLink>{policyName}</policyLink> bearbeiten.",
    "resourceUsersRoles": "Zugriffskontrolle",
    "resourceUsersRolesDescription": "Konfigurieren Sie, welche Benutzer und Rollen diese Ressource besuchen können",
    "resourceUsersRolesSubmit": "Zugriffskontrollen speichern",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Sichtbarkeit",
    "resourceVisibilityTitleDescription": "Ressourcensichtbarkeit vollständig aktivieren oder deaktivieren",
    "resourceGeneral": "Allgemeine Einstellungen",
-    "resourceGeneralDescription": "Konfigurieren Sie die allgemeinen Einstellungen für diese Ressource",
+    "resourceGeneralDescription": "Konfigurieren Sie Name, Adresse und Zugriffsrichtlinie für diese Ressource.",
+    "resourceGeneralDetailsSubsection": "Ressourcendetails",
+    "resourceGeneralDetailsSubsectionDescription": "Legen Sie den Anzeigenamen, die Kennung und die öffentlich zugängliche Domain für diese Ressource fest.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Legen Sie den Anzeigenamen, die Kennung und den öffentlichen Port für diese Ressource fest.",
+    "resourceGeneralPublicAddressSubsection": "Öffentliche Adresse",
+    "resourceGeneralPublicAddressSubsectionDescription": "Bestimmen Sie, wie Benutzer diese Ressource erreichen.",
+    "resourceGeneralAuthenticationAccessSubsection": "Authentifizierung und Zugriff",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Wählen Sie, ob diese Ressource ihre eigene Richtlinie verwendet oder von einer gemeinsamen Richtlinie erbt.",
    "resourceEnable": "Ressource aktivieren",
    "resourceTransfer": "Ressource übertragen",
    "resourceTransferDescription": "Diese Ressource auf einen anderen Standort übertragen",
@@ -1220,11 +1294,14 @@
    "addLabels": "Etiketten hinzufügen",
    "siteLabelsTab": "Etiketten",
    "siteLabelsDescription": "Verwalten Sie die mit diesem Standort verbundenen Etiketten.",
-    "labelsNotFound": "Etiketten nicht gefunden",
+    "labelsNotFound": "Keine Kennzeichnungen gefunden.",
+    "labelsEmptyCreateHint": "Beginnen Sie oben zu tippen, um ein Label zu erstellen.",
    "labelSearch": "Etiketten suchen",
+    "labelSearchOrCreate": "Suchen oder erstellen Sie ein Label",
    "accessLabelFilterCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
    "labelOverflowCount": "+{count, plural, one {# Etikett} other {# Etiketten}}",
    "accessLabelFilterClear": "Etikettenfilter löschen",
+    "accessFilterClear": "Filter löschen",
    "selectColor": "Farbe auswählen",
    "createNewLabel": "Neues Org-Etikett \"{label}\" erstellen",
    "inviteInvalidDescription": "Der Einladungslink ist ungültig.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Ressourcen",
    "sidebarProxyResources": "Öffentlich",
    "sidebarClientResources": "Privat",
-    "sidebarPolicies": "Richtlinien",
-    "sidebarResourcePolicies": "Ressourcen",
+    "sidebarPolicies": "Gemeinsame Richtlinien",
+    "sidebarResourcePolicies": "Öffentliche Ressourcen",
    "sidebarAccessControl": "Zugriffskontrolle",
    "sidebarLogsAndAnalytics": "Protokolle & Analysen",
    "sidebarTeam": "Team",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Einladungen",
    "sidebarRoles": "Rollen",
-    "sidebarShareableLinks": "Links",
+    "sidebarShareableLinks": "Teilbare Links",
    "sidebarApiKeys": "API-Schlüssel",
    "sidebarProvisioning": "Bereitstellung",
    "sidebarSettings": "Einstellungen",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressource {id}",
    "blueprints": "Blaupausen",
    "blueprintsLog": "Blaupausen-Protokoll",
-    "blueprintsDescription": "Frühere Blaupausen-Anwendungen und deren Ergebnisse ansehen",
+    "blueprintsDescription": "Betrachten Sie vergangene Blueprint-Anwendungen und deren Ergebnisse oder wenden Sie einen neuen Blueprint an",
    "blueprintAdd": "Blueprint hinzufügen",
    "blueprintGoBack": "Alle Blueprints ansehen",
    "blueprintCreate": "Blueprint erstellen",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Docker Blueprint aktivieren",
    "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blueprint-Etiketten. Der Socket-Pfad muss dem Site-Connector angegeben werden. Lesen Sie, wie dies in <docsLink>der Dokumentation</docsLink> funktioniert.",
    "newtAutoUpdate": "Standort-Auto-Update aktivieren",
-    "newtAutoUpdateDescription": "Wenn aktiviert, aktualisieren sich die Standort-Connectoren automatisch auf die neueste Version, sobald eine neue Version verfügbar ist.",
+    "newtAutoUpdateDescription": "Wenn aktiviert, werden die Seiten-Connectoren automatisch die neueste Version herunterladen und sich selbst neu starten. Dies kann für jede Seite überschrieben werden.",
    "siteAutoUpdate": "Standort-Auto-Update",
    "siteAutoUpdateLabel": "Autoupdate aktivieren",
-    "siteAutoUpdateDescription": "Steuern Sie, ob der Connector dieses Standorts automatisch die neueste Version herunterlädt.",
+    "siteAutoUpdateDescription": "Wenn aktiviert, wird der Seiten-Connector automatisch die neueste Version herunterladen und sich selbst neu starten.",
    "siteAutoUpdateOrgDefault": "Standard der Organisation: {state}",
    "siteAutoUpdateOverriding": "Organisations-Einstellung überschreiben",
    "siteAutoUpdateResetToOrg": "Auf Standard der Organisation zurücksetzen",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Kontoeinrichtung abgeschlossen! Willkommen bei Pangolin!",
    "documentation": "Dokumentation",
    "saveAllSettings": "Alle Einstellungen speichern",
-    "saveResourceTargets": "Ziele speichern",
-    "saveResourceHttp": "Proxy-Einstellungen speichern",
-    "saveProxyProtocol": "Proxy-Protokolleinstellungen speichern",
+    "saveResourceTargets": "Einstellungen speichern",
+    "saveResourceHttp": "Einstellungen speichern",
+    "saveProxyProtocol": "Einstellungen speichern",
    "settingsUpdated": "Einstellungen aktualisiert",
    "settingsUpdatedDescription": "Einstellungen erfolgreich aktualisiert",
    "settingsErrorUpdate": "Einstellungen konnten nicht aktualisiert werden",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Unbekannt",
    "healthCheck": "Gesundheits-Check",
    "configureHealthCheck": "Gesundheits-Check konfigurieren",
-    "configureHealthCheckDescription": "Richten Sie die Gesundheitsüberwachung für {target} ein",
+    "configureHealthCheckDescription": "Richten Sie die Überwachung für Ihre Resource ein, um sicherzustellen, dass sie immer verfügbar ist",
    "enableHealthChecks": "Gesundheits-Checks aktivieren",
    "healthCheckDisabledStateDescription": "Wenn deaktiviert, führt der Standort keine Gesundheitsprüfungen durch und der Zustand wird als unbekannt betrachtet.",
    "enableHealthChecksDescription": "Überwachen Sie die Gesundheit dieses Ziels. Bei Bedarf können Sie einen anderen Endpunkt als das Ziel überwachen.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Methode auswählen",
-    "healthCheckPortInvalid": "Der Gesundheitskontroll-Port muss zwischen 1 und 65535 liegen",
+    "healthCheckPortInvalid": "Der Port muss zwischen 1 und 65535 liegen",
    "healthCheckPath": "Pfad",
    "healthHostname": "IP / Host",
    "healthPort": "Port",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Gerätegenehmigungen erforderlich",
    "requireDeviceApprovalDescription": "Benutzer mit dieser Rolle benötigen neue Geräte, die von einem Administrator genehmigt wurden, bevor sie sich verbinden und auf Ressourcen zugreifen können.",
    "sshSettings": "SSH-Einstellungen",
+    "sshAccess": "SSH Zugriff",
    "rdpSettings": "RDP-Einstellungen",
    "vncSettings": "VNC-Einstellungen",
    "sshServer": "SSH-Server",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Stellen Sie sicher, dass Ihr Zielhost korrekt konfiguriert ist, um den Auth-Daemon auszuführen, bevor Sie dieses Setup abschließen, andernfalls wird die Bereitstellung fehlschlagen.",
    "sshDaemonPort": "Daemon-Port",
    "sshServerDestination": "Serverziel",
-    "sshServerDestinationDescription": "Konfigurieren Sie das Ziel und den Port des SSH-Servers",
+    "sshServerDestinationDescription": "Ziel des SSH-Servers konfigurieren",
    "destination": "Ziel",
+    "destinationRequired": "Ziel ist erforderlich.",
+    "domainRequired": "Domain ist erforderlich.",
+    "proxyPortRequired": "Port ist erforderlich.",
+    "invalidPathConfiguration": "Ungültige Pfadkonfiguration.",
+    "invalidRewritePathConfiguration": "Ungültige Neupfad-Konfiguration.",
    "bgTargetMultiSiteDisclaimer": "Die Auswahl mehrerer Standorte ermöglicht eine widerstandsfähige Weiterleitung und einen Failover für hohe Verfügbarkeit.",
    "roleAllowSsh": "SSH erlauben",
    "roleAllowSshAllow": "Erlauben",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
    "sshSudo": "sudo erlauben",
    "sshSudoCommands": "Sudo-Befehle",
-    "sshSudoCommandsDescription": "Komma-getrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf. Es müssen absolute Pfade verwendet werden.",
+    "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf, durch Kommas, Leerzeichen oder neue Zeilen getrennt. Absolute Pfade müssen verwendet werden.",
    "sshCreateHomeDir": "Home-Verzeichnis erstellen",
    "sshUnixGroups": "Unix-Gruppen",
-    "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
+    "sshUnixGroupsDescription": "Unix-Gruppen, in die der Benutzer auf dem Ziel-Host aufgenommen werden soll, getrennt durch Kommas, Leerzeichen oder neue Zeilen.",
+    "roleTextFieldPlaceholder": "Werte eingeben oder eine .txt- oder .csv-Datei ablegen",
+    "roleTextImportTitle": "Von Datei importieren",
+    "roleTextImportDescription": "Importiere {fileName} in {fieldLabel}.",
+    "roleTextImportSkipHeader": "Erste Zeile überspringen (Header)",
+    "roleTextImportOverride": "Vorhandenes ersetzen",
+    "roleTextImportAppend": "An vorhandenes anfügen",
+    "roleTextImportMode": "Importmodus",
+    "roleTextImportPreview": "Vorschau",
+    "roleTextImportItemCount": "{count, plural, =0 {Keine Elemente zu importieren} one {1 Element zu importieren} other {# Elemente zu importieren}}",
+    "roleTextImportTotalCount": "{existing} vorhanden + {imported} importiert = {total} gesamt",
+    "roleTextImportConfirm": "Importieren",
+    "roleTextImportInvalidFile": "Nicht unterstützter Dateityp",
+    "roleTextImportInvalidFileDescription": "Nur .txt- und .csv-Dateien werden unterstützt.",
+    "roleTextImportEmpty": "Keine Elemente in der Datei gefunden",
+    "roleTextImportEmptyDescription": "Die Datei enthält keine importierbaren Elemente.",
    "retryAttempts": "Wiederholungsversuche",
    "expectedResponseCodes": "Erwartete Antwortcodes",
    "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Proxy-Protokoll aktivieren",
    "proxyProtocolInfo": "Client-IP-Adressen für TCP-Backends beibehalten",
    "proxyProtocolVersion": "Proxy-Protokollversion",
-    "version1": " Version 1 (empfohlen)",
+    "version1": "Version 1 (Empfohlen)",
    "version2": "Version 2",
-    "versionDescription": "Die Version 1 ist textbasiert und unterstützt die Version 2, ist binär und effizienter, aber weniger kompatibel.",
+    "version1Description": "Textbasiert und weit verbreitet. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
+    "version2Description": "Binär und effizienter, aber weniger kompatibel. Sicherstellen, dass das Servers-Transport zur dynamischen Konfiguration hinzugefügt wurde.",
    "warning": "Warnung",
    "proxyProtocolWarning": "Die Backend-Anwendung muss so konfiguriert sein, dass Proxy-Protokoll-Verbindungen akzeptiert werden. Wenn Ihr Backend das Proxy-Protokoll nicht unterstützt, wird das Aktivieren aller Verbindungen unterbrochen, so dass Sie dies nur aktivieren, wenn Sie wissen, was Sie tun. Stellen Sie sicher, dass Sie Ihr Backend so konfigurieren, dass es Proxy-Protokoll-Header von Traefik vertraut.",
    "restarting": "Neustarten...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Bestätigung eingeben",
    "blueprintViewDetails": "Details",
    "defaultIdentityProvider": "Standard Identitätsanbieter",
-    "defaultIdentityProviderDescription": "Wenn ein Standard-Identity Provider ausgewählt ist, wird der Benutzer zur Authentifizierung automatisch an den Anbieter weitergeleitet.",
+    "defaultIdentityProviderDescription": "Der Benutzer wird automatisch zu diesem Identitätsanbieter für die Authentifizierung weitergeleitet.",
    "editInternalResourceDialogNetworkSettings": "Netzwerkeinstellungen",
    "editInternalResourceDialogAccessPolicy": "Zugriffsrichtlinie",
    "editInternalResourceDialogAddRoles": "Rollen hinzufügen",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Art des Wartungsmodus",
    "showMaintenancePage": "Eine Wartungsseite für Besucher anzeigen",
    "enableMaintenanceMode": "Wartungsmodus aktivieren",
+    "enableMaintenanceModeDescription": "Bei Aktivierung sehen Besucher eine Wartungsseite anstelle Ihrer Ressource.",
    "automatic": "Automatisch",
    "automaticModeDescription": " Wartungsseite nur anzeigen, wenn alle Backend-Ziele deaktiviert oder ungesund sind. Deine Ressource funktioniert normal, solange mindestens ein Ziel gesund ist.",
    "forced": "Erzwungen",
@@ -3082,6 +3182,8 @@
    "warning:": "Warnung:",
    "forcedeModeWarning": "Der gesamte Datenverkehr wird zur Wartungsseite weitergeleitet. Ihre Backend-Ressourcen werden keine Anfragen erhalten.",
    "pageTitle": "Seitentitel",
+    "maintenancePageContentSubsection": "Seiteninhalt",
+    "maintenancePageContentSubsectionDescription": "Passen Sie den auf der Wartungsseite angezeigten Inhalt an",
    "pageTitleDescription": "Die Hauptüberschrift auf der Wartungsseite",
    "maintenancePageMessage": "Wartungsmeldung",
    "maintenancePageMessagePlaceholder": "Wir sind bald wieder da! Unsere Seite wird derzeit planmäßig gewartet.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Sind Sie sicher, dass Sie die Verknüpfung dieses Identitätsanbieters mit dieser Organisation aufheben möchten?",
    "idpUnassociateDescription": "Alle Benutzer, die mit diesem Identitätsanbieter verbunden sind, werden aus dieser Organisation entfernt, aber der Identitätsanbieter bleibt für andere verbundene Organisationen weiterhin bestehen.",
    "idpUnassociateConfirm": "Verknüpfung des Identitätsanbieters aufheben bestätigen",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "LÖSCHE UND ENTFERNE MICH AUS DER ORG",
+    "idpUnassociateAndRemoveMeFromOrg": "VERBINDUNG LÖSEN UND ENTFERNE MICH AUS DER ORG",
    "idpUnassociateWarning": "Dies kann für diese Organisation nicht rückgängig gemacht werden.",
    "idpUnassociatedDescription": "Identitätsanbieter erfolgreich von dieser Organisation gelöst",
    "idpUnassociateMenu": "Verknüpfung aufheben",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Verbindung wird hergestellt…",
    "sshInitializing": "Initialisieren…",
    "sshSignInTitle": "Anmelden bei SSH",
-    "sshSignInDescription": "Geben Sie Ihre SSH-Anmeldedaten ein",
+    "sshSignInDescription": "Geben Sie Ihre SSH-Anmeldedaten ein, um sich zu verbinden",
    "sshPasswordTab": "Passwort",
    "sshPrivateKeyTab": "Privater Schlüssel",
    "sshPrivateKeyField": "Privater Schlüssel",
    "sshPrivateKeyDisclaimer": "Ihr privater Schlüssel wird von Pangolin nicht gespeichert oder angezeigt. Alternativ können Sie kurzlebige Zertifikate für nahtlose Authentifizierung mit Ihrer bestehenden Pangolin-Identität verwenden.",
    "sshLearnMore": "Mehr erfahren",
    "sshPrivateKeyFile": "Private Schlüsseldatei",
-    "sshAuthenticate": "Authentifizieren",
+    "sshAuthenticate": "Verbinden",
    "sshTerminate": "Beenden",
    "sshPoweredBy": "Bereitgestellt von",
    "sshErrorNoTarget": "Kein Ziel angegeben",
    "sshErrorWebSocket": "WebSocket-Verbindung fehlgeschlagen",
    "sshErrorAuthFailed": "Authentifizierung fehlgeschlagen",
-    "sshErrorConnectionClosed": "Verbindung geschlossen, bevor die Authentifizierung abgeschlossen wurde"
+    "sshErrorConnectionClosed": "Verbindung geschlossen, bevor die Authentifizierung abgeschlossen wurde",
+    "sitePangolinSshDescription": "Erlaube SSH-Zugriff auf Ressourcen an diesem Standort. Dies kann später geändert werden.",
+    "browserGatewayNoResourceForDomain": "Keine Ressource für diese Domain gefunden",
+    "browserGatewayNoTarget": "Kein Ziel",
+    "browserGatewayConnect": "Verbinden",
+    "browserGatewayCtrlAltDel": "Strg+Alt+Entf",
+    "sshErrorSignKeyFailed": "Fehler beim Signieren des SSH-Schlüssels für die PAM-Push-Authentifizierung. Haben Sie sich als Benutzer angemeldet?",
+    "sshTerminalError": "Fehler: {error}",
+    "sshConnectionClosedCode": "Verbindung geschlossen (Code {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "Privater Schlüssel ist erforderlich",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Geben Sie Ihr VNC-Passwort ein, um sich zu verbinden",
+    "vncPasswordOptional": "Passwort (optional)",
+    "vncNoResourceTarget": "Kein Ressourcen-Ziel verfügbar",
+    "vncFailedToLoadNovnc": "Fehler beim Laden von noVNC",
+    "vncAuthFailedStatus": "Status {status}",
+    "vncPasteClipboard": "Zwischenablage einfügen",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Anmeldung bei Remote Desktop",
+    "rdpSignInDescription": "Geben Sie die Windows-Anmeldedaten ein, um sich zu verbinden",
+    "rdpLoadingModule": "Modul wird geladen...",
+    "rdpFailedToLoadModule": "Fehler beim Laden des RDP-Moduls",
+    "rdpNotReady": "Nicht bereit",
+    "rdpModuleInitializing": "RDP-Modul wird noch initialisiert",
+    "rdpDownloadingFiles": "Herunterladen von {count} Datei(en) von Remote…",
+    "rdpDownloadFailed": "Download fehlgeschlagen: {fileName}",
+    "rdpUploaded": "Hochgeladen: {fileName}",
+    "rdpNoConnectionTarget": "Kein Verbindungsziel verfügbar",
+    "rdpConnectionFailed": "Verbindung fehlgeschlagen",
+    "rdpFit": "Anpassen",
+    "rdpFull": "Vollständig",
+    "rdpReal": "Real",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Dateien hochladen",
+    "rdpFilesReadyToPaste": "Dateien bereit zum Einfügen",
+    "rdpFilesReadyToPasteDescription": "{count} Datei(en) in die Remote-Zwischenablage kopiert — drücken Sie Strg+V auf dem Remote-Desktop, um einzufügen.",
+    "rdpUploadFailed": "Upload fehlgeschlagen",
+    "rdpUnicodeKeyboardMode": "Unicode-Tastaturmodus",
+    "sessionToolbarShow": "Werkzeugleiste zeigen",
+    "sessionToolbarHide": "Werkzeugleiste ausblenden"
 }
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -150,16 +150,16 @@
    "siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
    "siteInfo": "Site Information",
    "status": "Status",
-    "shareTitle": "Manage Share Links",
+    "shareTitle": "Manage Shareable Links",
    "shareDescription": "Create shareable links to grant temporary or permanent access to proxy resources",
-    "shareSearch": "Search share links...",
-    "shareCreate": "Create Share Link",
+    "shareSearch": "Search shareable links...",
+    "shareCreate": "Create Shareable Link",
    "shareErrorDelete": "Failed to delete link",
    "shareErrorDeleteMessage": "An error occurred deleting link",
    "shareDeleted": "Link deleted",
    "shareDeletedDescription": "The link has been deleted",
-    "shareDelete": "Delete Share Link",
-    "shareDeleteConfirm": "Confirm Delete Share Link",
+    "shareDelete": "Delete Shareable Link",
+    "shareDeleteConfirm": "Confirm Delete Shareable Link",
    "shareQuestionRemove": "Are you sure you want to delete this share link?",
    "shareMessageRemove": "Once deleted, the link will no longer work and anyone using it will lose access to the resource.",
    "shareTokenDescription": "The access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.",
@@ -179,6 +179,7 @@
    "shareCreateDescription": "Anyone with this link can access the resource",
    "shareTitleOptional": "Title (optional)",
    "sharePathOptional": "Path (optional)",
+    "sharePathDescription": "The link will redirect users to this path after authentication.",
    "expireIn": "Expire In",
    "neverExpire": "Never expire",
    "shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.",
@@ -211,6 +212,9 @@
    "resourcesSearch": "Search resources...",
    "resourceAdd": "Add Resource",
    "resourceErrorDelte": "Error deleting resource",
+    "resourcePoliciesBannerTitle": "Re-use Authentication and Access Rules",
+    "resourcePoliciesBannerDescription": "Shared resource policies let you define authentication methods and access rules once, then attach them to multiple public resources. When you update a policy, every linked resource inherits the change automatically.",
+    "resourcePoliciesBannerButtonText": "Learn More",
    "resourcePoliciesTitle": "Manage Public Resource Policies",
    "resourcePoliciesAttachedResourcesColumnTitle": "Resources",
    "resourcePoliciesAttachedResources": "{count} resource(s)",
@@ -277,7 +281,7 @@
    "back": "Back",
    "cancel": "Cancel",
    "resourceConfig": "Configuration Snippets",
-    "resourceConfigDescription": "Copy and paste these configuration snippets to set up the TCP/UDP resource",
+    "resourceConfigDescription": "Copy and paste these configuration snippets to set up the TCP/UDP resource.",
    "resourceAddEntrypoints": "Traefik: Add Entrypoints",
    "resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
    "resourceLearnRaw": "Learn how to configure TCP/UDP resources",
@@ -290,6 +294,8 @@
    "labelDelete": "Delete Label",
    "labelAdd": "Add Label",
    "labelCreateSuccessMessage": "Label Created Successfully",
+    "labelDuplicateError": "Duplicate Label",
+    "labelDuplicateErrorDescription": "A label with this name already exists.",
    "labelEditSuccessMessage": "Label Modified Successfully",
    "labelNameField": "Label Name",
    "labelColorField": "Label Color",
@@ -722,7 +728,7 @@
    "targetSubmit": "Add Target",
    "targetNoOne": "This resource doesn't have any targets. Add a target to configure where to send requests to the backend.",
    "targetNoOneDescription": "Adding more than one target above will enable load balancing.",
-    "targetsSubmit": "Save Targets",
+    "targetsSubmit": "Save Settings",
    "addTarget": "Add Target",
    "proxyMultiSiteRoundRobinNodeHelp": "Round robin routing will not work between sites that are not connected to the same node, but failover will work.",
    "targetErrorInvalidIp": "Invalid IP address",
@@ -774,6 +780,7 @@
    "rulesErrorDuplicatePriorityDescription": "Each rule must have a unique priority number.",
    "rulesErrorValidation": "Invalid rules",
    "rulesErrorValidationRuleDescription": "Rule {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Select a valid match type (path, IP, CIDR, country, region, or ASN).",
    "rulesErrorValueRequired": "Enter a value for this rule.",
    "rulesErrorInvalidCountry": "Invalid country",
    "rulesErrorInvalidCountryDescription": "Select a valid country.",
@@ -843,6 +850,10 @@
    "policyAuthHeaderAuthSummary": "Header configured",
    "policyAuthHeaderName": "Header name",
    "policyAuthHeaderValue": "Expected value",
+    "policyAuthSetPasscode": "Set Passcode",
+    "policyAuthSetPincode": "Set PIN Code",
+    "policyAuthSetEmailWhitelist": "Set Email Whitelist",
+    "policyAuthSetHeaderAuth": "Set Basic Header Auth",
    "policyAccessRulesTitle": "Access Rules",
    "policyAccessRulesEnableDescription": "When enabled, rules are evaluated in descending order until one evaluates as true.",
    "policyAccessRulesFirstMatch": "Rules are evaluated top to bottom. The first matching rule decides the outcome.",
@@ -872,9 +883,9 @@
    "resourcesErrorUpdateDescription": "An error occurred while updating the resource",
    "access": "Access",
    "accessControl": "Access Control",
-    "shareLink": "{resource} Share Link",
+    "shareLink": "{resource} Shareable Link",
    "resourceSelect": "Select resource",
-    "shareLinks": "Share Links",
+    "shareLinks": "Shareable Links",
    "share": "Shareable Links",
    "shareDescription2": "Create shareable links to resources. Links provide temporary or unlimited access to your resource. You can configure the expiration duration of the link when you create one.",
    "shareEasyCreate": "Easy to create and share",
@@ -964,10 +975,18 @@
    "resourceRoleDescription": "Admins can always access this resource.",
    "resourcePolicySelectTitle": "Resource Access Policy",
    "resourcePolicySelectDescription": "Select the resource policy type for authentication",
+    "resourcePolicyTypeLabel": "Policy type",
+    "resourcePolicyLabel": "Resource policy",
    "resourcePolicyInline": "Inline Resource Policy",
    "resourcePolicyInlineDescription": "Access Policy scoped to only this resource",
    "resourcePolicyShared": "Shared Resource Policy",
-    "resourcePolicySharedDescription": "This resource uses a shared policy. Policy-level settings (auth methods, email whitelist) are locked. You can add resource-specific rules, roles, and users below.",
+    "resourcePolicySharedDescription": "This resource uses a shared policy.",
+    "sharedPolicy": "Shared Policy",
+    "sharedPolicyNoneDescription": "This resource has its own policy.",
+    "resourceSharedPolicyOwnDescription": "This resource has its own authentication and access rules controls.",
+    "resourceSharedPolicyInheritedDescription": "This resource inherits from <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "This resource is using a shared policy. Some authentication settings can be edited on this resource to add to the policy. To change the underlying policy, you must edit to <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "This resource is using a shared policy. Some access rules can be edited on this resource. To change the underlying policy, you must edit <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Access Controls",
    "resourceUsersRolesDescription": "Configure which users and roles can visit this resource",
    "resourceUsersRolesSubmit": "Save Access Controls",
@@ -992,7 +1011,14 @@
    "resourceVisibilityTitle": "Visibility",
    "resourceVisibilityTitleDescription": "Completely enable or disable resource visibility",
    "resourceGeneral": "General Settings",
-    "resourceGeneralDescription": "Configure the general settings for this resource",
+    "resourceGeneralDescription": "Configure name, address, and access policy for this resource.",
+    "resourceGeneralDetailsSubsection": "Resource Details",
+    "resourceGeneralDetailsSubsectionDescription": "Set the display name, identifier, and publicly accessible domain for this resource.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Set the display name, identifier, and public port for this resource.",
+    "resourceGeneralPublicAddressSubsection": "Public Address",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configure how users reach this resource.",
+    "resourceGeneralAuthenticationAccessSubsection": "Authentication & Access",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Choose whether this resource uses its own policy or inherits from a shared policy.",
    "resourceEnable": "Enable Resource",
    "resourceTransfer": "Transfer Resource",
    "resourceTransferDescription": "Transfer this resource to a different site",
@@ -1275,6 +1301,7 @@
    "accessLabelFilterCount": "{count, plural, one {# label} other {# labels}}",
    "labelOverflowCount": "+{count, plural, one {# label} other {# labels}}",
    "accessLabelFilterClear": "Clear label filters",
+    "accessFilterClear": "Clear filters",
    "selectColor": "Select color",
    "createNewLabel": "Create new org label \"{label}\"",
    "inviteInvalidDescription": "The invite link is invalid.",
@@ -1511,7 +1538,7 @@
    "sidebarResources": "Resources",
    "sidebarProxyResources": "Public",
    "sidebarClientResources": "Private",
-    "sidebarPolicies": "Policies",
+    "sidebarPolicies": "Shared Policies",
    "sidebarResourcePolicies": "Public Resources",
    "sidebarAccessControl": "Access Control",
    "sidebarLogsAndAnalytics": "Logs & Analytics",
@@ -1520,7 +1547,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Invitations",
    "sidebarRoles": "Roles",
-    "sidebarShareableLinks": "Share Links",
+    "sidebarShareableLinks": "Shareable Links",
    "sidebarApiKeys": "API Keys",
    "sidebarProvisioning": "Provisioning",
    "sidebarSettings": "Settings",
@@ -1717,10 +1744,10 @@
    "enableDockerSocket": "Enable Docker Blueprint",
    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to the site connector. Read about how this works in <docsLink>the documentation</docsLink>.",
    "newtAutoUpdate": "Enable Site Auto-Update",
-    "newtAutoUpdateDescription": "When enabled, site connectors will automatically update to the latest version when a new release is available.",
+    "newtAutoUpdateDescription": "When enabled, site connectors will automatically download the latest version and restart themselves. This can be overridden on a per-site basis.",
    "siteAutoUpdate": "Site Auto-Update",
    "siteAutoUpdateLabel": "Enable Auto-Update",
-    "siteAutoUpdateDescription": "Control whether this site's connector automatically downloads the latest version.",
+    "siteAutoUpdateDescription": "When enabled, this site's connector will automatically download the latest version and restart itself.",
    "siteAutoUpdateOrgDefault": "Organization default: {state}",
    "siteAutoUpdateOverriding": "Overriding organization setting",
    "siteAutoUpdateResetToOrg": "Reset to Organization Default",
@@ -1818,9 +1845,9 @@
    "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
    "documentation": "Documentation",
    "saveAllSettings": "Save All Settings",
-    "saveResourceTargets": "Save Targets",
-    "saveResourceHttp": "Save Proxy Settings",
-    "saveProxyProtocol": "Save Proxy protocol settings",
+    "saveResourceTargets": "Save Settings",
+    "saveResourceHttp": "Save Settings",
+    "saveProxyProtocol": "Save Settings",
    "settingsUpdated": "Settings updated",
    "settingsUpdatedDescription": "Settings updated successfully",
    "settingsErrorUpdate": "Failed to update settings",
@@ -2144,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "User can run only the specified commands with sudo.",
    "sshSudo": "Allow sudo",
    "sshSudoCommands": "Sudo Commands",
-    "sshSudoCommandsDescription": "Comma separated list of commands the user is allowed to run with sudo. Absolute paths must be used.",
+    "sshSudoCommandsDescription": "List of commands the user is allowed to run with sudo, separated by commas, spaces, or new lines. Absolute paths must be used.",
    "sshCreateHomeDir": "Create Home Directory",
    "sshUnixGroups": "Unix Groups",
-    "sshUnixGroupsDescription": "Comma separated Unix groups to add the user to on the target host.",
+    "sshUnixGroupsDescription": "Unix groups to add the user to on the target host, separated by commas, spaces, or new lines.",
+    "roleTextFieldPlaceholder": "Enter values, or drop a .txt or .csv file",
+    "roleTextImportTitle": "Import from File",
+    "roleTextImportDescription": "Importing {fileName} into {fieldLabel}.",
+    "roleTextImportSkipHeader": "Skip First Row (Header)",
+    "roleTextImportOverride": "Replace Existing",
+    "roleTextImportAppend": "Append to Existing",
+    "roleTextImportMode": "Import Mode",
+    "roleTextImportPreview": "Preview",
+    "roleTextImportItemCount": "{count, plural, =0 {No items to import} one {1 item to import} other {# items to import}}",
+    "roleTextImportTotalCount": "{existing} existing + {imported} imported = {total} total",
+    "roleTextImportConfirm": "Import",
+    "roleTextImportInvalidFile": "Unsupported file type",
+    "roleTextImportInvalidFileDescription": "Only .txt and .csv files are supported.",
+    "roleTextImportEmpty": "No items found in file",
+    "roleTextImportEmptyDescription": "The file does not contain any importable items.",
    "retryAttempts": "Retry Attempts",
    "expectedResponseCodes": "Expected Response Codes",
    "expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",
@@ -2931,9 +2973,10 @@
    "enableProxyProtocol": "Enable Proxy Protocol",
    "proxyProtocolInfo": "Preserve client IP addresses for TCP backends",
    "proxyProtocolVersion": "Proxy Protocol Version",
-    "version1": " Version 1 (Recommended)",
+    "version1": "Version 1 (Recommended)",
    "version2": "Version 2",
-    "versionDescription": "Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible. Make sure servers transport is added to dynamic config.",
+    "version1Description": "Text-based and widely supported. Make sure servers transport is added to dynamic config.",
+    "version2Description": "Binary and more efficient but less compatible. Make sure servers transport is added to dynamic config.",
    "warning": "Warning",
    "proxyProtocolWarning": "The backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections so only enable this if you know what you're doing. Make sure to configure your backend to trust Proxy Protocol headers from Traefik.",
    "restarting": "Restarting...",
@@ -3131,6 +3174,7 @@
    "maintenanceModeType": "Maintenance Mode Type",
    "showMaintenancePage": "Show a maintenance page to visitors",
    "enableMaintenanceMode": "Enable Maintenance Mode",
+    "enableMaintenanceModeDescription": "When enabled, visitors will see a maintenance page instead of your resource.",
    "automatic": "Automatic",
    "automaticModeDescription": " Show maintenance page only when all backend targets are down or unhealthy. Your resource continues working normally as long as at least one target is healthy.",
    "forced": "Forced",
@@ -3138,6 +3182,8 @@
    "warning:": "Warning:",
    "forcedeModeWarning": "All traffic will be directed to the maintenance page. Your backend resources will not receive any requests.",
    "pageTitle": "Page Title",
+    "maintenancePageContentSubsection": "Page Content",
+    "maintenancePageContentSubsectionDescription": "Customize the content displayed on the maintenance page",
    "pageTitleDescription": "The main heading displayed on the maintenance page",
    "maintenancePageMessage": "Maintenance Message",
    "maintenancePageMessagePlaceholder": "We'll be back soon! Our site is currently undergoing scheduled maintenance.",
@@ -3497,14 +3543,14 @@
    "sshConnecting": "Connecting…",
    "sshInitializing": "Initializing…",
    "sshSignInTitle": "Sign in to SSH",
-    "sshSignInDescription": "Enter your SSH credentials",
+    "sshSignInDescription": "Enter your SSH credentials to connect",
    "sshPasswordTab": "Password",
    "sshPrivateKeyTab": "Private Key",
    "sshPrivateKeyField": "Private Key",
    "sshPrivateKeyDisclaimer": "Your private key is not stored or visible to Pangolin. Alternatively, you can use short-lived certificates for seamless authentication using your existing Pangolin identity.",
    "sshLearnMore": "Learn more",
    "sshPrivateKeyFile": "Private Key File",
-    "sshAuthenticate": "Authenticate",
+    "sshAuthenticate": "Connect",
    "sshTerminate": "Terminate",
    "sshPoweredBy": "Powered by",
    "sshErrorNoTarget": "No target specified",
@@ -3548,5 +3594,7 @@
    "rdpFilesReadyToPaste": "Files ready to paste",
    "rdpFilesReadyToPasteDescription": "{count} file(s) copied to remote clipboard — press Ctrl+V on the remote desktop to paste.",
    "rdpUploadFailed": "Upload failed",
-    "rdpUnicodeKeyboardMode": "Unicode keyboard mode"
+    "rdpUnicodeKeyboardMode": "Unicode keyboard mode",
+    "sessionToolbarShow": "Show toolbar",
+    "sessionToolbarHide": "Hide toolbar"
 }
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Ver Recursos Privados",
    "siteInstallNewt": "Instalar Newt",
    "siteInstallNewtDescription": "Recibe Newt corriendo en tu sistema",
+    "siteInstallKubernetesDocsDescription": "Para información de instalación de Kubernetes más reciente, consulta <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Para instrucciones de instalación del módem Advantech, consulta <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuración de Wirex Guard",
    "WgConfigurationDescription": "Utilice la siguiente configuración para conectarse a la red",
    "operatingSystem": "Sistema operativo",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Sólo podrás verlo una vez. Asegúrate de copiarlo a un lugar seguro.",
    "siteInfo": "Información del sitio",
    "status": "Estado",
-    "shareTitle": "Administrar Enlaces de Compartir",
+    "shareTitle": "Gestionar Enlaces Compartibles",
    "shareDescription": "Crear enlaces compartidos para conceder acceso temporal o permanente a recursos proxy",
-    "shareSearch": "Buscar enlaces compartidos...",
-    "shareCreate": "Crear enlace Compartir",
+    "shareSearch": "Buscar enlaces compartibles...",
+    "shareCreate": "Crear Enlace Compartible",
    "shareErrorDelete": "Error al eliminar el enlace",
    "shareErrorDeleteMessage": "Se ha producido un error al eliminar el enlace",
    "shareDeleted": "Enlace eliminado",
    "shareDeletedDescription": "El enlace ha sido eliminado",
-    "shareDelete": "Borrar Enlace Compartido",
-    "shareDeleteConfirm": "Confirmar Borrado del Enlace Compartido",
+    "shareDelete": "Eliminar Enlace Compartible",
+    "shareDeleteConfirm": "Confirmar Eliminación de Enlace Compartible",
    "shareQuestionRemove": "¿Está seguro de que desea borrar este enlace compartido?",
    "shareMessageRemove": "Una vez borrado, el enlace dejará de funcionar y cualquier persona que lo use perderá acceso al recurso.",
    "shareTokenDescription": "El token de acceso puede ser pasado de dos maneras: como parámetro de consulta o en las cabeceras de solicitud. Estos deben ser pasados del cliente en cada solicitud de acceso autenticado.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Cualquiera con este enlace puede acceder al recurso",
    "shareTitleOptional": "Título (opcional)",
    "sharePathOptional": "Ruta (opcional)",
+    "sharePathDescription": "El enlace redirigirá a los usuarios a esta ruta tras la autenticación.",
    "expireIn": "Caduca en",
    "neverExpire": "Nunca expirar",
    "shareExpireDescription": "El tiempo de caducidad es cuánto tiempo el enlace será utilizable y proporcionará acceso al recurso. Después de este tiempo, el enlace ya no funcionará, y los usuarios que usaron este enlace perderán el acceso al recurso.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Por favor, seleccione un recurso",
    "proxyResourceTitle": "Administrar recursos públicos",
    "proxyResourceDescription": "Crear y administrar recursos que sean accesibles públicamente a través de un navegador web",
-    "publicResourcesBannerTitle": "Acceso público basado en web",
-    "publicResourcesBannerDescription": "Los recursos públicos son proxies HTTPS o TCP/UDP accesibles a cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluye políticas de acceso basadas en identidad y contexto.",
+    "publicResourcesBannerTitle": "Acceso Público basado en Web",
+    "publicResourcesBannerDescription": "Los recursos públicos son proxies HTTPS accesibles para cualquiera en Internet a través de un navegador web. A diferencia de los recursos privados, no requieren software del lado del cliente e incluyen políticas de acceso basadas en identidad y contexto.",
    "clientResourceTitle": "Administrar recursos privados",
    "clientResourceDescription": "Crear y administrar recursos que sólo son accesibles a través de un cliente conectado",
    "privateResourcesBannerTitle": "Acceso privado de confianza cero",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Buscar recursos...",
    "resourceAdd": "Añadir Recurso",
    "resourceErrorDelte": "Error al eliminar el recurso",
-    "resourcePoliciesTitle": "Administrar Políticas de Recursos",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos Adjuntos",
+    "resourcePoliciesBannerTitle": "Reutilizar Reglas de Autenticación y Acceso",
+    "resourcePoliciesBannerDescription": "Las políticas de recursos compartidos te permiten definir métodos de autenticación y reglas de acceso una vez, y luego adjuntarlas a múltiples recursos públicos. Al actualizar una política, cada recurso vinculado hereda automáticamente el cambio.",
+    "resourcePoliciesBannerButtonText": "Saber más",
+    "resourcePoliciesTitle": "Gestionar Políticas de Recursos Públicos",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
    "resourcePoliciesAttachedResources": "{count} recurso/s",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
    "resourcePoliciesAttachedResourcesEmpty": "sin recursos",
-    "resourcePoliciesDescription": "Cree y administre políticas de autenticación para controlar el acceso a sus recursos",
+    "resourcePoliciesDescription": "Crear y gestionar políticas de autenticación para controlar el acceso a tus recursos públicos",
    "resourcePoliciesSearch": "Buscar políticas...",
    "resourcePoliciesAdd": "Agregar Política",
    "resourcePoliciesDefaultBadgeText": "Política predeterminada",
-    "resourcePoliciesCreate": "Crear Política de Recursos",
+    "resourcePoliciesCreate": "Crear Política de Recursos Públicos",
    "resourcePoliciesCreateDescription": "Siga los pasos a continuación para crear una nueva política",
    "resourcePolicyName": "Nombre de la política",
    "resourcePolicyNameDescription": "Déle a esta política un nombre para identificarla en sus recursos",
@@ -274,7 +281,7 @@
    "back": "Atrás",
    "cancel": "Cancelar",
    "resourceConfig": "Fragmentos de configuración",
-    "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP",
+    "resourceConfigDescription": "Copia y pega estos fragmentos de configuración para configurar el recurso TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Añadir puntos de entrada",
    "resourceExposePorts": "Gerbil: Exponer puertos en Docker Compose",
    "resourceLearnRaw": "Aprende cómo configurar los recursos TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Eliminar etiqueta",
    "labelAdd": "Agregar etiqueta",
    "labelCreateSuccessMessage": "Etiqueta creada correctamente",
+    "labelDuplicateError": "Etiqueta Duplicada",
+    "labelDuplicateErrorDescription": "Una etiqueta con este nombre ya existe.",
    "labelEditSuccessMessage": "Etiqueta modificada correctamente",
    "labelNameField": "Nombre de la etiqueta",
    "labelColorField": "Color de la etiqueta",
@@ -311,7 +320,7 @@
    "rules": "Reglas",
    "resourceSettingDescription": "Configurar la configuración del recurso",
    "resourceSetting": "Ajustes {resourceName}",
-    "resourcePolicySettingDescription": "Configure la configuración en la política de recursos",
+    "resourcePolicySettingDescription": "Configura los ajustes de esta política de recursos públicos",
    "resourcePolicySetting": "Configuración {policyName}",
    "alwaysAllow": "Autorización Bypass",
    "alwaysDeny": "Bloquear acceso",
@@ -719,7 +728,7 @@
    "targetSubmit": "Añadir destino",
    "targetNoOne": "Este recurso no tiene ningún objetivo. Agrega un objetivo para configurar dónde enviar peticiones al backend.",
    "targetNoOneDescription": "Si se añade más de un objetivo anterior se activará el balance de carga.",
-    "targetsSubmit": "Guardar objetivos",
+    "targetsSubmit": "Guardar ajustes",
    "addTarget": "Añadir destino",
    "proxyMultiSiteRoundRobinNodeHelp": "El enrutamiento de turnos no funcionará entre sitios que no están conectados al mismo nodo, pero el failover funcionará.",
    "targetErrorInvalidIp": "Dirección IP inválida",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Duplicar regla",
    "rulesErrorDuplicateDescription": "Ya existe una regla con estos ajustes",
    "rulesErrorInvalidIpAddressRange": "CIDR inválido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Por favor, introduzca un valor CIDR válido",
-    "rulesErrorInvalidUrl": "Ruta URL inválida",
-    "rulesErrorInvalidUrlDescription": "Por favor, introduzca un valor de ruta de URL válido",
-    "rulesErrorInvalidIpAddress": "IP inválida",
-    "rulesErrorInvalidIpAddressDescription": "Por favor, introduzca una dirección IP válida",
+    "rulesErrorInvalidIpAddressRangeDescription": "Introduce un rango CIDR válido (por ejemplo, 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Ruta no válida",
+    "rulesErrorInvalidUrlDescription": "Introduce una ruta URL o patrón válido (por ejemplo, /api/*).",
+    "rulesErrorInvalidIpAddress": "Dirección IP no válida",
+    "rulesErrorInvalidIpAddressDescription": "Introduce una dirección IPv4 o IPv6 válida.",
    "rulesErrorUpdate": "Error al actualizar las reglas",
    "rulesErrorUpdateDescription": "Se ha producido un error al actualizar las reglas",
    "rulesUpdated": "Activar Reglas",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "Introduzca una dirección en formato CIDR (por ejemplo, 103.21.244.0/22)",
    "rulesMatchIpAddress": "Introduzca una dirección IP (por ejemplo, 103.21.244.12)",
    "rulesMatchUrl": "Introduzca una ruta URL o patrón (por ej., /api/v1/todos o /api/v1/*)",
-    "rulesErrorInvalidPriority": "Prioridad inválida",
-    "rulesErrorInvalidPriorityDescription": "Por favor, introduzca una prioridad válida",
+    "rulesErrorInvalidPriority": "Prioridad no válida",
+    "rulesErrorInvalidPriorityDescription": "Introduce un número entero de 1 o mayor.",
    "rulesErrorDuplicatePriority": "Prioridades duplicadas",
-    "rulesErrorDuplicatePriorityDescription": "Por favor, introduzca prioridades únicas",
+    "rulesErrorDuplicatePriorityDescription": "Cada regla debe tener un número de prioridad único.",
+    "rulesErrorValidation": "Reglas no válidas",
+    "rulesErrorValidationRuleDescription": "Regla {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Selecciona un tipo de coincidencia válido (ruta, IP, CIDR, país, región o ASN).",
+    "rulesErrorValueRequired": "Introduce un valor para esta regla.",
+    "rulesErrorInvalidCountry": "País no válido",
+    "rulesErrorInvalidCountryDescription": "Selecciona un país válido.",
+    "rulesErrorInvalidAsn": "ASN no válido",
+    "rulesErrorInvalidAsnDescription": "Introduce un ASN válido (por ejemplo, AS15169).",
    "ruleUpdated": "Reglas actualizadas",
    "ruleUpdatedDescription": "Reglas actualizadas correctamente",
    "ruleErrorUpdate": "Operación fallida",
    "ruleErrorUpdateDescription": "Se ha producido un error durante la operación de guardado",
    "rulesPriority": "Prioridad",
+    "rulesReorderDragHandle": "Arrastra para reordenar la prioridad de reglas",
    "rulesAction": "Accin",
    "rulesMatchType": "Tipo de partida",
    "value": "Valor",
@@ -792,7 +810,7 @@
    "rulesResource": "Configuración de reglas de recursos",
    "rulesResourceDescription": "Configurar reglas para controlar el acceso al recurso",
    "ruleSubmit": "Añadir Regla",
-    "rulesNoOne": "No hay reglas. Agregue una regla usando el formulario.",
+    "rulesNoOne": "Aún no hay reglas.",
    "rulesOrder": "Las reglas son evaluadas por prioridad en orden ascendente.",
    "rulesSubmit": "Guardar Reglas",
    "policyErrorCreate": "Error al crear la política",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Se ha producido un error inesperado",
    "policyCreatedSuccess": "Política de recursos creada con éxito",
    "policyUpdatedSuccess": "Política de recursos actualizada con éxito",
-    "authMethodsSave": "Guardar métodos de autenticación",
+    "authMethodsSave": "Guardar ajustes",
+    "policyAuthStackTitle": "Autenticación",
+    "policyAuthStackDescription": "Controla qué métodos de autenticación son necesarios para acceder a este recurso",
+    "policyAuthOrLogicTitle": "Múltiples métodos de autenticación activos",
+    "policyAuthOrLogicBanner": "Los visitantes pueden autenticarse utilizando cualquier método activo a continuación. No necesitan completar todos ellos.",
+    "policyAuthMethodActive": "Activo",
+    "policyAuthMethodOff": "Apagado",
+    "policyAuthSsoTitle": "SSO de Plataforma",
+    "policyAuthSsoDescription": "Requiere iniciar sesión a través del proveedor de identidad de tu organización",
+    "policyAuthSsoSummary": "{idp} · {users} usuarios, {roles} roles",
+    "policyAuthSsoDefaultIdp": "Proveedor por defecto",
+    "policyAuthAddDefaultIdentityProvider": "Añadir Proveedor de Identidad Predeterminado",
+    "policyAuthOtherMethodsTitle": "Otros Métodos",
+    "policyAuthOtherMethodsDescription": "Métodos opcionales que los visitantes pueden utilizar en lugar de o junto con el SSO de plataforma",
+    "policyAuthPasscodeTitle": "Código de Acceso",
+    "policyAuthPasscodeDescription": "Requiere un código alfanumérico compartido para acceder al recurso",
+    "policyAuthPasscodeSummary": "Código de acceso establecido",
+    "policyAuthPincodeTitle": "Código PIN",
+    "policyAuthPincodeDescription": "Un código numérico corto necesario para acceder al recurso",
+    "policyAuthPincodeSummary": "Código PIN de 6 dígitos establecido",
+    "policyAuthEmailTitle": "Lista Blanca de Correo",
+    "policyAuthEmailDescription": "Permitir direcciones de correo listadas con contraseñas de un solo uso",
+    "policyAuthEmailSummary": "{count} direcciones permitidas",
+    "policyAuthEmailOtpCallout": "Habilitar la lista blanca de correos envía una contraseña de un solo uso al correo del visitante al iniciar sesión.",
+    "policyAuthHeaderAuthTitle": "Autenticación Básica del Encabezado",
+    "policyAuthHeaderAuthDescription": "Valida un nombre y valor de encabezado HTTP personalizado en cada petición",
+    "policyAuthHeaderAuthSummary": "Encabezado configurado",
+    "policyAuthHeaderName": "Nombre del encabezado",
+    "policyAuthHeaderValue": "Valor esperado",
+    "policyAuthSetPasscode": "Establecer Código de Acceso",
+    "policyAuthSetPincode": "Establecer Código PIN",
+    "policyAuthSetEmailWhitelist": "Establecer Lista Blanca de Correo",
+    "policyAuthSetHeaderAuth": "Establecer Autenticación Básica del Encabezado",
+    "policyAccessRulesTitle": "Reglas de Acceso",
+    "policyAccessRulesEnableDescription": "Cuando está habilitado, las reglas se evalúan en orden descendente hasta que una se evalúa como verdadera.",
+    "policyAccessRulesFirstMatch": "Las reglas se evalúan de arriba a abajo. La primera regla coincidente decide el resultado.",
+    "policyAccessRulesHowItWorks": "Las reglas coinciden con las solicitudes por ruta, dirección IP, ubicación u otros criterios. Cada regla aplica una acción: omitir autenticación, bloquear acceso o pasar a autenticación. Si ninguna regla coincide, el tráfico sigue a la autenticación.",
+    "policyAccessRulesFallthroughOff": "Cuando las reglas están deshabilitadas, todo el tráfico pasa a autenticación.",
+    "policyAccessRulesFallthroughOn": "Cuando no coincide ninguna regla, el tráfico pasa a autenticación.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Guardar reglas",
    "resourceErrorCreate": "Error al crear recurso",
    "resourceErrorCreateDescription": "Se ha producido un error al crear el recurso",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Se ha producido un error al actualizar el recurso",
    "access": "Acceder",
    "accessControl": "Control de acceso",
-    "shareLink": "{resource} Compartir Enlace",
+    "shareLink": "Enlace Compartible de {resource}",
    "resourceSelect": "Seleccionar recurso",
-    "shareLinks": "Compartir enlaces",
+    "shareLinks": "Enlaces Compartibles",
    "share": "Enlaces compartibles",
    "shareDescription2": "Crea enlaces compartidos a recursos. Los enlaces proporcionan acceso temporal o ilimitado a tu recurso. Puede configurar la duración de caducidad del enlace cuando cree uno.",
    "shareEasyCreate": "Fácil de crear y compartir",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Los administradores siempre pueden acceder a este recurso.",
    "resourcePolicySelectTitle": "Política de Acceso a Recursos",
    "resourcePolicySelectDescription": "Seleccione el tipo de política de recursos para la autenticación",
+    "resourcePolicyTypeLabel": "Tipo de política",
+    "resourcePolicyLabel": "Política de recurso",
    "resourcePolicyInline": "Política de Recursos Integrada",
    "resourcePolicyInlineDescription": "Política de Acceso solo destinada a este recurso",
    "resourcePolicyShared": "Política de Recursos Compartida",
-    "resourcePolicySharedDescription": "Este recurso utiliza una política compartida. Las configuraciones a nivel de política (métodos de autenticación, lista blanca de correos electrónicos) están bloqueadas. Puede agregar reglas específicas de recursos, roles y usuarios más abajo.",
+    "resourcePolicySharedDescription": "Este recurso utiliza una política compartida.",
+    "sharedPolicy": "Política Compartida",
+    "sharedPolicyNoneDescription": "Este recurso tiene su propia política.",
+    "resourceSharedPolicyOwnDescription": "Este recurso tiene sus propios controles de autenticación y reglas de acceso.",
+    "resourceSharedPolicyInheritedDescription": "Este recurso hereda de <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando una política compartida. Algunas configuraciones de autenticación se pueden editar en este recurso para añadirse a la política. Para cambiar la política subyacente, debes editar a <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Este recurso está utilizando una política compartida. Algunas reglas de acceso se pueden editar en este recurso. Para cambiar la política subyacente, debes editar <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controles de acceso",
    "resourceUsersRolesDescription": "Configurar qué usuarios y roles pueden visitar este recurso",
    "resourceUsersRolesSubmit": "Guardar controles de acceso",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Visibilidad",
    "resourceVisibilityTitleDescription": "Activar o desactivar completamente la visibilidad de los recursos",
    "resourceGeneral": "Configuración General",
-    "resourceGeneralDescription": "Configurar la configuración general de este recurso",
+    "resourceGeneralDescription": "Configurar nombre, dirección y política de acceso para este recurso.",
+    "resourceGeneralDetailsSubsection": "Detalles del Recurso",
+    "resourceGeneralDetailsSubsectionDescription": "Establecer el nombre de visualización, identificador y dominio públicamente accesible para este recurso.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Establecer el nombre de visualización, identificador y puerto público para este recurso.",
+    "resourceGeneralPublicAddressSubsection": "Dirección Pública",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configura cómo los usuarios acceden a este recurso.",
+    "resourceGeneralAuthenticationAccessSubsection": "Autenticación y Acceso",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Elige si este recurso utiliza su propia política o hereda de una política compartida.",
    "resourceEnable": "Activar recurso",
    "resourceTransfer": "Transferir recursos",
    "resourceTransferDescription": "Transferir este recurso a un sitio diferente",
@@ -1220,11 +1294,14 @@
    "addLabels": "Agregar etiquetas",
    "siteLabelsTab": "Etiquetas",
    "siteLabelsDescription": "Administrar las etiquetas asociadas con este sitio.",
-    "labelsNotFound": "Etiquetas no encontradas",
+    "labelsNotFound": "No se encontraron etiquetas.",
+    "labelsEmptyCreateHint": "Empieza a escribir arriba para crear una etiqueta.",
    "labelSearch": "Buscar etiquetas",
+    "labelSearchOrCreate": "Buscar o crear una etiqueta",
    "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
    "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
    "accessLabelFilterClear": "Borrar filtros de etiquetas",
+    "accessFilterClear": "Limpiar filtros",
    "selectColor": "Seleccionar color",
    "createNewLabel": "Crear nueva etiqueta de organización \"{label}\"",
    "inviteInvalidDescription": "El enlace de invitación no es válido.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Recursos",
    "sidebarProxyResources": "Público",
    "sidebarClientResources": "Privado",
-    "sidebarPolicies": "Políticas",
-    "sidebarResourcePolicies": "Recursos",
+    "sidebarPolicies": "Políticas Compartidas",
+    "sidebarResourcePolicies": "Recursos Públicos",
    "sidebarAccessControl": "Control de acceso",
    "sidebarLogsAndAnalytics": "Registros y análisis",
    "sidebarTeam": "Equipo",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Invitaciones",
    "sidebarRoles": "Roles",
-    "sidebarShareableLinks": "Enlaces",
+    "sidebarShareableLinks": "Enlaces Compartibles",
    "sidebarApiKeys": "Claves API",
    "sidebarProvisioning": "Aprovisionamiento",
    "sidebarSettings": "Ajustes",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Recurso {id}",
    "blueprints": "Planos",
    "blueprintsLog": "Registro de planos",
-    "blueprintsDescription": "Ver aplicaciones de plano anteriores y sus resultados",
+    "blueprintsDescription": "Ver aplicaciones de planos anteriores y sus resultados o aplicar un nuevo plano",
    "blueprintAdd": "Añadir plano",
    "blueprintGoBack": "Ver todos los Planos",
    "blueprintCreate": "Crear Plano",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Habilitar Plano Docker",
    "enableDockerSocketDescription": "Activar el raspado de etiquetas del socket Docker para etiquetas de planos. La ruta del socket debe proporcionarse al conector del sitio. Lea sobre cómo funciona esto en <docsLink>la documentación</docsLink>.",
    "newtAutoUpdate": "Habilitar actualización automática del sitio",
-    "newtAutoUpdateDescription": "Cuando está habilitado, los conectores del sitio se actualizarán automáticamente a la última versión cuando haya disponible una nueva versión.",
+    "newtAutoUpdateDescription": "Cuando está habilitado, los conectores del sitio descargarán automáticamente la última versión y se reiniciarán. Esto se puede anular por sitio.",
    "siteAutoUpdate": "Actualización automática del sitio",
    "siteAutoUpdateLabel": "Habilitar actualización automática",
-    "siteAutoUpdateDescription": "Controlar si el conector de este sitio descarga automáticamente la última versión.",
+    "siteAutoUpdateDescription": "Cuando está habilitado, el conector de este sitio descargará automáticamente la última versión y se reiniciará.",
    "siteAutoUpdateOrgDefault": "Predeterminado de la organización: {state}",
    "siteAutoUpdateOverriding": "Configuración de anulación de la organización",
    "siteAutoUpdateResetToOrg": "Restablecer al predeterminado de la organización",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "¡Configuración de cuenta completada! ¡Bienvenido a Pangolin!",
    "documentation": "Documentación",
    "saveAllSettings": "Guardar todos los ajustes",
-    "saveResourceTargets": "Guardar objetivos",
-    "saveResourceHttp": "Guardar ajustes de proxy",
-    "saveProxyProtocol": "Guardar configuraciones del protocolo de proxy",
+    "saveResourceTargets": "Guardar ajustes",
+    "saveResourceHttp": "Guardar ajustes",
+    "saveProxyProtocol": "Guardar ajustes",
    "settingsUpdated": "Ajustes actualizados",
    "settingsUpdatedDescription": "Configuraciones actualizadas correctamente",
    "settingsErrorUpdate": "Error al actualizar ajustes",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Desconocido",
    "healthCheck": "Chequeo de salud",
    "configureHealthCheck": "Configurar Chequeo de Salud",
-    "configureHealthCheckDescription": "Configura la monitorización de salud para {target}",
+    "configureHealthCheckDescription": "Configura la monitorización para tu recurso para asegurarte que siempre está disponible",
    "enableHealthChecks": "Activar Chequeos de Salud",
    "healthCheckDisabledStateDescription": "Cuando está deshabilitado, el sitio no realizará comprobaciones de salud y el estado se considerará desconocido.",
    "enableHealthChecksDescription": "Controlar la salud de este objetivo. Puedes supervisar un punto final diferente al objetivo si es necesario.",
    "healthScheme": "Método",
    "healthSelectScheme": "Seleccionar método",
-    "healthCheckPortInvalid": "El puerto de chequeo de salud debe estar entre 1 y 65535",
+    "healthCheckPortInvalid": "El puerto debe estar entre 1 y 65535",
    "healthCheckPath": "Ruta",
    "healthHostname": "IP / Nombre del host",
    "healthPort": "Puerto",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Requiere aprobaciones del dispositivo",
    "requireDeviceApprovalDescription": "Los usuarios con este rol necesitan nuevos dispositivos aprobados por un administrador antes de poder conectarse y acceder a los recursos.",
    "sshSettings": "Configuración SSH",
+    "sshAccess": "Acceso SSH",
    "rdpSettings": "Configuración RDP",
    "vncSettings": "Configuración VNC",
    "sshServer": "Servidor SSH",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Asegúrese de que su host objetivo esté correctamente configurado para ejecutar el daemon de autenticación antes de completar esta configuración, o la provisión fallará.",
    "sshDaemonPort": "Puerto del Daemon",
    "sshServerDestination": "Destino del Servidor",
-    "sshServerDestinationDescription": "Configure el destino y el puerto del servidor SSH",
+    "sshServerDestinationDescription": "Configurar el destino del servidor SSH",
    "destination": "Destino",
+    "destinationRequired": "Se requiere destino.",
+    "domainRequired": "Se requiere dominio.",
+    "proxyPortRequired": "Se requiere puerto.",
+    "invalidPathConfiguration": "Configuración de ruta no válida.",
+    "invalidRewritePathConfiguration": "Configuración de ruta de reescritura no válida.",
    "bgTargetMultiSiteDisclaimer": "Seleccionar múltiples sitios permite el enrutamiento resiliente y el failover para alta disponibilidad.",
    "roleAllowSsh": "Permitir SSH",
    "roleAllowSshAllow": "Permitir",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo. Se deben usar rutas absolutas.",
+    "sshSudoCommandsDescription": "Lista de comandos que el usuario tiene permitido ejecutar con sudo, separados por comas, espacios o nuevas líneas. Se deben usar rutas absolutas.",
    "sshCreateHomeDir": "Crear directorio principal",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
+    "sshUnixGroupsDescription": "Grupos Unix a los que añadir el usuario en el host de destino, separados por comas, espacios o nuevas líneas.",
+    "roleTextFieldPlaceholder": "Introduce valores, o suelta un archivo .txt o .csv",
+    "roleTextImportTitle": "Importar desde Archivo",
+    "roleTextImportDescription": "Importando {fileName} en {fieldLabel}.",
+    "roleTextImportSkipHeader": "Omitir Primera Fila (Encabezado)",
+    "roleTextImportOverride": "Reemplazar Existente",
+    "roleTextImportAppend": "Añadir al Existente",
+    "roleTextImportMode": "Modo de Importación",
+    "roleTextImportPreview": "Previsualizar",
+    "roleTextImportItemCount": "{count, plural, =0 {No hay elementos para importar} one {1 elemento para importar} other {# elementos para importar}}",
+    "roleTextImportTotalCount": "{existing} existentes + {imported} importados = {total} total",
+    "roleTextImportConfirm": "Importar",
+    "roleTextImportInvalidFile": "Tipo de archivo no soportado",
+    "roleTextImportInvalidFileDescription": "Sólo se soportan archivos .txt y .csv.",
+    "roleTextImportEmpty": "No se encontraron elementos en el archivo",
+    "roleTextImportEmptyDescription": "El archivo no contiene ningún elemento importable.",
    "retryAttempts": "Intentos de Reintento",
    "expectedResponseCodes": "Códigos de respuesta esperados",
    "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Habilitar protocolo proxy",
    "proxyProtocolInfo": "Conservar direcciones IP del cliente para backends TCP",
    "proxyProtocolVersion": "Versión del Protocolo Proxy",
-    "version1": " Versión 1 (Recomendado)",
+    "version1": "Versión 1 (Recomendada)",
    "version2": "Versión 2",
-    "versionDescription": "La versión 1 está basada en texto y es ampliamente soportada. La versión 2 es binaria y más eficiente pero menos compatible.",
+    "version1Description": "Basado en texto y ampliamente compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
+    "version2Description": "Binario y más eficiente, pero menos compatible. Asegúrate de que el transporte de servidores está agregado a la configuración dinámica.",
    "warning": "Advertencia",
    "proxyProtocolWarning": "La aplicación backend debe configurarse para aceptar conexiones Proxy Protocol. Si el backend no soporta Proxy Protocol, activarlo romperá todas las conexiones, así que sólo habilítelo si sabe lo que está haciendo. Asegúrese de configurar su backend para que confíe en las cabeceras del protocolo Proxy de Traefik.",
    "restarting": "Reiniciando...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Ingresar confirmación",
    "blueprintViewDetails": "Detalles",
    "defaultIdentityProvider": "Proveedor de identidad predeterminado",
-    "defaultIdentityProviderDescription": "Cuando se selecciona un proveedor de identidad por defecto, el usuario será redirigido automáticamente al proveedor de autenticación.",
+    "defaultIdentityProviderDescription": "El usuario será redirigido automáticamente a este proveedor de identidad para autenticación.",
    "editInternalResourceDialogNetworkSettings": "Configuración de red",
    "editInternalResourceDialogAccessPolicy": "Política de acceso",
    "editInternalResourceDialogAddRoles": "Agregar roles",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Tipo de modo de mantenimiento",
    "showMaintenancePage": "Mostrar página de mantenimiento a los visitantes",
    "enableMaintenanceMode": "Habilitar modo de mantenimiento",
+    "enableMaintenanceModeDescription": "Cuando esté habilitado, los visitantes verán una página de mantenimiento en lugar de tu recurso.",
    "automatic": "Automático",
    "automaticModeDescription": "Mostrar página de mantenimiento solo cuando todos los objetivos de backend están caídos o no saludables. Su recurso continúa funcionando normalmente siempre que al menos un objetivo esté saludable.",
    "forced": "Forzado",
@@ -3082,6 +3182,8 @@
    "warning:": "Advertencia:",
    "forcedeModeWarning": "Todo el tráfico será dirigido a la página de mantenimiento. Sus recursos de backend no recibirán solicitudes.",
    "pageTitle": "Título de la página",
+    "maintenancePageContentSubsection": "Contenido de la Página",
+    "maintenancePageContentSubsectionDescription": "Personaliza el contenido mostrado en la página de mantenimiento",
    "pageTitleDescription": "El encabezado principal visible en la página de mantenimiento",
    "maintenancePageMessage": "Mensaje de mantenimiento",
    "maintenancePageMessagePlaceholder": "¡Volveremos pronto! Nuestro sitio está actualmente en mantenimiento programado.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "¿Está seguro de que desea desasociar este proveedor de identidad de esta organización?",
    "idpUnassociateDescription": "Todos los usuarios asociados con este proveedor de identidad serán eliminados de esta organización, pero el proveedor de identidad continuará existiendo para otras organizaciones asociadas.",
    "idpUnassociateConfirm": "Confirme Desasociar Proveedor de Identidad",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "ELIMINAR Y QUITARME DE ORG",
+    "idpUnassociateAndRemoveMeFromOrg": "DESASOCIAR Y QUITARME DE ORG",
    "idpUnassociateWarning": "Esto no se puede deshacer para esta organización.",
    "idpUnassociatedDescription": "Proveedor de identidad desasociado de esta organización con éxito",
    "idpUnassociateMenu": "Desasociar",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Conectando…",
    "sshInitializing": "Inicializando…",
    "sshSignInTitle": "Iniciar sesión en SSH",
-    "sshSignInDescription": "Ingrese sus credenciales SSH",
+    "sshSignInDescription": "Ingresa tus credenciales SSH para conectar",
    "sshPasswordTab": "Contraseña",
    "sshPrivateKeyTab": "Clave Privada",
    "sshPrivateKeyField": "Clave Privada",
    "sshPrivateKeyDisclaimer": "Su clave privada no se almacena ni es visible para Pangolin. Alternativamente, puede usar certificados de corta duración para una autenticación sin interrupciones usando su identidad Pangolin existente.",
    "sshLearnMore": "Más información",
    "sshPrivateKeyFile": "Archivo de clave privada",
-    "sshAuthenticate": "Autenticarse",
+    "sshAuthenticate": "Conectar",
    "sshTerminate": "Terminar",
    "sshPoweredBy": "Desarrollado por",
    "sshErrorNoTarget": "No se especificó el objetivo",
    "sshErrorWebSocket": "Conexión WebSocket fallida",
    "sshErrorAuthFailed": "Falló la autenticación",
-    "sshErrorConnectionClosed": "La conexión se cerró antes de completar la autenticación"
+    "sshErrorConnectionClosed": "La conexión se cerró antes de completar la autenticación",
+    "sitePangolinSshDescription": "Permitir acceso SSH a los recursos en este sitio. Esto se puede cambiar más tarde.",
+    "browserGatewayNoResourceForDomain": "No se encontró un recurso para este dominio",
+    "browserGatewayNoTarget": "Sin destino",
+    "browserGatewayConnect": "Conectar",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Error al firmar la clave SSH para autenticación PAM push. ¿Te has iniciado sesión como usuario?",
+    "sshTerminalError": "Error: {error}",
+    "sshConnectionClosedCode": "Conexión cerrada (código {code})",
+    "sshPrivateKeyPlaceholder": "-----COMIENZO DE LA CLAVE PRIVADA OPENSSH-----",
+    "sshPrivateKeyRequired": "Se requiere clave privada",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Introduce tu contraseña VNC para conectar",
+    "vncPasswordOptional": "Contraseña (opcional)",
+    "vncNoResourceTarget": "No hay objetivo de recurso disponible",
+    "vncFailedToLoadNovnc": "Error al cargar noVNC",
+    "vncAuthFailedStatus": "Estado {status}",
+    "vncPasteClipboard": "Pegar portapapeles",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Iniciar sesión en el Escritorio Remoto",
+    "rdpSignInDescription": "Introduce las credenciales de Windows para conectar",
+    "rdpLoadingModule": "Cargando módulo...",
+    "rdpFailedToLoadModule": "Error al cargar el módulo RDP",
+    "rdpNotReady": "No está listo",
+    "rdpModuleInitializing": "El módulo RDP aún se está iniciando",
+    "rdpDownloadingFiles": "Descargando {count} archivo(s) del remoto…",
+    "rdpDownloadFailed": "Error al descargar: {fileName}",
+    "rdpUploaded": "Subido: {fileName}",
+    "rdpNoConnectionTarget": "No hay objetivo de conexión disponible",
+    "rdpConnectionFailed": "Conexión fallida",
+    "rdpFit": "Ajustar",
+    "rdpFull": "Completo",
+    "rdpReal": "Real",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Subir archivos",
+    "rdpFilesReadyToPaste": "Archivos listos para pegar",
+    "rdpFilesReadyToPasteDescription": "{count, plural, one {# archivo copiado al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.} other {# archivos copiados al portapapeles remoto — pulsa Ctrl+V en el escritorio remoto para pegar.}}",
+    "rdpUploadFailed": "Error de subida",
+    "rdpUnicodeKeyboardMode": "Modo teclado Unicode",
+    "sessionToolbarShow": "Mostrar barra de herramientas",
+    "sessionToolbarHide": "Ocultar barra de herramientas"
 }
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Voir les ressources privées",
    "siteInstallNewt": "Installer Newt",
    "siteInstallNewtDescription": "Faites fonctionner Newt sur votre système",
+    "siteInstallKubernetesDocsDescription": "Pour plus d'informations à jour sur l'installation de Kubernetes, consultez <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Pour les instructions d'installation du modem Advantech, voir <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuration WireGuard",
    "WgConfigurationDescription": "Utilisez la configuration suivante pour vous connecter au réseau",
    "operatingSystem": "Système d'exploitation",
@@ -156,8 +158,8 @@
    "shareErrorDeleteMessage": "Une erreur s'est produite lors de la suppression du lien",
    "shareDeleted": "Lien supprimé",
    "shareDeletedDescription": "Le lien a été supprimé",
-    "shareDelete": "Supprimer le lien de partage",
-    "shareDeleteConfirm": "Confirmer la suppression du lien de partage",
+    "shareDelete": "Supprimer le lien partageable",
+    "shareDeleteConfirm": "Confirmer la suppression du lien partageable",
    "shareQuestionRemove": "Êtes-vous sûr de vouloir supprimer ce lien de partage ?",
    "shareMessageRemove": "Une fois supprimé, le lien ne fonctionnera plus et toute personne l'utilisant perdra l'accès à la ressource.",
    "shareTokenDescription": "Le jeton d'accès peut être passé de deux façons : en tant que paramètre de requête ou dans les en-têtes de la requête. Elles doivent être transmises par le client à chaque demande d'accès authentifié.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "N'importe qui avec ce lien peut accéder à la ressource",
    "shareTitleOptional": "Titre (facultatif)",
    "sharePathOptional": "Chemin (optionnel)",
+    "sharePathDescription": "Le lien redirigera les utilisateurs vers ce chemin après l'authentification.",
    "expireIn": "Expire dans",
    "neverExpire": "N'expire jamais",
    "shareExpireDescription": "Le délai d'expiration correspond à la période pendant laquelle le lien sera utilisable et permettra d'accéder à la ressource. Passé ce délai, le lien ne fonctionnera plus et les utilisateurs qui l'ont utilisé perdront l'accès à la ressource.",
@@ -201,7 +204,7 @@
    "proxyResourceTitle": "Gérer les ressources publiques",
    "proxyResourceDescription": "Créer et gérer des ressources accessibles au public via un navigateur web",
    "publicResourcesBannerTitle": "Accès public basé sur le Web",
-    "publicResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS ou TCP/UDP accessibles par tout le monde sur Internet via un navigateur Web. Contrairement aux ressources privées, elles n'exigent pas de logiciel côté client et peuvent inclure des politiques d'accès basées sur l'identité et le contexte.",
+    "publicResourcesBannerDescription": "Les ressources publiques sont des proxys HTTPS accessibles à quiconque sur Internet via un navigateur Web. Contrairement aux ressources privées, elles ne nécessitent pas de logiciel côté client et peuvent inclure des politiques d'accès fondées sur l'identité et le contexte.",
    "clientResourceTitle": "Gérer les ressources privées",
    "clientResourceDescription": "Créer et gérer des ressources qui ne sont accessibles que via un client connecté",
    "privateResourcesBannerTitle": "Accès privé sans confiance",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Chercher des ressources...",
    "resourceAdd": "Ajouter une ressource",
    "resourceErrorDelte": "Erreur lors de la de suppression de la ressource",
-    "resourcePoliciesTitle": "Gérer les politiques de ressource",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Ressources attachées",
+    "resourcePoliciesBannerTitle": "Réutiliser les règles d'authentification et d'accès",
+    "resourcePoliciesBannerDescription": "Les politiques de ressources partagées vous permettent de définir des méthodes d'authentification et des règles d'accès une fois, puis de les attacher à plusieurs ressources publiques. Lorsque vous mettez à jour une politique, chaque ressource liée hérite automatiquement des changements.",
+    "resourcePoliciesBannerButtonText": "En Savoir Plus",
+    "resourcePoliciesTitle": "Gérer les politiques de ressources publiques",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ressources",
    "resourcePoliciesAttachedResources": "{count} ressource(s)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressource} other {# ressources}}",
    "resourcePoliciesAttachedResourcesEmpty": "pas de ressources",
-    "resourcePoliciesDescription": "Créer et gérer des politiques d'authentification pour contrôler l'accès à vos ressources",
+    "resourcePoliciesDescription": "Créez et gérer les politiques d'authentification pour contrôler l'accès à vos ressources publiques",
    "resourcePoliciesSearch": "Chercher des politiques...",
    "resourcePoliciesAdd": "Ajouter une politique",
    "resourcePoliciesDefaultBadgeText": "Politique par défaut",
-    "resourcePoliciesCreate": "Créer une politique de ressource",
+    "resourcePoliciesCreate": "Créer une politique de ressource publique",
    "resourcePoliciesCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle politique",
    "resourcePolicyName": "Nom de la politique",
    "resourcePolicyNameDescription": "Donnez à cette politique un nom pour l'identifier parmi vos ressources",
@@ -274,7 +281,7 @@
    "back": "Précédent",
    "cancel": "Abandonner",
    "resourceConfig": "Snippets de configuration",
-    "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP",
+    "resourceConfigDescription": "Copiez et collez ces extraits de configuration pour configurer la ressource TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Ajouter des points d'entrée",
    "resourceExposePorts": "Gerbil: Exposer des ports dans Docker Compose",
    "resourceLearnRaw": "Apprenez à configurer les ressources TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Supprimer Étiquette",
    "labelAdd": "Ajouter Étiquette",
    "labelCreateSuccessMessage": "Étiquette créée avec succès",
+    "labelDuplicateError": "Étiquette en double",
+    "labelDuplicateErrorDescription": "Une étiquette avec ce nom existe déjà.",
    "labelEditSuccessMessage": "Étiquette modifiée avec succès",
    "labelNameField": "Nom de l'étiquette",
    "labelColorField": "Couleur de l'étiquette",
@@ -311,7 +320,7 @@
    "rules": "Règles",
    "resourceSettingDescription": "Configurer les paramètres de la ressource",
    "resourceSetting": "Réglages de {resourceName}",
-    "resourcePolicySettingDescription": "Configurer les paramètres de la politique de ressource",
+    "resourcePolicySettingDescription": "Configurez les paramètres de cette politique de ressource publique",
    "resourcePolicySetting": "Paramètres de {policyName}",
    "alwaysAllow": "Outrepasser l'authentification",
    "alwaysDeny": "Bloquer l'accès",
@@ -719,7 +728,7 @@
    "targetSubmit": "Ajouter une cible",
    "targetNoOne": "Cette ressource n'a aucune cible. Ajoutez une cible pour configurer où envoyer des requêtes à l'arrière-plan.",
    "targetNoOneDescription": "L'ajout de plus d'une cible ci-dessus activera l'équilibrage de charge.",
-    "targetsSubmit": "Enregistrer les cibles",
+    "targetsSubmit": "Enregistrer les paramètres",
    "addTarget": "Ajouter une cible",
    "proxyMultiSiteRoundRobinNodeHelp": "Le routage en tourniquet n'opérera pas entre des sites qui ne sont pas connectés au même nœud, mais le basculement fonctionnera.",
    "targetErrorInvalidIp": "Adresse IP invalide",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Règle en double",
    "rulesErrorDuplicateDescription": "Une règle avec ces paramètres existe déjà",
    "rulesErrorInvalidIpAddressRange": "CIDR invalide",
-    "rulesErrorInvalidIpAddressRangeDescription": "Veuillez entrer une valeur CIDR valide",
-    "rulesErrorInvalidUrl": "Chemin URL invalide",
-    "rulesErrorInvalidUrlDescription": "Veuillez entrer un chemin URL valide",
-    "rulesErrorInvalidIpAddress": "IP invalide",
-    "rulesErrorInvalidIpAddressDescription": "Veuillez entrer une adresse IP valide",
+    "rulesErrorInvalidIpAddressRangeDescription": "Entrez une plage CIDR valide (par ex., 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Chemin non valide",
+    "rulesErrorInvalidUrlDescription": "Entrez un chemin URL valide ou un modèle (par exemple, /api/*).",
+    "rulesErrorInvalidIpAddress": "Adresse IP invalide",
+    "rulesErrorInvalidIpAddressDescription": "Entrez une adresse IPv4 ou IPv6 valide.",
    "rulesErrorUpdate": "Échec de la mise à jour des règles",
    "rulesErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour des règles",
    "rulesUpdated": "Activer les règles",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Entrez une adresse IP (ex: 103.21.244.12)",
    "rulesMatchUrl": "Entrez un chemin URL ou un motif (ex: /api/v1/todos ou /api/v1/*)",
    "rulesErrorInvalidPriority": "Priorité invalide",
-    "rulesErrorInvalidPriorityDescription": "Veuillez entrer une priorité valide",
+    "rulesErrorInvalidPriorityDescription": "Entrez un nombre entier de 1 ou plus.",
    "rulesErrorDuplicatePriority": "Priorités en double",
-    "rulesErrorDuplicatePriorityDescription": "Veuillez entrer des priorités uniques",
+    "rulesErrorDuplicatePriorityDescription": "Chaque règle doit avoir un numéro de priorité unique.",
+    "rulesErrorValidation": "Règles invalides",
+    "rulesErrorValidationRuleDescription": "Règle {ruleNumber} : {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Sélectionnez un type de correspondance valide (chemin, IP, CIDR, pays, région ou ASN).",
+    "rulesErrorValueRequired": "Entrez une valeur pour cette règle.",
+    "rulesErrorInvalidCountry": "Pays invalide",
+    "rulesErrorInvalidCountryDescription": "Sélectionnez un pays valide.",
+    "rulesErrorInvalidAsn": "ASN invalide",
+    "rulesErrorInvalidAsnDescription": "Entrez un ASN valide (par exemple, AS15169).",
    "ruleUpdated": "Règles mises à jour",
    "ruleUpdatedDescription": "Règles mises à jour avec succès",
    "ruleErrorUpdate": "L'opération a échoué",
    "ruleErrorUpdateDescription": "Une erreur s'est produite lors de l'enregistrement",
    "rulesPriority": "Priorité",
+    "rulesReorderDragHandle": "Faites glisser pour réorganiser la priorité des règles",
    "rulesAction": "Action",
    "rulesMatchType": "Type de correspondance",
    "value": "Valeur",
@@ -792,7 +810,7 @@
    "rulesResource": "Configuration des règles de ressource",
    "rulesResourceDescription": "Configurer les règles pour contrôler l'accès à la ressource",
    "ruleSubmit": "Ajouter une règle",
-    "rulesNoOne": "Aucune règle. Ajoutez une règle en utilisant le formulaire.",
+    "rulesNoOne": "Aucune règle pour le moment.",
    "rulesOrder": "Les règles sont évaluées par priorité dans l'ordre croissant.",
    "rulesSubmit": "Enregistrer les règles",
    "policyErrorCreate": "Erreur lors de la création de la politique",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Une erreur inattendue s'est produite",
    "policyCreatedSuccess": "Politique de ressource créée avec succès",
    "policyUpdatedSuccess": "Politique de ressource mise à jour avec succès",
-    "authMethodsSave": "Enregistrer les méthodes d'authentification",
+    "authMethodsSave": "Enregistrer les paramètres",
+    "policyAuthStackTitle": "Authentification",
+    "policyAuthStackDescription": "Contrôlez quelles méthodes d'authentification sont nécessaires pour accéder à cette ressource",
+    "policyAuthOrLogicTitle": "Plusieurs méthodes d'authentification actives",
+    "policyAuthOrLogicBanner": "Les visiteurs peuvent s'authentifier en utilisant l'une des méthodes actives ci-dessous. Ils n'ont pas besoin de toutes les compléter.",
+    "policyAuthMethodActive": "Actif",
+    "policyAuthMethodOff": "Éteint",
+    "policyAuthSsoTitle": "SSO de la plateforme",
+    "policyAuthSsoDescription": "Exigez une connexion via le fournisseur d'identité de votre organisation",
+    "policyAuthSsoSummary": "{idp} · {users} utilisateurs, {roles} rôles",
+    "policyAuthSsoDefaultIdp": "Fournisseur par défaut",
+    "policyAuthAddDefaultIdentityProvider": "Ajouter un fournisseur d'identité par défaut",
+    "policyAuthOtherMethodsTitle": "Autres méthodes",
+    "policyAuthOtherMethodsDescription": "Des méthodes facultatives que les visiteurs peuvent utiliser à la place de ou en parallèle avec la SSO de la plateforme",
+    "policyAuthPasscodeTitle": "Code confidentiel",
+    "policyAuthPasscodeDescription": "Exiger un code confidentiel alphanumérique partagé pour accéder à la ressource",
+    "policyAuthPasscodeSummary": "Code confidentiel établi",
+    "policyAuthPincodeTitle": "Code PIN",
+    "policyAuthPincodeDescription": "Un code numérique court requis pour accéder à la ressource",
+    "policyAuthPincodeSummary": "Code PIN à 6 chiffres établi",
+    "policyAuthEmailTitle": "Liste blanche des e-mails",
+    "policyAuthEmailDescription": "Autorisez les adresses e-mail listées avec des mots de passe à usage unique",
+    "policyAuthEmailSummary": "{count} adresses autorisées",
+    "policyAuthEmailOtpCallout": "Activer la liste blanche des e-mails envoie un mot de passe à usage unique à l'e-mail du visiteur lors de la connexion.",
+    "policyAuthHeaderAuthTitle": "Authentification de l'en-tête de base",
+    "policyAuthHeaderAuthDescription": "Validez un nom et une valeur d'en-tête HTTP personnalisé à chaque requête",
+    "policyAuthHeaderAuthSummary": "En-tête configuré",
+    "policyAuthHeaderName": "Nom de l'en-tête",
+    "policyAuthHeaderValue": "Valeur attendue",
+    "policyAuthSetPasscode": "Définir le code confidentiel",
+    "policyAuthSetPincode": "Définir le code PIN",
+    "policyAuthSetEmailWhitelist": "Définir la liste blanche des e-mails",
+    "policyAuthSetHeaderAuth": "Configurer l'authentification des en-têtes de base",
+    "policyAccessRulesTitle": "Règles d'accès",
+    "policyAccessRulesEnableDescription": "Lorsqu'elles sont activées, les règles sont évaluées dans l'ordre décroissant jusqu'à ce que l'une soit évaluée comme vraie.",
+    "policyAccessRulesFirstMatch": "Les règles sont évaluées de haut en bas. La première règle correspondante décide du résultat.",
+    "policyAccessRulesHowItWorks": "Les règles correspondent aux demandes par chemin, adresse IP, emplacement, ou d'autres critères. Chaque règle applique une action : contourner l'authentification, bloquer l'accès, ou passer à l'authentification. Si aucune règle ne correspond, le trafic continue jusqu'à l'authentification.",
+    "policyAccessRulesFallthroughOff": "Lorsque les règles sont désactivées, tout le trafic passe par l'authentification.",
+    "policyAccessRulesFallthroughOn": "Lorsqu'aucune règle ne correspond, le trafic passe par l'authentification.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Enregistrer les règles",
    "resourceErrorCreate": "Erreur lors de la création de la ressource",
    "resourceErrorCreateDescription": "Une erreur s'est produite lors de la création de la ressource",
@@ -826,7 +885,7 @@
    "accessControl": "Contrôle d'accès",
    "shareLink": "Lien de partage {resource}",
    "resourceSelect": "Sélectionner une ressource",
-    "shareLinks": "Liens de partage",
+    "shareLinks": "Liens partageables",
    "share": "Liens partageables",
    "shareDescription2": "Créez des liens partageables vers des ressources. Les liens fournissent un accès temporaire ou illimité à votre ressource. Vous pouvez configurer la durée d'expiration du lien lorsque vous en créez un.",
    "shareEasyCreate": "Facile à créer et à partager",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Les administrateurs peuvent toujours accéder à cette ressource.",
    "resourcePolicySelectTitle": "Politique d'accès à la ressource",
    "resourcePolicySelectDescription": "Sélectionner le type de politique de ressource pour l'authentification",
+    "resourcePolicyTypeLabel": "Type de politique",
+    "resourcePolicyLabel": "Politique de ressource",
    "resourcePolicyInline": "Politique de ressource en ligne",
    "resourcePolicyInlineDescription": "Politique d'accès limitée uniquement à cette ressource",
    "resourcePolicyShared": "Politique de ressource partagée",
-    "resourcePolicySharedDescription": "Cette ressource utilise une politique partagée. Les paramètres de niveau politique (méthodes d'authentification, liste blanche email) sont verrouillés. Vous pouvez ajouter des règles spécifiques à la ressource, rôles et utilisateurs ci-dessous.",
+    "resourcePolicySharedDescription": "Cette ressource utilise une politique partagée.",
+    "sharedPolicy": "Politique partagée",
+    "sharedPolicyNoneDescription": "Cette ressource a sa propre politique.",
+    "resourceSharedPolicyOwnDescription": "Cette ressource a ses propres contrôles de règles d'authentification et d'accès.",
+    "resourceSharedPolicyInheritedDescription": "Cette ressource hérite de <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Cette ressource utilise une politique partagée. Certains paramètres d'authentification peuvent être modifiés sur cette ressource pour ajouter à la politique. Pour changer la politique sous-jacente, vous devez éditer à <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Cette ressource utilise une politique partagée. Certaines règles d'accès peuvent être modifiées sur cette ressource. Pour changer la politique sous-jacente, vous devez éditer <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Contrôles d'accès",
    "resourceUsersRolesDescription": "Configurer quels utilisateurs et rôles peuvent visiter cette ressource",
    "resourceUsersRolesSubmit": "Enregistrer les contrôles d'accès",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Visibilité",
    "resourceVisibilityTitleDescription": "Activer ou désactiver complètement la visibilité de la ressource",
    "resourceGeneral": "Paramètres généraux",
-    "resourceGeneralDescription": "Configurer les paramètres généraux de cette ressource",
+    "resourceGeneralDescription": "Configurer le nom, l'adresse et la politique d'accès pour cette ressource.",
+    "resourceGeneralDetailsSubsection": "Détails de la ressource",
+    "resourceGeneralDetailsSubsectionDescription": "Définir le nom d'affichage, l'identifiant et le domaine accessible publiquement pour cette ressource.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Définir le nom d'affichage, l'identifiant et le port public pour cette ressource.",
+    "resourceGeneralPublicAddressSubsection": "Adresse publique",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configurez comment les utilisateurs accèdent à cette ressource.",
+    "resourceGeneralAuthenticationAccessSubsection": "Authentification & Accès",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Choisissez si cette ressource utilise sa propre politique ou hérite d'une politique partagée.",
    "resourceEnable": "Activer la ressource",
    "resourceTransfer": "Transférer la ressource",
    "resourceTransferDescription": "Transférer cette ressource vers un autre site",
@@ -1220,11 +1294,14 @@
    "addLabels": "Ajouter des étiquettes",
    "siteLabelsTab": "Étiquettes",
    "siteLabelsDescription": "Gérer les étiquettes associées à ce site.",
-    "labelsNotFound": "Étiquettes introuvables",
+    "labelsNotFound": "Aucune étiquette trouvée.",
+    "labelsEmptyCreateHint": "Commencez à taper ci-dessus pour créer une étiquette.",
    "labelSearch": "Chercher des étiquettes",
+    "labelSearchOrCreate": "Recherchez ou créez une étiquette",
    "accessLabelFilterCount": "{count, plural, one {# étiquette} other {# étiquettes}}",
    "labelOverflowCount": "+{count, plural, one {# étiquette} other {# étiquettes}}",
    "accessLabelFilterClear": "Effacer les filtres d'étiquette",
+    "accessFilterClear": "Effacer les filtres",
    "selectColor": "Sélectionner la couleur",
    "createNewLabel": "Créer une nouvelle étiquette d'organisation \"{label}\"",
    "inviteInvalidDescription": "Le lien d'invitation n'est pas valide.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Ressource",
    "sidebarProxyResources": "Publique",
    "sidebarClientResources": "Privé",
-    "sidebarPolicies": "Politiques",
-    "sidebarResourcePolicies": "Ressources",
+    "sidebarPolicies": "Politiques partagées",
+    "sidebarResourcePolicies": "Ressources publiques",
    "sidebarAccessControl": "Contrôle d'accès",
    "sidebarLogsAndAnalytics": "Journaux & Analytiques",
    "sidebarTeam": "Equipe",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Administrateur",
    "sidebarInvitations": "Invitations",
    "sidebarRoles": "Rôles",
-    "sidebarShareableLinks": "Liens",
+    "sidebarShareableLinks": "Liens partageables",
    "sidebarApiKeys": "Clés API",
    "sidebarProvisioning": "Mise en place",
    "sidebarSettings": "Réglages",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressource {id}",
    "blueprints": "Configs",
    "blueprintsLog": "Journal des plans",
-    "blueprintsDescription": "Voir les applications passées des plans et leurs résultats",
+    "blueprintsDescription": "Consultez les applications et leurs résultats de planches à dessin passées ou appliquez une nouvelle planche à dessin",
    "blueprintAdd": "Ajouter une Config",
    "blueprintGoBack": "Voir toutes les Configs",
    "blueprintCreate": "Créer une Config",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Activer la Config Docker",
    "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin du socket doit être fourni au connecteur du site. Lisez plus à ce sujet dans <docsLink>la documentation</docsLink>.",
    "newtAutoUpdate": "Activer la mise à jour automatique du site",
-    "newtAutoUpdateDescription": "Lorsqu'il est activé, les connecteurs de site se mettront automatiquement à jour vers la dernière version lorsqu'une nouvelle version sera disponible.",
+    "newtAutoUpdateDescription": "Lorsqu'il est activé, les connecteurs de site téléchargeront automatiquement la dernière version et redémarreront eux-mêmes. Cela peut être contourné sur une base par site.",
    "siteAutoUpdate": "Mise à jour automatique du site",
    "siteAutoUpdateLabel": "Activer la mise à jour automatique",
-    "siteAutoUpdateDescription": "Contrôler si le connecteur de ce site télécharge automatiquement la dernière version.",
+    "siteAutoUpdateDescription": "Lorsqu'il est activé, le connecteur de ce site téléchargera automatiquement la dernière version et se redémarrera.",
    "siteAutoUpdateOrgDefault": "Valeur par défaut de l'organisation : {state}",
    "siteAutoUpdateOverriding": "Substitution des paramètres de l'organisation",
    "siteAutoUpdateResetToOrg": "Réinitialiser à la valeur par défaut de l'organisation",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Configuration du compte terminée! Bienvenue chez Pangolin !",
    "documentation": "Documentation",
    "saveAllSettings": "Enregistrer tous les paramètres",
-    "saveResourceTargets": "Enregistrer les cibles",
-    "saveResourceHttp": "Enregistrer les paramètres de proxy",
-    "saveProxyProtocol": "Enregistrer les paramètres du protocole proxy",
+    "saveResourceTargets": "Enregistrer les paramètres",
+    "saveResourceHttp": "Enregistrer les paramètres",
+    "saveProxyProtocol": "Enregistrer les paramètres",
    "settingsUpdated": "Paramètres mis à jour",
    "settingsUpdatedDescription": "Paramètres mis à jour avec succès",
    "settingsErrorUpdate": "Échec de la mise à jour des paramètres",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Inconnu",
    "healthCheck": "Vérification de l'état de santé",
    "configureHealthCheck": "Configurer la vérification de l'état de santé",
-    "configureHealthCheckDescription": "Configurer la surveillance de la santé pour {target}",
+    "configureHealthCheckDescription": "Configurez la surveillance de votre ressource pour vous assurer qu'elle est toujours disponible",
    "enableHealthChecks": "Activer les vérifications de santé",
    "healthCheckDisabledStateDescription": "Lorsqu'il est désactivé, le site ne procédera pas aux vérifications de santé et l'état sera considéré comme inconnu.",
    "enableHealthChecksDescription": "Surveiller la vie de cette cible. Vous pouvez surveiller un point de terminaison différent de la cible si nécessaire.",
    "healthScheme": "Méthode",
    "healthSelectScheme": "Sélectionnez la méthode",
-    "healthCheckPortInvalid": "Le port du bilan de santé doit être compris entre 1 et 65535",
+    "healthCheckPortInvalid": "Le port doit être compris entre 1 et 65535",
    "healthCheckPath": "Chemin d'accès",
    "healthHostname": "IP / Hôte",
    "healthPort": "Port",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Exiger les autorisations de l'appareil",
    "requireDeviceApprovalDescription": "Les utilisateurs ayant ce rôle ont besoin de nouveaux périphériques approuvés par un administrateur avant de pouvoir se connecter et accéder aux ressources.",
    "sshSettings": "Paramètres SSH",
+    "sshAccess": "Accès SSH",
    "rdpSettings": "Paramètres RDP",
    "vncSettings": "Paramètres VNC",
    "sshServer": "Serveur SSH",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Assurez-vous que votre hôte cible est correctement configuré pour exécuter le daemon auth avant de terminer cette configuration, ou l'approvisionnement échouera.",
    "sshDaemonPort": "Port du Démon",
    "sshServerDestination": "Destination du Serveur",
-    "sshServerDestinationDescription": "Configurer la destination et le port du serveur SSH",
+    "sshServerDestinationDescription": "Configurez la destination du serveur SSH",
    "destination": "Destination",
+    "destinationRequired": "La destination est requise.",
+    "domainRequired": "Le domaine est requis.",
+    "proxyPortRequired": "Le port est requis.",
+    "invalidPathConfiguration": "Configuration de chemin invalide.",
+    "invalidRewritePathConfiguration": "Configuration de réécriture de chemin invalide.",
    "bgTargetMultiSiteDisclaimer": "La sélection de plusieurs sites permet un routage résilient et une bascule pour une haute disponibilité.",
    "roleAllowSsh": "Autoriser SSH",
    "roleAllowSshAllow": "Autoriser",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.",
    "sshSudo": "Autoriser sudo",
    "sshSudoCommands": "Commandes Sudo",
-    "sshSudoCommandsDescription": "Liste de commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo. Des chemins absolus doivent être utilisés.",
+    "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo, séparées par des virgules, des espaces ou des nouvelles lignes. Les chemins absolus doivent être utilisés.",
    "sshCreateHomeDir": "Créer un répertoire personnel",
    "sshUnixGroups": "Groupes Unix",
-    "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.",
+    "sshUnixGroupsDescription": "Groupes Unix auxquels ajouter l'utilisateur sur l'hôte cible, séparés par des virgules, des espaces, ou des nouvelles lignes.",
+    "roleTextFieldPlaceholder": "Entrez des valeurs, ou déposez un fichier .txt ou .csv",
+    "roleTextImportTitle": "Importer depuis un fichier",
+    "roleTextImportDescription": "Importation de {fileName} dans {fieldLabel}.",
+    "roleTextImportSkipHeader": "Ignorer la première ligne (en-tête)",
+    "roleTextImportOverride": "Remplacer l'existant",
+    "roleTextImportAppend": "Ajouter à l'existant",
+    "roleTextImportMode": "Mode d'importation",
+    "roleTextImportPreview": "Aperçu",
+    "roleTextImportItemCount": "{count, plural, =0 {Aucun élément à importer} one {1 élément à importer} other {# éléments à importer}}",
+    "roleTextImportTotalCount": "{existing} existant + {imported} importé = {total} total",
+    "roleTextImportConfirm": "Importer",
+    "roleTextImportInvalidFile": "Type de fichier non pris en charge",
+    "roleTextImportInvalidFileDescription": "Seuls les fichiers .txt et .csv sont pris en charge.",
+    "roleTextImportEmpty": "Aucun élément trouvé dans le fichier",
+    "roleTextImportEmptyDescription": "Le fichier ne contient aucun élément importable.",
    "retryAttempts": "Tentatives de réessai",
    "expectedResponseCodes": "Codes de réponse attendus",
    "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Activer le protocole Proxy",
    "proxyProtocolInfo": "Conserver les adresses IP du client pour les backends TCP",
    "proxyProtocolVersion": "Version du protocole proxy",
-    "version1": " Version 1 (Recommandé)",
+    "version1": "Version 1 (Recommandée)",
    "version2": "Version 2",
-    "versionDescription": "La version 1 est basée sur du texte et est largement supportée. La version 2 est binaire et plus efficace mais moins compatible.",
+    "version1Description": "Basé sur texte et largement pris en charge. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
+    "version2Description": "Binaire et plus efficace mais moins compatible. Assurez-vous que le transport des serveurs est ajouté à la configuration dynamique.",
    "warning": "Avertissement",
    "proxyProtocolWarning": "L'application backend doit être configurée pour accepter les connexions Proxy Protocol. Si votre backend ne prend pas en charge le protocole Proxy, l'activation de cette option va perturber toutes les connexions, donc n'activez cette option que si vous savez ce que vous faites. Assurez-vous de configurer votre backend pour faire confiance aux en-têtes du protocole Proxy de Traefik.",
    "restarting": "Redémarrage...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Entrez la confirmation",
    "blueprintViewDetails": "Détails",
    "defaultIdentityProvider": "Fournisseur d'identité par défaut",
-    "defaultIdentityProviderDescription": "Lorsqu'un fournisseur d'identité par défaut est sélectionné, l'utilisateur sera automatiquement redirigé vers le fournisseur pour authentification.",
+    "defaultIdentityProviderDescription": "L'utilisateur sera automatiquement redirigé vers ce fournisseur d'identité pour l'authentification.",
    "editInternalResourceDialogNetworkSettings": "Paramètres réseau",
    "editInternalResourceDialogAccessPolicy": "Politique d'accès",
    "editInternalResourceDialogAddRoles": "Ajouter des rôles",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Type de mode de maintenance",
    "showMaintenancePage": "Afficher une page de maintenance aux visiteurs",
    "enableMaintenanceMode": "Activer le mode de maintenance",
+    "enableMaintenanceModeDescription": "Lorsqu'il est activé, les visiteurs verront une page de maintenance au lieu de votre ressource.",
    "automatic": "Automatique",
    "automaticModeDescription": "Afficher la page de maintenance uniquement lorsque toutes les cibles backend sont en panne ou dégradées. Votre ressource continue à fonctionner normalement tant qu'au moins une cible est en bonne santé.",
    "forced": "Forcé",
@@ -3082,6 +3182,8 @@
    "warning:": "Attention :",
    "forcedeModeWarning": "Tout le trafic sera dirigé vers la page de maintenance. Vos ressources backend ne recevront aucune demande.",
    "pageTitle": "Titre de la page",
+    "maintenancePageContentSubsection": "Contenu de la page",
+    "maintenancePageContentSubsectionDescription": "Personnalisez le contenu affiché sur la page de maintenance",
    "pageTitleDescription": "Le titre principal affiché sur la page de maintenance",
    "maintenancePageMessage": "Message de maintenance",
    "maintenancePageMessagePlaceholder": "Nous serons bientôt de retour ! Notre site est actuellement en maintenance planifiée.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Êtes-vous sûr de vouloir dissocier ce fournisseur d'identités de cette organisation?",
    "idpUnassociateDescription": "Tous les utilisateurs associés à ce fournisseur d'identités seront retirés de cette organisation, mais le fournisseur d'identités continuera d'exister pour d'autres organisations associées.",
    "idpUnassociateConfirm": "Confirmer la dissociation du fournisseur d'identités",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "SUPPRIMER ET ME RETIRER DE L'ORG",
+    "idpUnassociateAndRemoveMeFromOrg": "DÉ-ASSOCIER ET ME RETIRER DE L'ORG",
    "idpUnassociateWarning": "Cela ne peut pas être annulé pour cette organisation.",
    "idpUnassociatedDescription": "Fournisseur d'identités dissocié de cette organisation avec succès",
    "idpUnassociateMenu": "Dissocier",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Connexion…",
    "sshInitializing": "Initialisation…",
    "sshSignInTitle": "Se connecter à SSH",
-    "sshSignInDescription": "Entrez vos identifiants SSH",
+    "sshSignInDescription": "Entrez vos identifiants SSH pour vous connecter",
    "sshPasswordTab": "Mot de passe",
    "sshPrivateKeyTab": "Clé Privée",
    "sshPrivateKeyField": "Clé Privée",
    "sshPrivateKeyDisclaimer": "Votre clé privée n'est pas stockée ou visible par Pangolin. Alternativement, vous pouvez utiliser des certificats de courte durée pour une authentification transparente utilisant votre identité Pangolin existante.",
    "sshLearnMore": "En savoir plus",
    "sshPrivateKeyFile": "Fichier de Clé Privée",
-    "sshAuthenticate": "Authentifier",
+    "sshAuthenticate": "Connecter",
    "sshTerminate": "Terminer",
    "sshPoweredBy": "Propulsé par",
    "sshErrorNoTarget": "Aucune cible spécifiée",
    "sshErrorWebSocket": "Échec de la connexion WebSocket",
    "sshErrorAuthFailed": "Échec de l'authentification",
-    "sshErrorConnectionClosed": "Connexion fermée avant que l'authentification soit terminée"
+    "sshErrorConnectionClosed": "Connexion fermée avant que l'authentification soit terminée",
+    "sitePangolinSshDescription": "Autoriser l'accès SSH aux ressources sur ce site. Cela peut être modifié plus tard.",
+    "browserGatewayNoResourceForDomain": "Aucune ressource trouvée pour ce domaine",
+    "browserGatewayNoTarget": "Aucune cible",
+    "browserGatewayConnect": "Connecter",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Suppr",
+    "sshErrorSignKeyFailed": "Échec de la signature de la clé SSH pour l'authentification Push PAM. Vous êtes-vous connecté en tant qu'utilisateur ?",
+    "sshTerminalError": "Erreur : {error}",
+    "sshConnectionClosedCode": "Connexion fermée (code {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "Une clé privée est requise",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Entrez votre mot de passe VNC pour vous connecter",
+    "vncPasswordOptional": "Mot de passe (facultatif)",
+    "vncNoResourceTarget": "Aucune cible de ressource disponible",
+    "vncFailedToLoadNovnc": "Échec du chargement de noVNC",
+    "vncAuthFailedStatus": "Statut {status}",
+    "vncPasteClipboard": "Coller le presse-papiers",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Se connecter au Bureau à distance",
+    "rdpSignInDescription": "Entrez vos identifiants Windows pour vous connecter",
+    "rdpLoadingModule": "Chargement du module...",
+    "rdpFailedToLoadModule": "Échec du chargement du module RDP",
+    "rdpNotReady": "Pas prêt",
+    "rdpModuleInitializing": "Le module RDP est encore en cours d'initialisation",
+    "rdpDownloadingFiles": "Téléchargement de {count} fichier(s) depuis le site distant…",
+    "rdpDownloadFailed": "Échec du téléchargement : {fileName}",
+    "rdpUploaded": "Téléchargé : {fileName}",
+    "rdpNoConnectionTarget": "Aucune cible de connexion disponible",
+    "rdpConnectionFailed": "Échec de la connexion",
+    "rdpFit": "Ajuster",
+    "rdpFull": "Plein",
+    "rdpReal": "Réel",
+    "rdpMeta": "Méta",
+    "rdpUploadFiles": "Télécharger des fichiers",
+    "rdpFilesReadyToPaste": "Fichiers prêts à coller",
+    "rdpFilesReadyToPasteDescription": "{count} fichier(s) copié(s) vers le presse-papier distant — appuyez sur Ctrl+V sur le bureau distant pour coller.",
+    "rdpUploadFailed": "Échec du téléchargement",
+    "rdpUnicodeKeyboardMode": "Mode clavier Unicode",
+    "sessionToolbarShow": "Afficher la barre d'outils",
+    "sessionToolbarHide": "Masquer la barre d'outils"
 }
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Visualizza Risorse Private",
    "siteInstallNewt": "Installa Newt",
    "siteInstallNewtDescription": "Esegui Newt sul tuo sistema",
+    "siteInstallKubernetesDocsDescription": "Per ulteriori informazioni aggiornate sull'installazione di Kubernetes, consulta <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Per le istruzioni sull'installazione del modem Advantech, consulta <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configurazione WireGuard",
    "WgConfigurationDescription": "Utilizzare la seguente configurazione per connettersi alla rete",
    "operatingSystem": "Sistema Operativo",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Potrai vederlo solo una volta. Assicurati di copiarlo in un luogo sicuro.",
    "siteInfo": "Informazioni Sito",
    "status": "Stato",
-    "shareTitle": "Gestisci Collegamenti Di Condivisione",
+    "shareTitle": "Gestisci Collegamenti Condivisibili",
    "shareDescription": "Crea link condivisibili per concedere accesso temporaneo o permanente alle risorse proxy",
-    "shareSearch": "Cerca link condivisi...",
-    "shareCreate": "Crea Link Di Condivisione",
+    "shareSearch": "Cerca collegamenti condivisibili...",
+    "shareCreate": "Crea Collegamento Condivisibile",
    "shareErrorDelete": "Impossibile eliminare il link",
    "shareErrorDeleteMessage": "Si è verificato un errore durante l'eliminazione del link",
    "shareDeleted": "Link eliminato",
    "shareDeletedDescription": "Il link è stato eliminato",
-    "shareDelete": "Elimina Link di Condivisione",
-    "shareDeleteConfirm": "Conferma Eliminazione Link di Condivisione",
+    "shareDelete": "Elimina Collegamento Condivisibile",
+    "shareDeleteConfirm": "Conferma Eliminazione Collegamento Condivisibile",
    "shareQuestionRemove": "Sei sicuro di voler eliminare questo link di condivisione?",
    "shareMessageRemove": "Una volta eliminato, il link non funzionerà più e chiunque lo utilizzi perderà l'accesso alla risorsa.",
    "shareTokenDescription": "Il token di accesso può essere passato in due modi: come parametro di interrogazione o nelle intestazioni della richiesta. Questi devono essere passati dal client su ogni richiesta di accesso autenticato.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Chiunque con questo link può accedere alla risorsa",
    "shareTitleOptional": "Titolo (facoltativo)",
    "sharePathOptional": "Percorso (opzionale)",
+    "sharePathDescription": "Il link reindirizzerà gli utenti a questo percorso dopo l'autenticazione.",
    "expireIn": "Scadenza In",
    "neverExpire": "Nessuna scadenza",
    "shareExpireDescription": "Il tempo di scadenza indica per quanto tempo il link sarà utilizzabile e fornirà accesso alla risorsa. Dopo questo tempo, il link non funzionerà più e gli utenti che hanno utilizzato questo link perderanno l'accesso alla risorsa.",
@@ -201,7 +204,7 @@
    "proxyResourceTitle": "Gestisci Risorse Pubbliche",
    "proxyResourceDescription": "Creare e gestire risorse pubbliche accessibili tramite un browser web",
    "publicResourcesBannerTitle": "Accesso Pubblico Basato sul Web",
-    "publicResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS o TCP/UDP accessibili da chiunque tramite Internet da un browser web. A differenza delle risorse private non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
+    "publicResourcesBannerDescription": "Le risorse pubbliche sono proxy HTTPS accessibili a chiunque su Internet tramite un browser web. A differenza delle risorse private, non richiedono software lato client e possono includere politiche di accesso basate su identità e contesto.",
    "clientResourceTitle": "Gestisci Risorse Private",
    "clientResourceDescription": "Crea e gestisci risorse accessibili solo tramite un client connesso",
    "privateResourcesBannerTitle": "Accesso Privato Zero-Trust",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Cerca risorse...",
    "resourceAdd": "Aggiungi Risorsa",
    "resourceErrorDelte": "Errore nell'eliminare la risorsa",
-    "resourcePoliciesTitle": "Gestisci Politiche sulle Risorse",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Risorse collegate",
+    "resourcePoliciesBannerTitle": "Riutilizza Regole di Autenticazione e Accesso",
+    "resourcePoliciesBannerDescription": "Le politiche di risorsa condivise ti permettono di definire metodi di autenticazione e regole di accesso una volta, poi di applicarle a più risorse pubbliche. Quando aggiorni una politica, ogni risorsa collegata eredita il cambiamento automaticamente.",
+    "resourcePoliciesBannerButtonText": "Scopri di più",
+    "resourcePoliciesTitle": "Gestisci Politiche delle Risorse Pubbliche",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Risorse",
    "resourcePoliciesAttachedResources": "{count} risorsa(e)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# risorsa} other {# risorse}}",
    "resourcePoliciesAttachedResourcesEmpty": "nessuna risorsa",
-    "resourcePoliciesDescription": "Crea e gestisci le politiche di autenticazione per controllare l'accesso alle tue risorse",
+    "resourcePoliciesDescription": "Crea e gestisci politiche d'autenticazione per controllare l'accesso alle tue risorse pubbliche",
    "resourcePoliciesSearch": "Cerca politiche...",
    "resourcePoliciesAdd": "Aggiungi Politica",
    "resourcePoliciesDefaultBadgeText": "Politica Predefinita",
-    "resourcePoliciesCreate": "Crea Politica Risorse",
+    "resourcePoliciesCreate": "Crea Politica Risorse Pubbliche",
    "resourcePoliciesCreateDescription": "Segui i passaggi seguenti per creare una nuova politica",
    "resourcePolicyName": "Nome Politica",
    "resourcePolicyNameDescription": "Dai un nome a questa politica per identificarla tra le tue risorse",
@@ -274,7 +281,7 @@
    "back": "Indietro",
    "cancel": "Annulla",
    "resourceConfig": "Snippet Di Configurazione",
-    "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP",
+    "resourceConfigDescription": "Copia e incolla questi snippet di configurazione per configurare la risorsa TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Aggiungi Entrypoint",
    "resourceExposePorts": "Gerbil: espone le porte in Docker Compose",
    "resourceLearnRaw": "Scopri come configurare le risorse TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Elimina Etichetta",
    "labelAdd": "Aggiungi Etichetta",
    "labelCreateSuccessMessage": "Etichetta Creata con Successo",
+    "labelDuplicateError": "Etichetta Duplicata",
+    "labelDuplicateErrorDescription": "Esiste già un'etichetta con questo nome.",
    "labelEditSuccessMessage": "Etichetta Modificata con Successo",
    "labelNameField": "Nome Etichetta",
    "labelColorField": "Colore Etichetta",
@@ -311,7 +320,7 @@
    "rules": "Regole",
    "resourceSettingDescription": "Configura le impostazioni sulla risorsa",
    "resourceSetting": "Impostazioni {resourceName}",
-    "resourcePolicySettingDescription": "Configura le impostazioni sulla politica delle risorse",
+    "resourcePolicySettingDescription": "Configura le impostazioni su questa politica di risorsa pubblica",
    "resourcePolicySetting": "Impostazioni del sito {policyName}",
    "alwaysAllow": "Bypass Autenticazione",
    "alwaysDeny": "Blocca Accesso",
@@ -719,7 +728,7 @@
    "targetSubmit": "Aggiungi Target",
    "targetNoOne": "Questa risorsa non ha destinazioni. Aggiungi un obiettivo per configurare dove inviare richieste al backend.",
    "targetNoOneDescription": "L'aggiunta di più di un target abiliterà il bilanciamento del carico.",
-    "targetsSubmit": "Salva Target",
+    "targetsSubmit": "Salva Impostazioni",
    "addTarget": "Aggiungi Target",
    "proxyMultiSiteRoundRobinNodeHelp": "Il routing round robin non funzionerà tra siti che non sono connessi allo stesso nodo, ma il failover funzionerà.",
    "targetErrorInvalidIp": "Indirizzo IP non valido",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Regola duplicata",
    "rulesErrorDuplicateDescription": "Esiste già una regola con queste impostazioni",
    "rulesErrorInvalidIpAddressRange": "CIDR non valido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un valore CIDR valido",
-    "rulesErrorInvalidUrl": "Percorso URL non valido",
-    "rulesErrorInvalidUrlDescription": "Inserisci un valore di percorso URL valido",
-    "rulesErrorInvalidIpAddress": "IP non valido",
-    "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IP valido",
+    "rulesErrorInvalidIpAddressRangeDescription": "Inserisci un intervallo CIDR valido (es., 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Percorso non valido",
+    "rulesErrorInvalidUrlDescription": "Inserisci un percorso URL valido o un pattern (es., /api/*).",
+    "rulesErrorInvalidIpAddress": "Indirizzo IP non valido",
+    "rulesErrorInvalidIpAddressDescription": "Inserisci un indirizzo IPv4 o IPv6 valido.",
    "rulesErrorUpdate": "Impossibile aggiornare le regole",
    "rulesErrorUpdateDescription": "Si è verificato un errore durante l'aggiornamento delle regole",
    "rulesUpdated": "Abilita Regole",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "Inserisci un indirizzo in formato CIDR (es. 103.21.244.0/22)",
    "rulesMatchIpAddress": "Inserisci un indirizzo IP (es. 103.21.244.12)",
    "rulesMatchUrl": "Inserisci un percorso URL o pattern (es. /api/v1/todos o /api/v1/*)",
-    "rulesErrorInvalidPriority": "Priorità Non Valida",
-    "rulesErrorInvalidPriorityDescription": "Inserisci una priorità valida",
-    "rulesErrorDuplicatePriority": "Priorità Duplicate",
-    "rulesErrorDuplicatePriorityDescription": "Inserisci priorità uniche",
+    "rulesErrorInvalidPriority": "Priorità non valida",
+    "rulesErrorInvalidPriorityDescription": "Inserisci un numero intero di 1 o superiore.",
+    "rulesErrorDuplicatePriority": "Priorità duplicate",
+    "rulesErrorDuplicatePriorityDescription": "Ogni regola deve avere un numero di priorità univoco.",
+    "rulesErrorValidation": "Regole non valide",
+    "rulesErrorValidationRuleDescription": "Regola {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Seleziona un tipo di corrispondenza valido (percorso, IP, CIDR, paese, regione o ASN).",
+    "rulesErrorValueRequired": "Inserisci un valore per questa regola.",
+    "rulesErrorInvalidCountry": "Nazione non valida",
+    "rulesErrorInvalidCountryDescription": "Seleziona un paese valido.",
+    "rulesErrorInvalidAsn": "ASN non valido",
+    "rulesErrorInvalidAsnDescription": "Inserisci un ASN valido (es., AS15169).",
    "ruleUpdated": "Regole aggiornate",
    "ruleUpdatedDescription": "Regole aggiornate con successo",
    "ruleErrorUpdate": "Operazione fallita",
    "ruleErrorUpdateDescription": "Si è verificato un errore durante il salvataggio",
    "rulesPriority": "Priorità",
+    "rulesReorderDragHandle": "Trascina per riorganizzare la priorità delle regole",
    "rulesAction": "Azione",
    "rulesMatchType": "Tipo di Corrispondenza",
    "value": "Valore",
@@ -792,7 +810,7 @@
    "rulesResource": "Configurazione Regole Risorsa",
    "rulesResourceDescription": "Configura le regole per controllare l'accesso alla risorsa",
    "ruleSubmit": "Aggiungi Regola",
-    "rulesNoOne": "Nessuna regola. Aggiungi una regola usando il modulo.",
+    "rulesNoOne": "Nessuna regola ancora.",
    "rulesOrder": "Le regole sono valutate per priorità in ordine crescente.",
    "rulesSubmit": "Salva Regole",
    "policyErrorCreate": "Errore nella creazione della politica",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Si è verificato un errore imprevisto",
    "policyCreatedSuccess": "Politica risorse creata con successo",
    "policyUpdatedSuccess": "Politica risorse aggiornata con successo",
-    "authMethodsSave": "Salva metodi di autenticazione",
+    "authMethodsSave": "Salva Impostazioni",
+    "policyAuthStackTitle": "Autenticazione",
+    "policyAuthStackDescription": "Controlla quali metodi di autenticazione sono richiesti per accedere a questa risorsa",
+    "policyAuthOrLogicTitle": "Più metodi di autenticazione attivi",
+    "policyAuthOrLogicBanner": "I visitatori possono autenticarsi utilizzando uno qualsiasi dei metodi attivi sottostanti. Non è necessario completarli tutti.",
+    "policyAuthMethodActive": "Attivo",
+    "policyAuthMethodOff": "Disattivo",
+    "policyAuthSsoTitle": "SSO della Piattaforma",
+    "policyAuthSsoDescription": "Richiedi l'accesso tramite il provider di identità della tua organizzazione",
+    "policyAuthSsoSummary": "{idp} · {users} utenti, {roles} ruoli",
+    "policyAuthSsoDefaultIdp": "Provider predefinito",
+    "policyAuthAddDefaultIdentityProvider": "Aggiungi Provider di Identità Predefinito",
+    "policyAuthOtherMethodsTitle": "Altri Metodi",
+    "policyAuthOtherMethodsDescription": "Metodi opzionali che i visitatori possono utilizzare al posto o insieme al SSO della piattaforma",
+    "policyAuthPasscodeTitle": "Codice di Accesso",
+    "policyAuthPasscodeDescription": "Richiedi un codice alfanumerico condiviso per accedere alla risorsa",
+    "policyAuthPasscodeSummary": "Codice di accesso impostato",
+    "policyAuthPincodeTitle": "Codice PIN",
+    "policyAuthPincodeDescription": "Un breve codice numerico richiesto per accedere alla risorsa",
+    "policyAuthPincodeSummary": "Codice PIN a 6 cifre impostato",
+    "policyAuthEmailTitle": "Lista Autorizzazioni Email",
+    "policyAuthEmailDescription": "Consenti indirizzi email elencati con password monouso",
+    "policyAuthEmailSummary": "{count} indirizzi consentiti",
+    "policyAuthEmailOtpCallout": "L'abilitazione dell'elenco email invia una password monouso all'email del visitatore durante il login.",
+    "policyAuthHeaderAuthTitle": "Autenticazione Header Base",
+    "policyAuthHeaderAuthDescription": "Convalida un nome e un valore di intestazione HTTP personalizzato su ogni richiesta",
+    "policyAuthHeaderAuthSummary": "Intestazione configurata",
+    "policyAuthHeaderName": "Nome dell'intestazione",
+    "policyAuthHeaderValue": "Valore atteso",
+    "policyAuthSetPasscode": "Imposta Codice di Accesso",
+    "policyAuthSetPincode": "Imposta Codice PIN",
+    "policyAuthSetEmailWhitelist": "Imposta Lista Autorizzazioni Email",
+    "policyAuthSetHeaderAuth": "Imposta Autenticazione Header Base",
+    "policyAccessRulesTitle": "Regole di Accesso",
+    "policyAccessRulesEnableDescription": "Quando abilitate, le regole vengono valutate in ordine discendente finché una non è vera.",
+    "policyAccessRulesFirstMatch": "Le regole sono valutate dall'alto verso il basso. La prima regola corrispondente decide il risultato.",
+    "policyAccessRulesHowItWorks": "Le regole corrispondono alle richieste per percorso, indirizzo IP, posizione o altri criteri. Ogni regola applica un'azione: bypassa l'autenticazione, blocca l'accesso o passa all'autenticazione. Se nessuna regola corrisponde, il traffico continua all'autenticazione.",
+    "policyAccessRulesFallthroughOff": "Quando le regole sono disabilitate, tutto il traffico passa all'autenticazione.",
+    "policyAccessRulesFallthroughOn": "Quando nessuna regola corrisponde, il traffico passa all'autenticazione.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Salva Regole",
    "resourceErrorCreate": "Errore nella creazione della risorsa",
    "resourceErrorCreateDescription": "Si è verificato un errore durante la creazione della risorsa",
@@ -826,7 +885,7 @@
    "accessControl": "Controllo Accessi",
    "shareLink": "Link di Condivisione {resource}",
    "resourceSelect": "Seleziona risorsa",
-    "shareLinks": "Link di Condivisione",
+    "shareLinks": "Collegamenti Condivisibili",
    "share": "Link Condivisibili",
    "shareDescription2": "Crea link condivisibili alle risorse. I link forniscono un accesso temporaneo o illimitato alla tua risorsa. È possibile configurare la durata di scadenza del collegamento quando ne viene creato uno.",
    "shareEasyCreate": "Facile da creare e condividere",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Gli amministratori possono sempre accedere a questa risorsa.",
    "resourcePolicySelectTitle": "Politica di Accesso Risorse",
    "resourcePolicySelectDescription": "Seleziona il tipo di politica delle risorse per l'autenticazione",
+    "resourcePolicyTypeLabel": "Tipo di politica",
+    "resourcePolicyLabel": "Politica delle risorse",
    "resourcePolicyInline": "Politica Inline delle Risorse",
    "resourcePolicyInlineDescription": "Politica di Accesso limitata solo a questa risorsa",
    "resourcePolicyShared": "Politica Condivisa delle Risorse",
-    "resourcePolicySharedDescription": "Questa risorsa utilizza una politica condivisa. Le impostazioni a livello di politica (metodi di autenticazione, email whitelist) sono bloccate. Puoi aggiungere regole, ruoli e utenti specifici per la risorsa di seguito.",
+    "resourcePolicySharedDescription": "Questa risorsa utilizza una politica condivisa.",
+    "sharedPolicy": "Politica Condivisa",
+    "sharedPolicyNoneDescription": "Questa risorsa ha la sua politica.",
+    "resourceSharedPolicyOwnDescription": "Questa risorsa ha il controllo delle proprie regole di autenticazione e accesso.",
+    "resourceSharedPolicyInheritedDescription": "Questa risorsa eredita da <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Questa risorsa utilizza una politica condivisa. Alcune impostazioni di autenticazione possono essere modificate su questa risorsa per aggiungerle alla politica. Per cambiare la politica sottostante, devi modificare <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Questa risorsa utilizza una politica condivisa. Alcune regole di accesso possono essere modificate su questa risorsa. Per cambiare la politica sottostante, devi modificare <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controlli di Accesso",
    "resourceUsersRolesDescription": "Configura quali utenti e ruoli possono visitare questa risorsa",
    "resourceUsersRolesSubmit": "Salva Controlli di Accesso",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Visibilità",
    "resourceVisibilityTitleDescription": "Abilita o disabilita completamente la visibilità della risorsa",
    "resourceGeneral": "Impostazioni Generali",
-    "resourceGeneralDescription": "Configura le impostazioni generali per questa risorsa",
+    "resourceGeneralDescription": "Configura nome, indirizzo e politica di accesso per questa risorsa.",
+    "resourceGeneralDetailsSubsection": "Dettagli Risorsa",
+    "resourceGeneralDetailsSubsectionDescription": "Imposta il nome visualizzato, l'identificatore e il dominio pubblicamente accessibile per questa risorsa.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Imposta il nome visualizzato, l'identificatore e la porta pubblica per questa risorsa.",
+    "resourceGeneralPublicAddressSubsection": "Indirizzo Pubblico",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configura come gli utenti raggiungono questa risorsa.",
+    "resourceGeneralAuthenticationAccessSubsection": "Autenticazione e Accesso",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Scegli se questa risorsa utilizza la sua politica o eredita da una politica condivisa.",
    "resourceEnable": "Abilita Risorsa",
    "resourceTransfer": "Trasferisci Risorsa",
    "resourceTransferDescription": "Trasferisci questa risorsa a un sito diverso",
@@ -1220,11 +1294,14 @@
    "addLabels": "Aggiungi etichette",
    "siteLabelsTab": "Etichette",
    "siteLabelsDescription": "Gestisci le etichette associate a questo sito.",
-    "labelsNotFound": "Etichette non trovate",
+    "labelsNotFound": "Nessuna etichetta trovata.",
+    "labelsEmptyCreateHint": "Inizia a digitare sopra per creare un'etichetta.",
    "labelSearch": "Cerca etichette",
+    "labelSearchOrCreate": "Cerca o crea un'etichetta",
    "accessLabelFilterCount": "{count, plural, one {# etichetta} other {# etichette}}",
    "labelOverflowCount": "+{count, plural, one {# etichetta} other {# etichette}}",
    "accessLabelFilterClear": "Cancella filtri etichette",
+    "accessFilterClear": "Cancella filtri",
    "selectColor": "Seleziona colore",
    "createNewLabel": "Crea nuova etichetta dell'organizzazione \"{label}\"",
    "inviteInvalidDescription": "Il link di invito non è valido.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Risorse",
    "sidebarProxyResources": "Pubblico",
    "sidebarClientResources": "Privato",
-    "sidebarPolicies": "Politiche",
-    "sidebarResourcePolicies": "Risorse",
+    "sidebarPolicies": "Politiche Condivise",
+    "sidebarResourcePolicies": "Risorse Pubbliche",
    "sidebarAccessControl": "Controllo Accesso",
    "sidebarLogsAndAnalytics": "Registri E Analisi",
    "sidebarTeam": "Squadra",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Amministratore",
    "sidebarInvitations": "Inviti",
    "sidebarRoles": "Ruoli",
-    "sidebarShareableLinks": "Collegamenti",
+    "sidebarShareableLinks": "Collegamenti Condivisibili",
    "sidebarApiKeys": "Chiavi API",
    "sidebarProvisioning": "Accantonamento",
    "sidebarSettings": "Impostazioni",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Risorsa {id}",
    "blueprints": "Progetti",
    "blueprintsLog": "Registro Progetti",
-    "blueprintsDescription": "Visualizza le applicazioni passate dei progetti e i loro risultati",
+    "blueprintsDescription": "Visualizza le applicazioni blueprint passate e i loro risultati o applica un nuovo blueprint",
    "blueprintAdd": "Aggiungi Progetto",
    "blueprintGoBack": "Vedi tutti i progetti",
    "blueprintCreate": "Crea Progetto",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Abilita Progetto Docker",
    "enableDockerSocketDescription": "Abilita lo scraping delle etichette Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito al connettore del sito. Leggi come funziona nel <docsLink>documentazione</docsLink>.",
    "newtAutoUpdate": "Abilita Aggiornamento Automatico del Sito",
-    "newtAutoUpdateDescription": "Quando abilitato, i connettori di sito si aggiorneranno automaticamente all'ultima versione quando è disponibile un nuovo rilascio.",
+    "newtAutoUpdateDescription": "Quando abilitati, i connettori del sito scaricheranno automaticamente l'ultima versione e si riavvieranno. Questo può essere sovrascritto caso per caso.",
    "siteAutoUpdate": "Aggiornamento Automatico del Sito",
    "siteAutoUpdateLabel": "Abilita Aggiornamento Automatico",
-    "siteAutoUpdateDescription": "Controlla se il connettore di questo sito scarica automaticamente l'ultima versione.",
+    "siteAutoUpdateDescription": "Quando abilitato, il connettore di questo sito scaricherà automaticamente l'ultima versione e si riavvierà.",
    "siteAutoUpdateOrgDefault": "Predefinito dell'organizzazione: {state}",
    "siteAutoUpdateOverriding": "Sovrascrivere le impostazioni dell'organizzazione",
    "siteAutoUpdateResetToOrg": "Reimposta al Predefinito dell'Organizzazione",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Configurazione dell'account completata! Benvenuto su Pangolin!",
    "documentation": "Documentazione",
    "saveAllSettings": "Salva Tutte le Impostazioni",
-    "saveResourceTargets": "Salva Target",
-    "saveResourceHttp": "Salva Impostazioni Proxy",
-    "saveProxyProtocol": "Salva impostazioni protocollo proxy",
+    "saveResourceTargets": "Salva Impostazioni",
+    "saveResourceHttp": "Salva Impostazioni",
+    "saveProxyProtocol": "Salva Impostazioni",
    "settingsUpdated": "Impostazioni aggiornate",
    "settingsUpdatedDescription": "Impostazioni aggiornate con successo",
    "settingsErrorUpdate": "Impossibile aggiornare le impostazioni",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Sconosciuto",
    "healthCheck": "Controllo Salute",
    "configureHealthCheck": "Configura Controllo Salute",
-    "configureHealthCheckDescription": "Imposta il monitoraggio della salute per {target}",
+    "configureHealthCheckDescription": "Imposta il monitoraggio per la tua risorsa per assicurarti che sia sempre disponibile",
    "enableHealthChecks": "Abilita i Controlli di Salute",
    "healthCheckDisabledStateDescription": "Quando disabilitato, il sito non eseguirà controlli di integrità e lo stato sarà considerato sconosciuto.",
    "enableHealthChecksDescription": "Monitorare lo stato di salute di questo obiettivo. Se necessario, è possibile monitorare un endpoint diverso da quello del bersaglio.",
    "healthScheme": "Metodo",
    "healthSelectScheme": "Seleziona Metodo",
-    "healthCheckPortInvalid": "La porta di controllo dello stato di salute deve essere compresa tra 1 e 65535",
+    "healthCheckPortInvalid": "La porta deve essere compresa tra 1 e 65535",
    "healthCheckPath": "Percorso",
    "healthHostname": "IP / Nome host",
    "healthPort": "Porta",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Richiede Approvazioni Dispositivo",
    "requireDeviceApprovalDescription": "Gli utenti con questo ruolo hanno bisogno di nuovi dispositivi approvati da un amministratore prima di poter connettersi e accedere alle risorse.",
    "sshSettings": "Impostazioni SSH",
+    "sshAccess": "Accesso SSH",
    "rdpSettings": "Impostazioni RDP",
    "vncSettings": "Impostazioni VNC",
    "sshServer": "Server SSH",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Assicurati che l'host target sia correttamente configurato per eseguire il demone di autenticazione prima di completare questa configurazione, altrimenti il provisioning fallirà.",
    "sshDaemonPort": "Porta Daemon",
    "sshServerDestination": "Destinazione Server",
-    "sshServerDestinationDescription": "Configura la destinazione e la porta del server SSH",
+    "sshServerDestinationDescription": "Configura la destinazione del server SSH",
    "destination": "Destinazione",
+    "destinationRequired": "La destinazione è obbligatoria.",
+    "domainRequired": "Il dominio è obbligatorio.",
+    "proxyPortRequired": "La porta è obbligatoria.",
+    "invalidPathConfiguration": "Configurazione percorso non valida.",
+    "invalidRewritePathConfiguration": "Configurazione percorso di riscrittura non valida.",
    "bgTargetMultiSiteDisclaimer": "Selezionare più siti abilita instradamento resiliente e failover per alta disponibilità.",
    "roleAllowSsh": "Consenti SSH",
    "roleAllowSshAllow": "Consenti",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.",
    "sshSudo": "Consenti sudo",
    "sshSudoCommands": "Comandi Sudo",
-    "sshSudoCommandsDescription": "Elenco separato da virgole di comandi che l'utente è autorizzato a eseguire con sudo. Devono essere utilizzati percorsi assoluti.",
+    "sshSudoCommandsDescription": "Elenco di comandi che l'utente è autorizzato ad eseguire con sudo, separati da virgole, spazi o nuove righe. Devono essere utilizzati percorsi assoluti.",
    "sshCreateHomeDir": "Crea Cartella Home",
    "sshUnixGroups": "Gruppi Unix",
-    "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.",
+    "sshUnixGroupsDescription": "Gruppi Unix a cui aggiungere l'utente sull'host di destinazione, separati da virgole, spazi o nuove righe.",
+    "roleTextFieldPlaceholder": "Inserisci i valori o rilascia un file .txt o .csv",
+    "roleTextImportTitle": "Importa da File",
+    "roleTextImportDescription": "Importazione di {fileName} in {fieldLabel}.",
+    "roleTextImportSkipHeader": "Ignora Prima Riga (Intestazione)",
+    "roleTextImportOverride": "Sostituisci Esistente",
+    "roleTextImportAppend": "Aggiungi a Esistente",
+    "roleTextImportMode": "Modalità Importazione",
+    "roleTextImportPreview": "Anteprima",
+    "roleTextImportItemCount": "{count, plural, =0 {Nessun elemento da importare} one {1 elemento da importare} other {# elementi da importare}}",
+    "roleTextImportTotalCount": "{existing} esistente + {imported} importato = {total} totale",
+    "roleTextImportConfirm": "Importa",
+    "roleTextImportInvalidFile": "Tipo di file non supportato",
+    "roleTextImportInvalidFileDescription": "Sono supportati solo file .txt e .csv.",
+    "roleTextImportEmpty": "Nessun elemento trovato nel file",
+    "roleTextImportEmptyDescription": "Il file non contiene elementi importabili.",
    "retryAttempts": "Tentativi di Riprova",
    "expectedResponseCodes": "Codici di Risposta Attesi",
    "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Abilita Protocollo Proxy",
    "proxyProtocolInfo": "Conserva gli indirizzi IP del client per i backend TCP",
    "proxyProtocolVersion": "Versione Protocollo Proxy",
-    "version1": " Versione 1 (Consigliato)",
+    "version1": "Versione 1 (Consigliato)",
    "version2": "Versione 2",
-    "versionDescription": "La versione 1 è testuale e ampiamente supportata. La versione 2 è binaria e più efficiente, ma meno compatibile.",
+    "version1Description": "Testuale e ampiamente supportata. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
+    "version2Description": "Binaria e più efficiente ma meno compatibile. Assicurati che il trasporto server sia aggiunto alla configurazione dinamica.",
    "warning": "Attenzione",
    "proxyProtocolWarning": "L'applicazione backend deve essere configurata per accettare le connessioni del protocollo proxy. Se il tuo backend non supporta il protocollo proxy, abilitarlo interromperà tutte le connessioni, quindi attivalo solo se sai cosa stai facendo. Assicurati di configurare il tuo backend per fidarti delle intestazioni del protocollo proxy da Traefik.",
    "restarting": "Riavvio...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Inserisci conferma",
    "blueprintViewDetails": "Dettagli",
    "defaultIdentityProvider": "Provider di Identità Predefinito",
-    "defaultIdentityProviderDescription": "Quando viene selezionato un provider di identità predefinito, l'utente verrà automaticamente reindirizzato al provider per l'autenticazione.",
+    "defaultIdentityProviderDescription": "L'utente verrà automaticamente reindirizzato a questo provider di identità per l'autenticazione.",
    "editInternalResourceDialogNetworkSettings": "Impostazioni di Rete",
    "editInternalResourceDialogAccessPolicy": "Politica di Accesso",
    "editInternalResourceDialogAddRoles": "Aggiungi Ruoli",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Tipo di Modalità di Manutenzione",
    "showMaintenancePage": "Mostra una pagina di manutenzione ai visitatori",
    "enableMaintenanceMode": "Abilita Modalità di Manutenzione",
+    "enableMaintenanceModeDescription": "Quando abilitato, i visitatori vedranno una pagina di manutenzione invece della tua risorsa.",
    "automatic": "Automatico",
    "automaticModeDescription": "Mostra pagina di manutenzione solo quando tutti i target del backend sono inattivi o non in salute. La tua risorsa continua a funzionare normalmente finché almeno un target è in salute.",
    "forced": "Forzato",
@@ -3082,6 +3182,8 @@
    "warning:": "Avviso:",
    "forcedeModeWarning": "Tutto il traffico verrà indirizzato alla pagina di manutenzione. Le risorse del tuo backend non riceveranno richieste.",
    "pageTitle": "Titolo Pagina",
+    "maintenancePageContentSubsection": "Contenuto della Pagina",
+    "maintenancePageContentSubsectionDescription": "Personalizza il contenuto visualizzato sulla pagina di manutenzione",
    "pageTitleDescription": "L'intestazione principale visualizzata sulla pagina di manutenzione",
    "maintenancePageMessage": "Messaggio di Manutenzione",
    "maintenancePageMessagePlaceholder": "Torneremo presto! Il nostro sito è attualmente in manutenzione programmata.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Sei sicuro di voler disassociare questo provider di identità da questa organizzazione?",
    "idpUnassociateDescription": "Tutti gli utenti associati a questo provider di identità verranno rimossi da questa organizzazione, ma il provider di identità continuerà ad esistere per altre organizzazioni associate.",
    "idpUnassociateConfirm": "Conferma Disassociazione Provider di Identità",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "CANCELLA E RIMUOVIMI DALL'ORGANIZZAZIONE",
+    "idpUnassociateAndRemoveMeFromOrg": "DISASSOCIA E RIMUOVIMI DALL'ORGANIZZAZIONE",
    "idpUnassociateWarning": "Questo non può essere annullato per questa organizzazione.",
    "idpUnassociatedDescription": "Provider di identità disassociato con successo da questa organizzazione",
    "idpUnassociateMenu": "Disassocia",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Connessione…",
    "sshInitializing": "Inizializzazione…",
    "sshSignInTitle": "Accedi a SSH",
-    "sshSignInDescription": "Inserisci le tue credenziali SSH",
+    "sshSignInDescription": "Inserisci le tue credenziali SSH per connetterti",
    "sshPasswordTab": "Password",
    "sshPrivateKeyTab": "Chiave Privata",
    "sshPrivateKeyField": "Chiave Privata",
    "sshPrivateKeyDisclaimer": "La tua chiave privata non è memorizzata o visibile a Pangolin. In alternativa, puoi utilizzare certificati a vita breve per un'autenticazione continua utilizzando la tua identità Pangolin esistente.",
    "sshLearnMore": "Scopri di più",
    "sshPrivateKeyFile": "File Chiave Privata",
-    "sshAuthenticate": "Autentica",
+    "sshAuthenticate": "Connetti",
    "sshTerminate": "Termina",
    "sshPoweredBy": "Offerto da",
    "sshErrorNoTarget": "Nessun obiettivo specificato",
    "sshErrorWebSocket": "Connessione WebSocket fallita",
    "sshErrorAuthFailed": "Autenticazione fallita",
-    "sshErrorConnectionClosed": "Connessione chiusa prima del completamento dell'autenticazione"
+    "sshErrorConnectionClosed": "Connessione chiusa prima del completamento dell'autenticazione",
+    "sitePangolinSshDescription": "Consenti l'accesso SSH alle risorse su questo sito. Questo può essere modificato in seguito.",
+    "browserGatewayNoResourceForDomain": "Nessuna risorsa trovata per questo dominio",
+    "browserGatewayNoTarget": "Nessun bersaglio",
+    "browserGatewayConnect": "Connetti",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Canc",
+    "sshErrorSignKeyFailed": "Impossibile firmare la chiave SSH per l'autenticazione push PAM. Ti sei autenticato come utente?",
+    "sshTerminalError": "Errore: {error}",
+    "sshConnectionClosedCode": "Connessione chiusa (codice {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "È richiesta una chiave privata",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Inserisci la tua password VNC per connetterti",
+    "vncPasswordOptional": "Password (opzionale)",
+    "vncNoResourceTarget": "Nessun bersaglio di risorsa disponibile",
+    "vncFailedToLoadNovnc": "Impossibile caricare noVNC",
+    "vncAuthFailedStatus": "Stato {status}",
+    "vncPasteClipboard": "Incolla appunti",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Accedi al Desktop Remoto",
+    "rdpSignInDescription": "Inserisci le credenziali di Windows per connetterti",
+    "rdpLoadingModule": "Caricamento modulo...",
+    "rdpFailedToLoadModule": "Impossibile caricare il modulo RDP",
+    "rdpNotReady": "Non pronto",
+    "rdpModuleInitializing": "Il modulo RDP è ancora in inizializzazione",
+    "rdpDownloadingFiles": "Scaricamento di {count} file(s) da remoto…",
+    "rdpDownloadFailed": "Download fallito: {fileName}",
+    "rdpUploaded": "Caricato: {fileName}",
+    "rdpNoConnectionTarget": "Nessun bersaglio di connessione disponibile",
+    "rdpConnectionFailed": "Connessione fallita",
+    "rdpFit": "Adatta",
+    "rdpFull": "Completo",
+    "rdpReal": "Reale",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Carica file",
+    "rdpFilesReadyToPaste": "File pronti per essere incollati",
+    "rdpFilesReadyToPasteDescription": "{count} file(s) copiati negli appunti remoti — premi Ctrl+V sul desktop remoto per incollare.",
+    "rdpUploadFailed": "Caricamento fallito",
+    "rdpUnicodeKeyboardMode": "Modalità tastiera Unicode",
+    "sessionToolbarShow": "Mostra barra degli strumenti",
+    "sessionToolbarHide": "Nascondi barra degli strumenti"
 }
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "개인 리소스 보기",
    "siteInstallNewt": "Newt 설치",
    "siteInstallNewtDescription": "시스템에서 Newt 실행하기",
+    "siteInstallKubernetesDocsDescription": "더 많은 정보와 최신의 쿠버네티스 설치 정보를 보려면 <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>를 참조하세요.",
+    "siteInstallAdvantechDocsDescription": "Advantech 모뎀 설치 지침은 <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>을 참조하세요.",
    "WgConfiguration": "WireGuard 구성",
    "WgConfigurationDescription": "네트워크에 연결하기 위한 다음 구성을 사용하세요.",
    "operatingSystem": "운영 체제",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
    "siteInfo": "사이트 정보",
    "status": "상태",
-    "shareTitle": "공유 링크 관리",
+    "shareTitle": "공유 가능한 링크 관리",
    "shareDescription": "공유 가능한 링크를 생성하여 프록시 리소스에 임시 또는 영구적으로 액세스하세요.",
-    "shareSearch": "공유 링크 검색...",
-    "shareCreate": "공유 링크 생성",
+    "shareSearch": "공유 가능한 링크 검색...",
+    "shareCreate": "공유 가능한 링크 생성",
    "shareErrorDelete": "링크 삭제에 실패했습니다.",
    "shareErrorDeleteMessage": "링크 삭제 중 오류가 발생했습니다.",
    "shareDeleted": "링크가 삭제되었습니다.",
    "shareDeletedDescription": "링크가 삭제되었습니다.",
-    "shareDelete": "공유 링크 삭제",
-    "shareDeleteConfirm": "공유 링크 삭제 확인",
+    "shareDelete": "공유 가능한 링크 삭제",
+    "shareDeleteConfirm": "공유 가능한 링크 삭제 확인",
    "shareQuestionRemove": "이 공유 링크를 삭제하시겠습니까?",
    "shareMessageRemove": "삭제되면 링크가 더 이상 작동하지 않으며, 이를 사용하는 모든 사용자는 자원에 대한 접근을 잃게 됩니다.",
    "shareTokenDescription": "액세스 토큰은 쿼리 매개변수 또는 요청 헤더의 두 가지 방법으로 전달될 수 있습니다. 이는 인증된 액세스를 위해 클라이언트에서 모든 요청마다 전달되어야 합니다.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "이 링크가 있는 누구나 리소스에 접근할 수 있습니다.",
    "shareTitleOptional": "제목 (선택 사항)",
    "sharePathOptional": "경로 (선택 사항)",
+    "sharePathDescription": "링크는 인증 후 이 경로로 사용자를 리디렉션합니다.",
    "expireIn": "만료됨",
    "neverExpire": "만료되지 않음",
    "shareExpireDescription": "만료 시간은 링크가 사용 가능하고 리소스에 접근할 수 있는 기간입니다. 이 시간이 지나면 링크는 더 이상 작동하지 않으며, 이 링크를 사용한 사용자는 리소스에 대한 접근 권한을 잃게 됩니다.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "리소스를 선택하세요",
    "proxyResourceTitle": "공개 리소스 관리",
    "proxyResourceDescription": "웹 브라우저를 통해 공용으로 접근할 수 있는 리소스를 생성하고 관리하세요.",
-    "publicResourcesBannerTitle": "웹 기반 공공 접근",
-    "publicResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 또는 TCP/UDP 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
+    "publicResourcesBannerTitle": "웹 기반의 공개 액세스",
+    "publicResourcesBannerDescription": "공공 자원은 누구나 웹 브라우저를 통해 접근 가능한 HTTPS 프록시입니다. 개인 자원과 달리 클라이언트 측 소프트웨어가 필요하지 않으며, 아이덴티티 및 컨텍스트 인지 접근 정책을 포함할 수 있습니다.",
    "clientResourceTitle": "개인 리소스 관리",
    "clientResourceDescription": "연결된 클라이언트를 통해서만 접근할 수 있는 리소스를 생성하고 관리하세요.",
    "privateResourcesBannerTitle": "제로 트러스트 개인 접근",
@@ -209,15 +212,19 @@
    "resourcesSearch": "리소스 검색...",
    "resourceAdd": "리소스 추가",
    "resourceErrorDelte": "리소스 삭제 중 오류 발생",
-    "resourcePoliciesTitle": "리소스 정책 관리",
-    "resourcePoliciesAttachedResourcesColumnTitle": "첨부 리소스",
+    "resourcePoliciesBannerTitle": "인증 및 액세스 규칙 재사용",
+    "resourcePoliciesBannerDescription": "공유 리소스 정책을 사용하면 한 번 인증 방법 및 액세스 규칙을 정의하고, 여러 공개 리소스에 첨부할 수 있습니다. 정책을 업데이트하면 모든 연결된 리소스가 자동으로 변경 사항을 상속받습니다.",
+    "resourcePoliciesBannerButtonText": "자세히 알아보기",
+    "resourcePoliciesTitle": "공개 리소스 정책 관리",
+    "resourcePoliciesAttachedResourcesColumnTitle": "리소스",
    "resourcePoliciesAttachedResources": "{count} 리소스",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 자원}}",
    "resourcePoliciesAttachedResourcesEmpty": "리소스 없음",
-    "resourcePoliciesDescription": "리소스에 대한 접근을 제어할 인증 정책을 생성 및 관리합니다",
+    "resourcePoliciesDescription": "공개 리소스에 대한 인증 정책을 생성하고 관리하여 접근을 제어합니다",
    "resourcePoliciesSearch": "정책 검색...",
    "resourcePoliciesAdd": "정책 추가",
    "resourcePoliciesDefaultBadgeText": "기본 정책",
-    "resourcePoliciesCreate": "리소스 정책 생성",
+    "resourcePoliciesCreate": "공개 리소스 정책 생성",
    "resourcePoliciesCreateDescription": "새로운 정책을 생성하려면 아래 단계들을 따르세요",
    "resourcePolicyName": "정책 이름",
    "resourcePolicyNameDescription": "이 정책에 리소스 간에 식별할 이름을 지정합니다",
@@ -274,7 +281,7 @@
    "back": "뒤로",
    "cancel": "취소",
    "resourceConfig": "구성 스니펫",
-    "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣습니다.",
+    "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣으세요.",
    "resourceAddEntrypoints": "Traefik: 엔트리포인트 추가",
    "resourceExposePorts": "Gerbil: Docker Compose에서 포트 노출",
    "resourceLearnRaw": "TCP/UDP 리소스 구성 방법 알아보기",
@@ -287,6 +294,8 @@
    "labelDelete": "레이블 삭제",
    "labelAdd": "레이블 추가",
    "labelCreateSuccessMessage": "레이블이 성공적으로 생성되었습니다",
+    "labelDuplicateError": "중복 레이블",
+    "labelDuplicateErrorDescription": "이 이름의 레이블이 이미 존재합니다.",
    "labelEditSuccessMessage": "레이블이 성공적으로 수정되었습니다",
    "labelNameField": "레이블 이름",
    "labelColorField": "레이블 색상",
@@ -311,7 +320,7 @@
    "rules": "규칙",
    "resourceSettingDescription": "리소스의 설정을 구성하세요.",
    "resourceSetting": "{resourceName} 설정",
-    "resourcePolicySettingDescription": "리소스 정책에 대한 설정을 구성합니다",
+    "resourcePolicySettingDescription": "이 공개 리소스 정책의 설정을 구성하세요",
    "resourcePolicySetting": "{policyName} 설정",
    "alwaysAllow": "인증 우회",
    "alwaysDeny": "접근 차단",
@@ -719,7 +728,7 @@
    "targetSubmit": "대상 추가",
    "targetNoOne": "이 리소스에는 대상이 없습니다. 백엔드로 요청을 보낼 대상을 구성하려면 대상을 추가하세요.",
    "targetNoOneDescription": "위에 하나 이상의 대상을 추가하면 로드 밸런싱이 활성화됩니다.",
-    "targetsSubmit": "대상 저장",
+    "targetsSubmit": "설정 저장",
    "addTarget": "대상 추가",
    "proxyMultiSiteRoundRobinNodeHelp": "라운드 로빈 라우팅은 동일한 노드에 연결되지 않은 사이트 간에는 작동하지 않으나, 대체 라우팅은 작동합니다.",
    "targetErrorInvalidIp": "유효하지 않은 IP 주소",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "중복 규칙",
    "rulesErrorDuplicateDescription": "이 설정을 가진 규칙이 이미 존재합니다.",
    "rulesErrorInvalidIpAddressRange": "유효하지 않은 CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 값을 입력하십시오.",
-    "rulesErrorInvalidUrl": "유효하지 않은 URL 경로",
-    "rulesErrorInvalidUrlDescription": "유효한 URL 경로 값을 입력해 주세요.",
-    "rulesErrorInvalidIpAddress": "유효하지 않은 IP",
-    "rulesErrorInvalidIpAddressDescription": "유효한 IP 주소를 입력하세요",
+    "rulesErrorInvalidIpAddressRangeDescription": "유효한 CIDR 범위를 입력하세요 (예: 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "유효하지 않은 경로",
+    "rulesErrorInvalidUrlDescription": "유효한 URL 경로 또는 패턴을 입력하세요 (예: /api/*).",
+    "rulesErrorInvalidIpAddress": "유효하지 않은 IP 주소",
+    "rulesErrorInvalidIpAddressDescription": "유효한 IPv4 또는 IPv6 주소를 입력하세요.",
    "rulesErrorUpdate": "규칙 업데이트에 실패했습니다.",
    "rulesErrorUpdateDescription": "규칙 업데이트 중 오류가 발생했습니다.",
    "rulesUpdated": "규칙 활성화",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "IP 주소를 입력하세요 (예: 103.21.244.12)",
    "rulesMatchUrl": "URL 경로 또는 패턴을 입력하세요 (예: /api/v1/todos 또는 /api/v1/*)",
    "rulesErrorInvalidPriority": "유효하지 않은 우선순위",
-    "rulesErrorInvalidPriorityDescription": "유효한 우선 순위를 입력하세요.",
-    "rulesErrorDuplicatePriority": "중복 우선순위",
-    "rulesErrorDuplicatePriorityDescription": "고유한 우선 순위를 입력하십시오.",
+    "rulesErrorInvalidPriorityDescription": "1 이상의 정수를 입력하세요.",
+    "rulesErrorDuplicatePriority": "중복된 우선순위",
+    "rulesErrorDuplicatePriorityDescription": "각 규칙은 고유한 우선순위 번호를 가져야 합니다.",
+    "rulesErrorValidation": "유효하지 않은 규칙",
+    "rulesErrorValidationRuleDescription": "규칙 {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "유효한 매칭 유형을 선택하세요 (경로, IP, CIDR, 국가, 지역, 또는 ASN).",
+    "rulesErrorValueRequired": "이 규칙에 대한 값을 입력하세요.",
+    "rulesErrorInvalidCountry": "유효하지 않은 국가",
+    "rulesErrorInvalidCountryDescription": "유효한 국가를 선택하세요.",
+    "rulesErrorInvalidAsn": "유효하지 않은 ASN",
+    "rulesErrorInvalidAsnDescription": "유효한 ASN을 입력하세요 (예: AS15169).",
    "ruleUpdated": "규칙이 업데이트되었습니다",
    "ruleUpdatedDescription": "규칙이 성공적으로 업데이트되었습니다",
    "ruleErrorUpdate": "작업 실패",
    "ruleErrorUpdateDescription": "저장 작업 중 오류가 발생했습니다.",
    "rulesPriority": "우선순위",
+    "rulesReorderDragHandle": "드래그하여 규칙 우선순위 재정렬",
    "rulesAction": "작업",
    "rulesMatchType": "일치 유형",
    "value": "값",
@@ -792,7 +810,7 @@
    "rulesResource": "리소스 규칙 구성",
    "rulesResourceDescription": "리소스에 대한 접근을 제어하는 규칙 구성",
    "ruleSubmit": "규칙 추가",
-    "rulesNoOne": "규칙이 없습니다. 양식을 사용하여 규칙을 추가하십시오.",
+    "rulesNoOne": "아직 규칙이 없습니다.",
    "rulesOrder": "규칙은 우선 순위에 따라 오름차순으로 평가됩니다.",
    "rulesSubmit": "규칙 저장",
    "policyErrorCreate": "정책 생성 오류",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "예기치 않은 오류가 발생했습니다",
    "policyCreatedSuccess": "리소스 정책이 성공적으로 생성되었습니다",
    "policyUpdatedSuccess": "리소스 정책이 성공적으로 업데이트되었습니다",
-    "authMethodsSave": "인증 방법 저장",
+    "authMethodsSave": "설정 저장",
+    "policyAuthStackTitle": "인증",
+    "policyAuthStackDescription": "이 리소스에 접근하려면 어떤 인증 방법이 필요한지 제어합니다",
+    "policyAuthOrLogicTitle": "다수의 인증 방법 활성화",
+    "policyAuthOrLogicBanner": "방문자는 아래 활성화된 방법 중 하나만을 선택하여 인증할 수 있습니다. 모든 방법을 완료할 필요는 없습니다.",
+    "policyAuthMethodActive": "활성화",
+    "policyAuthMethodOff": "비활성화",
+    "policyAuthSsoTitle": "플랫폼 SSO",
+    "policyAuthSsoDescription": "사용자의 아이덴티티 공급자를 통해 로그인 필요",
+    "policyAuthSsoSummary": "{idp} · {users} 사용자, {roles} 역할",
+    "policyAuthSsoDefaultIdp": "기본 공급자",
+    "policyAuthAddDefaultIdentityProvider": "기본 아이덴티티 공급자 추가",
+    "policyAuthOtherMethodsTitle": "기타 방법",
+    "policyAuthOtherMethodsDescription": "플랫폼 SSO 대신 또는 함께 사용할 수 있는 선택적 방법",
+    "policyAuthPasscodeTitle": "패스코드",
+    "policyAuthPasscodeDescription": "리소스 접근을 위한 공유 알파벳 및 숫자 패스코드 필요",
+    "policyAuthPasscodeSummary": "패스코드 설정됨",
+    "policyAuthPincodeTitle": "PIN 코드",
+    "policyAuthPincodeDescription": "리소스 접근에 필요한 짧은 숫자 코드",
+    "policyAuthPincodeSummary": "6자리 PIN 코드 설정됨",
+    "policyAuthEmailTitle": "이메일 화이트리스트",
+    "policyAuthEmailDescription": "허용된 이메일 주소로 일회용 비밀번호 전송",
+    "policyAuthEmailSummary": "{count}개의 주소 허용됨",
+    "policyAuthEmailOtpCallout": "이메일 화이트리스트를 활성화하면 로그인 시 방문자의 이메일로 일회용 비밀번호가 전송됩니다.",
+    "policyAuthHeaderAuthTitle": "기본 헤더 인증",
+    "policyAuthHeaderAuthDescription": "각 요청에서 맞춤 HTTP 헤더 이름 및 값을 검증",
+    "policyAuthHeaderAuthSummary": "헤더 구성됨",
+    "policyAuthHeaderName": "헤더 이름",
+    "policyAuthHeaderValue": "예상 값",
+    "policyAuthSetPasscode": "패스코드 설정",
+    "policyAuthSetPincode": "PIN 코드 설정",
+    "policyAuthSetEmailWhitelist": "이메일 화이트리스트 설정",
+    "policyAuthSetHeaderAuth": "기본 헤더 인증 설정",
+    "policyAccessRulesTitle": "액세스 규칙",
+    "policyAccessRulesEnableDescription": "활성화되면 규칙은 내림차순으로 평가되며, 하나가 참으로 평가될 때까지 계속됩니다.",
+    "policyAccessRulesFirstMatch": "규칙은 위에서 아래로 평가됩니다. 첫 번째 매칭 규칙이 결과를 결정합니다.",
+    "policyAccessRulesHowItWorks": "규칙은 경로, IP 주소, 위치 또는 기타 기준에 따라 요청을 매칭합니다. 각 규칙은 인증 우회, 접근 차단 또는 인증 전송의 액션을 적용합니다. 매칭되는 규칙이 없으면, 트래픽은 인증으로 계속됩니다.",
+    "policyAccessRulesFallthroughOff": "규칙이 비활성화되면, 모든 트래픽은 인증으로 넘어갑니다.",
+    "policyAccessRulesFallthroughOn": "매칭되는 규칙이 없으면, 트래픽은 인증으로 넘어갑니다.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "규칙 저장",
    "resourceErrorCreate": "리소스 생성 오류",
    "resourceErrorCreateDescription": "리소스를 생성하는 중 오류가 발생했습니다.",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "리소스를 업데이트하는 동안 오류가 발생했습니다.",
    "access": "접속",
    "accessControl": "액세스 제어",
-    "shareLink": "{resource} 공유 링크",
+    "shareLink": "{resource} 공유 가능한 링크",
    "resourceSelect": "리소스 선택",
-    "shareLinks": "공유 링크",
+    "shareLinks": "공유 가능한 링크",
    "share": "공유 가능한 링크",
    "shareDescription2": "리소스에 대한 공유 가능한 링크를 생성하세요. 링크는 리소스에 대한 임시 또는 무제한 액세스를 제공합니다. 링크를 생성할 때 만료 기간을 설정할 수 있습니다.",
    "shareEasyCreate": "생성하고 공유하기 쉬움",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "관리자는 항상 이 리소스에 접근할 수 있습니다.",
    "resourcePolicySelectTitle": "리소스 액세스 정책",
    "resourcePolicySelectDescription": "인증을 위한 리소스 정책 유형을 선택하세요",
+    "resourcePolicyTypeLabel": "정책 유형",
+    "resourcePolicyLabel": "리소스 정책",
    "resourcePolicyInline": "인라인 리소스 정책",
    "resourcePolicyInlineDescription": "이 리소스에만 범위가 있는 액세스 정책",
    "resourcePolicyShared": "공유 리소스 정책",
-    "resourcePolicySharedDescription": "이 리소스는 공유 정책을 사용합니다. 정책 수준 설정(인증 방법, 이메일 화이트리스트)은 잠겨 있습니다. 아래에서 리소스별 규칙, 역할 및 사용자를 추가할 수 있습니다.",
+    "resourcePolicySharedDescription": "이 리소스는 공유 정책을 사용합니다.",
+    "sharedPolicy": "공유 정책",
+    "sharedPolicyNoneDescription": "이 리소스는 자체 정책을 가지고 있습니다.",
+    "resourceSharedPolicyOwnDescription": "이 리소스는 자체 인증 및 접근 규칙 제어를 가지고 있습니다.",
+    "resourceSharedPolicyInheritedDescription": "이 리소스는 <policyLink>{policyName}</policyLink>에서 상속받습니다.",
+    "resourceSharedPolicyAuthenticationNotice": "이 리소스는 공유 정책을 사용합니다. 일부 인증 설정은 이 리소스에서 정책에 추가하기 위해 편집할 수 있습니다. 기본 정책을 변경하려면 <policyLink>{policyName}</policyLink>을 편집해야 합니다.",
+    "resourceSharedPolicyRulesNotice": "이 리소스는 공유 정책을 사용합니다. 일부 액세스 규칙은 이 리소스에서 편집할 수 있습니다. 기본 정책을 변경하려면 <policyLink>{policyName}</policyLink>을 수정해야 합니다.",
    "resourceUsersRoles": "접근 제어",
    "resourceUsersRolesDescription": "이 리소스를 방문할 수 있는 사용자 및 역할을 구성하십시오",
    "resourceUsersRolesSubmit": "접근 제어 저장",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "가시성",
    "resourceVisibilityTitleDescription": "리소스 가시성을 완전히 활성화하거나 비활성화",
    "resourceGeneral": "일반 설정",
-    "resourceGeneralDescription": "이 리소스에 대한 일반 설정을 구성하십시오.",
+    "resourceGeneralDescription": "이 리소스를 위한 이름, 주소 및 접근 정책을 구성하세요.",
+    "resourceGeneralDetailsSubsection": "리소스 세부 정보",
+    "resourceGeneralDetailsSubsectionDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 도메인을 설정합니다.",
+    "resourceGeneralDetailsSubsectionPortDescription": "이 리소스를 위한 표시 이름, 식별자 및 공개 포트를 설정합니다.",
+    "resourceGeneralPublicAddressSubsection": "공공 주소",
+    "resourceGeneralPublicAddressSubsectionDescription": "사용자가 이 리소스에 도달하는 방법을 구성하세요.",
+    "resourceGeneralAuthenticationAccessSubsection": "인증 및 접근",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "이 리소스가 자체 정책을 사용하는지 또는 공유 정책에서 상속받는지를 선택하세요.",
    "resourceEnable": "리소스 활성화",
    "resourceTransfer": "리소스 전송",
    "resourceTransferDescription": "이 리소스를 다른 사이트로 전송",
@@ -1220,11 +1294,14 @@
    "addLabels": "레이블 추가",
    "siteLabelsTab": "레이블",
    "siteLabelsDescription": "이 사이트와 연결된 레이블을 관리합니다.",
-    "labelsNotFound": "레이블을 찾을 수 없습니다",
+    "labelsNotFound": "레이블을 찾을 수 없습니다.",
+    "labelsEmptyCreateHint": "라벨을 생성하려면 위에서 입력을 시작하세요.",
    "labelSearch": "레이블 검색",
+    "labelSearchOrCreate": "레이블을 검색하거나 생성하세요",
    "accessLabelFilterCount": "{count, plural, other {# 레이블}}",
    "labelOverflowCount": " +{count, plural, other {# 레이블}}",
    "accessLabelFilterClear": "레이블 필터 초기화",
+    "accessFilterClear": "필터 지우기",
    "selectColor": "색상 선택",
    "createNewLabel": "새 조직 레이블 \"{label}\" 만들기",
    "inviteInvalidDescription": "초대 링크가 유효하지 않습니다.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "리소스",
    "sidebarProxyResources": "공유",
    "sidebarClientResources": "비공개",
-    "sidebarPolicies": "정책",
-    "sidebarResourcePolicies": "리소스",
+    "sidebarPolicies": "공유 정책들",
+    "sidebarResourcePolicies": "공개 리소스",
    "sidebarAccessControl": "액세스 제어",
    "sidebarLogsAndAnalytics": "로그 및 분석",
    "sidebarTeam": "팀",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "관리자",
    "sidebarInvitations": "초대",
    "sidebarRoles": "역할",
-    "sidebarShareableLinks": "링크",
+    "sidebarShareableLinks": "공유 가능한 링크",
    "sidebarApiKeys": "API 키",
    "sidebarProvisioning": "프로비저닝",
    "sidebarSettings": "설정",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "리소스 {id}",
    "blueprints": "청사진",
    "blueprintsLog": "블루프린트 로그",
-    "blueprintsDescription": "과거 블루프린트 적용 및 결과 보기",
+    "blueprintsDescription": "이전에 블루프린트 응용 프로그램과 그 결과를 보거나 새 블루프린트를 적용하세요",
    "blueprintAdd": "청사진 추가",
    "blueprintGoBack": "모든 청사진 보기",
    "blueprintCreate": "청사진 생성",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Docker 청사진 활성화",
    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 스크래핑을 활성화합니다. 소켓 경로는 사이트 커넥터에 제공되어야 합니다. 동작 방법에 대한 자세한 정보는 <docsLink>문서</docsLink>에서 확인하세요.",
    "newtAutoUpdate": "사이트 자동 업데이트 활성화",
-    "newtAutoUpdateDescription": "활성화되면, 사이트 커넥터는 새 릴리스가 출시될 때 자동으로 최신 버전으로 업데이트됩니다.",
+    "newtAutoUpdateDescription": "활성화되면, 사이트 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다. 각 사이트별로 이를 무시할 수 있습니다.",
    "siteAutoUpdate": "사이트 자동 업데이트",
    "siteAutoUpdateLabel": "자동 업데이트 활성화",
-    "siteAutoUpdateDescription": "이 사이트의 커넥터가 최신 버전을 자동으로 다운로드할지 여부를 제어합니다.",
+    "siteAutoUpdateDescription": "활성화되면, 이 사이트의 커넥터는 최신 버전을 자동으로 다운로드하고 재시작합니다.",
    "siteAutoUpdateOrgDefault": "조직 기본값: {state}",
    "siteAutoUpdateOverriding": "조직 설정 재정의",
    "siteAutoUpdateResetToOrg": "조직 기본값으로 재설정",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "계정 설정이 완료되었습니다! 판골린에 오신 것을 환영합니다!",
    "documentation": "문서",
    "saveAllSettings": "모든 설정 저장",
-    "saveResourceTargets": "대상 저장",
-    "saveResourceHttp": "프록시 설정 저장",
-    "saveProxyProtocol": "프록시 프로토콜 설정 저장",
+    "saveResourceTargets": "설정 저장",
+    "saveResourceHttp": "설정 저장",
+    "saveProxyProtocol": "설정 저장",
    "settingsUpdated": "설정이 업데이트되었습니다",
    "settingsUpdatedDescription": "설정이 성공적으로 업데이트되었습니다.",
    "settingsErrorUpdate": "설정 업데이트 실패",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "알 수 없음",
    "healthCheck": "상태 확인",
    "configureHealthCheck": "상태 확인 설정",
-    "configureHealthCheckDescription": "{target}에 대한 상태 모니터링 설정",
+    "configureHealthCheckDescription": "리소스의 모니터링을 설정하여 항상 이용 가능하도록 하세요",
    "enableHealthChecks": "상태 확인 활성화",
    "healthCheckDisabledStateDescription": "비활성화되면 이 사이트가 상태 확인을 수행하지 않으며 상태가 알 수 없는 것으로 간주됩니다.",
    "enableHealthChecksDescription": "이 대상을 모니터링하여 건강 상태를 확인하세요. 필요에 따라 대상과 다른 엔드포인트를 모니터링할 수 있습니다.",
    "healthScheme": "방법",
    "healthSelectScheme": "방법 선택",
-    "healthCheckPortInvalid": "올바르지 않은 서브넷 마스크입니다. 1에서 65535 사이여야 합니다",
+    "healthCheckPortInvalid": "포트는 1에서 65535 사이여야 합니다",
    "healthCheckPath": "경로",
    "healthHostname": "IP / 호스트",
    "healthPort": "포트",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "장치 승인 요구",
    "requireDeviceApprovalDescription": "이 역할을 가진 사용자는 장치가 연결되기 전에 관리자의 승인이 필요합니다.",
    "sshSettings": "SSH 설정",
+    "sshAccess": "SSH 접속",
    "rdpSettings": "RDP 설정",
    "vncSettings": "VNC 설정",
    "sshServer": "SSH 서버",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "이 설정을 완료하기 전에 인증 데몬을 실행할 대상 호스트가 적절히 구성되었는지 확인하십시오. 그렇지 않으면 프로비저닝이 실패할 수 있습니다.",
    "sshDaemonPort": "데몬 포트",
    "sshServerDestination": "서버 목적지",
-    "sshServerDestinationDescription": "SSH 서버의 목적지 및 포트를 구성합니다",
+    "sshServerDestinationDescription": "SSH 서버의 목적지를 설정합니다",
    "destination": "대상지",
+    "destinationRequired": "목적지가 필요합니다.",
+    "domainRequired": "도메인은 필수입니다.",
+    "proxyPortRequired": "포트가 필요합니다.",
+    "invalidPathConfiguration": "유효하지 않은 경로 구성입니다.",
+    "invalidRewritePathConfiguration": "유효하지 않은 재작성 경로 구성입니다.",
    "bgTargetMultiSiteDisclaimer": "여러 사이트를 선택하면 고가용성을 위한 내구성 있는 라우팅 및 장애 조치를 활성화합니다.",
    "roleAllowSsh": "SSH 허용",
    "roleAllowSshAllow": "허용",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
    "sshSudo": "Sudo 허용",
    "sshSudoCommands": "Sudo 명령",
-    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령의 쉼표로 구분된 목록입니다. 절대 경로를 사용해야 합니다.",
+    "sshSudoCommandsDescription": "사용자가 쉘에서 sudo로 실행할 수 있는 명령 목록, 쉼표, 공백 또는 새 줄로 구분됩니다. 절대 경로를 사용해야 합니다.",
    "sshCreateHomeDir": "홈 디렉터리 생성",
    "sshUnixGroups": "유닉스 그룹",
-    "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
+    "sshUnixGroupsDescription": "사용자를 대상 호스트에 추가할 유닉스 그룹들, 쉼표, 공백 또는 새 줄로 구분됩니다.",
+    "roleTextFieldPlaceholder": "값을 입력하거나 .txt나 .csv 파일을 드롭하세요",
+    "roleTextImportTitle": "파일에서 가져오기",
+    "roleTextImportDescription": "{fileName}을(를) {fieldLabel}에 가져오는 중",
+    "roleTextImportSkipHeader": "첫 행 건너뛰기 (헤더)",
+    "roleTextImportOverride": "기존 항목 교체",
+    "roleTextImportAppend": "기존 항목에 추가",
+    "roleTextImportMode": "가져오기 모드",
+    "roleTextImportPreview": "미리보기",
+    "roleTextImportItemCount": "{count, plural, =0 {가져올 항목 없음} other {# 개의 항목 가져오기}}",
+    "roleTextImportTotalCount": "{existing} 기존 + {imported} 가져옴 = {total} 총계",
+    "roleTextImportConfirm": "가져오기",
+    "roleTextImportInvalidFile": "지원되지 않는 파일 유형",
+    "roleTextImportInvalidFileDescription": ".txt 및 .csv 파일만 지원됩니다.",
+    "roleTextImportEmpty": "파일에서 항목을 찾을 수 없습니다",
+    "roleTextImportEmptyDescription": "파일에 가져올 항목이 포함되어 있지 않습니다.",
    "retryAttempts": "재시도 횟수",
    "expectedResponseCodes": "예상 응답 코드",
    "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "프록시 프로토콜 활성화",
    "proxyProtocolInfo": "TCP 백엔드에 대한 클라이언트 IP 주소를 유지합니다.",
    "proxyProtocolVersion": "프록시 프로토콜 버전",
-    "version1": " 버전 1 (추천)",
+    "version1": "버전 1 (추천)",
    "version2": "버전 2",
-    "versionDescription": "버전 1은 텍스트 기반으로 널리 지원됩니다. 버전 2는 이진 기반으로 더 효율적이지만 호환성이 낮습니다.",
+    "version1Description": "텍스트 기반으로 널리 지원됩니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
+    "version2Description": "바이너리 및 더 효율적이지만 호환성은 낮습니다. 서버 전송이 동적 구성에 추가되었는지 확인하세요.",
    "warning": "경고",
    "proxyProtocolWarning": "백엔드 애플리케이션이 프록시 프로토콜 연결을 허용하도록 구성되어야 합니다. 백엔드가 프록시 프로토콜을 지원하지 않으면, 이를 활성화하면 모든 연결이 끊어집니다. 트래픽에서 온 프록시 프로토콜 헤더를 백엔드가 신뢰하도록 구성하십시오.",
    "restarting": "재시작 중...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "확인 입력",
    "blueprintViewDetails": "세부 정보",
    "defaultIdentityProvider": "기본 아이덴티티 공급자",
-    "defaultIdentityProviderDescription": "기본 ID 공급자가 선택되면, 사용자는 인증을 위해 자동으로 해당 공급자로 리디렉션됩니다.",
+    "defaultIdentityProviderDescription": "사용자는 인증을 위해 이 아이덴티티 공급자로 자동 리디렉션됩니다.",
    "editInternalResourceDialogNetworkSettings": "네트워크 설정",
    "editInternalResourceDialogAccessPolicy": "액세스 정책",
    "editInternalResourceDialogAddRoles": "역할 추가",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "유지보수 모드 유형",
    "showMaintenancePage": "방문자에게 유지보수 페이지 표시",
    "enableMaintenanceMode": "유지보수 모드 활성화",
+    "enableMaintenanceModeDescription": "활성화되면 방문자는 리소스 대신 유지보수 페이지를 보게 됩니다.",
    "automatic": "자동",
    "automaticModeDescription": "백엔드 타깃이 모두 다운되거나 건강하지 않을 때만 유지보수 페이지를 표시합니다. 적어도 하나의 타깃이 건강한 한 리소스는 정상 작동합니다.",
    "forced": "강제",
@@ -3082,6 +3182,8 @@
    "warning:": "경고:",
    "forcedeModeWarning": "모든 트래픽이 유지보수 페이지로 전달됩니다. 백엔드 리소스는 어떠한 요청도 받지 않습니다.",
    "pageTitle": "페이지 제목",
+    "maintenancePageContentSubsection": "페이지 콘텐츠",
+    "maintenancePageContentSubsectionDescription": "유지보수 페이지에 표시될 콘텐츠를 사용자 정의하세요",
    "pageTitleDescription": "유지보수 페이지에 표시될 주요 제목",
    "maintenancePageMessage": "유지보수 메시지",
    "maintenancePageMessagePlaceholder": "곧 돌아오겠습니다! 사이트는 현재 예정된 유지보수를 진행 중입니다.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "정말로 이 조직에서 이 아이덴티티 공급자의 연관을 해제하시겠습니까?",
    "idpUnassociateDescription": "이 아이덴티티 공급자와 연관된 모든 사용자는 이 조직에서 제거될 것이지만, 아이덴티티 공급자는 다른 연관된 조직에 계속해서 존재할 것입니다.",
    "idpUnassociateConfirm": "아이덴티티 공급자 연관 해제 확인",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "조직에서 삭제하고 제거하기",
+    "idpUnassociateAndRemoveMeFromOrg": "조직에서 연관 해제하고 제거하기",
    "idpUnassociateWarning": "이 조직에서 이것은 되돌릴 수 없습니다.",
    "idpUnassociatedDescription": "아이덴티티 공급자가 이 조직에서 성공적으로 연관 해제되었습니다",
    "idpUnassociateMenu": "연관 해제",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "연결 중…",
    "sshInitializing": "초기화 중…",
    "sshSignInTitle": "SSH에 로그인",
-    "sshSignInDescription": "SSH 자격 증명을 입력하세요",
+    "sshSignInDescription": "연결하려면 SSH 자격 증명을 입력하세요",
    "sshPasswordTab": "비밀번호",
    "sshPrivateKeyTab": "개인 키",
    "sshPrivateKeyField": "개인 키",
    "sshPrivateKeyDisclaimer": "당신의 개인 키는 Pangolin에 저장되거나 보이지 않습니다. 대신, 기존 Pangolin 신원을 사용하여 매끄러운 인증을 제공하는 단기 인증서를 사용할 수 있습니다.",
    "sshLearnMore": "자세히 알아보기",
    "sshPrivateKeyFile": "개인 키 파일",
-    "sshAuthenticate": "인증",
+    "sshAuthenticate": "연결",
    "sshTerminate": "종료",
    "sshPoweredBy": "제공자",
    "sshErrorNoTarget": "지정된 대상이 없습니다",
    "sshErrorWebSocket": "WebSocket 연결 실패",
    "sshErrorAuthFailed": "인증 실패",
-    "sshErrorConnectionClosed": "인증이 완료되기 전에 연결이 닫혔습니다"
+    "sshErrorConnectionClosed": "인증이 완료되기 전에 연결이 닫혔습니다",
+    "sitePangolinSshDescription": "이 사이트의 리소스에 SSH 접속을 허용합니다. 나중에 변경할 수 있습니다.",
+    "browserGatewayNoResourceForDomain": "이 도메인에 대한 리소스를 찾을 수 없습니다",
+    "browserGatewayNoTarget": "대상 없음",
+    "browserGatewayConnect": "연결",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "PAM 푸시 인증을 위한 SSH 키 서명 실패. 사용자로 로그인하셨나요?",
+    "sshTerminalError": "오류: {error}",
+    "sshConnectionClosedCode": "연결 종료됨 (코드 {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "프라이빗 키가 필요합니다",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "연결하려면 VNC 비밀번호를 입력하세요",
+    "vncPasswordOptional": "비밀번호 (선택 사항)",
+    "vncNoResourceTarget": "사용할 수 있는 리소스 대상이 없습니다",
+    "vncFailedToLoadNovnc": "noVNC 로드를 실패했습니다",
+    "vncAuthFailedStatus": "상태 {status}",
+    "vncPasteClipboard": "클립보드 붙여넣기",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "원격 데스크톱에 로그인",
+    "rdpSignInDescription": "연결하려면 Windows 자격 증명을 입력하세요",
+    "rdpLoadingModule": "모듈 로딩 중...",
+    "rdpFailedToLoadModule": "RDP 모듈 로딩 실패",
+    "rdpNotReady": "준비되지 않음",
+    "rdpModuleInitializing": "RDP 모듈이 아직 초기화 중입니다",
+    "rdpDownloadingFiles": "원격에서 {count}개의 파일 다운로드 중…",
+    "rdpDownloadFailed": "다운로드 실패: {fileName}",
+    "rdpUploaded": "업로드 완료: {fileName}",
+    "rdpNoConnectionTarget": "연결 대상 없음",
+    "rdpConnectionFailed": "연결 실패",
+    "rdpFit": "적합",
+    "rdpFull": "전체",
+    "rdpReal": "실제",
+    "rdpMeta": "메타",
+    "rdpUploadFiles": "파일 업로드",
+    "rdpFilesReadyToPaste": "붙여넣기 준비 완료된 파일",
+    "rdpFilesReadyToPasteDescription": "{count}개의 파일이 원격 클립보드에 복사되었습니다 — 원격 데스크탑에서 Ctrl+V를 눌러 붙여 넣으세요.",
+    "rdpUploadFailed": "업로드 실패",
+    "rdpUnicodeKeyboardMode": "유니코드 키보드 모드",
+    "sessionToolbarShow": "툴바 보기",
+    "sessionToolbarHide": "툴바 숨기기"
 }
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Vis private ressurser",
    "siteInstallNewt": "Installer Newt",
    "siteInstallNewtDescription": "Få Newt til å kjøre på systemet ditt",
+    "siteInstallKubernetesDocsDescription": "For mer og oppdatert informasjon om Kubernetes-installasjon, se <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "For installasjonsinstruksjoner for Advantech-modem, se <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Konfigurasjon",
    "WgConfigurationDescription": "Bruk følgende konfigurasjon for å koble til nettverket",
    "operatingSystem": "Operativsystem",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.",
    "siteInfo": "Områdeinformasjon",
    "status": "Status",
-    "shareTitle": "Administrer delingslenker",
+    "shareTitle": "Administrer delbare lenker",
    "shareDescription": "Opprett delbare lenker for å gi midlertidige eller permanent tilgang til proxyressurser",
-    "shareSearch": "Søk delingslenker...",
-    "shareCreate": "Opprett delingslenke",
+    "shareSearch": "Søk delbare lenker...",
+    "shareCreate": "Opprett delbar lenke",
    "shareErrorDelete": "Klarte ikke å slette lenke",
    "shareErrorDeleteMessage": "En feil oppstod ved sletting av lenke",
    "shareDeleted": "Lenke slettet",
    "shareDeletedDescription": "Lenken har blitt slettet",
-    "shareDelete": "Slett delingslenke",
-    "shareDeleteConfirm": "Bekreft sletting av delingslenke",
+    "shareDelete": "Slett delbar lenke",
+    "shareDeleteConfirm": "Bekreft sletting av delbar lenke",
    "shareQuestionRemove": "Er du sikker på at du vil slette denne delingslenken?",
    "shareMessageRemove": "Når slettet, vil lenken ikke lenger fungere, og alle som bruker den vil miste tilgang til ressursen.",
    "shareTokenDescription": "Adgangstoken kan sendes på to måter: som en spørringsparameter eller i forespørselsoverskriftene. Disse må sendes fra klienten på hver forespørsel om autentisert tilgang.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Alle med denne lenken får tilgang til ressursen",
    "shareTitleOptional": "Tittel (valgfritt)",
    "sharePathOptional": "Bane (valgfritt)",
+    "sharePathDescription": "Lenken vil videresende brukere til denne stien etter autentisering.",
    "expireIn": "Utløper om",
    "neverExpire": "Utløper aldri",
    "shareExpireDescription": "Utløpstid er hvor lenge lenken vil være brukbar og gi tilgang til ressursen. Etter denne tiden vil lenken ikke lenger fungere, og brukere som brukte denne lenken vil miste tilgangen til ressursen.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Vennligst velg en ressurs",
    "proxyResourceTitle": "Administrere offentlige ressurser",
    "proxyResourceDescription": "Opprett og administrer ressurser som er offentlig tilgjengelige via en nettleser",
-    "publicResourcesBannerTitle": "Nettbasert offentlig tilgang",
-    "publicResourcesBannerDescription": "Offentlige ressurser er HTTPS- eller TCP/UDP-proxyer tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klient-basert programvare og kan inkludere identitets- og kontekstbevisste tilgangspolicyer.",
+    "publicResourcesBannerTitle": "Web-basert offentlig tilgang",
+    "publicResourcesBannerDescription": "Offentlige ressurser er HTTPS-proxyer som er tilgjengelige for alle på internett via en nettleser. I motsetning til private ressurser, krever de ikke klientprogramvare og kan inkludere identitets- og kontekstsensitive tilgangspolicyer.",
    "clientResourceTitle": "Administrer private ressurser",
    "clientResourceDescription": "Opprette og administrere ressurser som bare er tilgjengelige via en tilkoblet klient",
    "privateResourcesBannerTitle": "Zero-Trust privat tilgang",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Søk i ressurser...",
    "resourceAdd": "Legg til ressurs",
    "resourceErrorDelte": "Feil ved sletting av ressurs",
-    "resourcePoliciesTitle": "Administrer Ressurspolitikk",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Vedlagte ressurser",
+    "resourcePoliciesBannerTitle": "Gjenbruk autentisering og tilgangsregler",
+    "resourcePoliciesBannerDescription": "Delte ressursretningslinjer lar deg definere autentiseringsmetoder og tilgangsregler en gang, for deretter å knytte dem til flere offentlige ressurser. Når du oppdaterer en policy, arver alle tilknyttede ressurser endringen automatisk.",
+    "resourcePoliciesBannerButtonText": "Lær mer",
+    "resourcePoliciesTitle": "Administrer offentlige ressursretningslinjer",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ressurser",
    "resourcePoliciesAttachedResources": "{count} ressurs(er)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ressurs} other {# ressurser}}",
    "resourcePoliciesAttachedResourcesEmpty": "ingen ressurser",
-    "resourcePoliciesDescription": "Opprett og administrer autentiseringsregler for å kontrollere tilgang til dine ressurser",
+    "resourcePoliciesDescription": "Opprett og administrer autentiseringsretningslinjer for å kontrollere tilgang til dine offentlige ressurser",
    "resourcePoliciesSearch": "Søk etter regler...",
    "resourcePoliciesAdd": "Legg til policy",
    "resourcePoliciesDefaultBadgeText": "Standard politisk",
-    "resourcePoliciesCreate": "Opprett Ressurspolitikk",
+    "resourcePoliciesCreate": "Opprett offentlig ressursretningslinje",
    "resourcePoliciesCreateDescription": "Følg trinnene nedenfor for å lage en ny policy",
    "resourcePolicyName": "Polisnavn",
    "resourcePolicyNameDescription": "Gi denne policynavnet for å identifisere den på tvers av dine ressurser",
@@ -274,7 +281,7 @@
    "back": "Tilbake",
    "cancel": "Avbryt",
    "resourceConfig": "Konfigurasjonsutdrag",
-    "resourceConfigDescription": "Kopier og lim inn disse konfigurasjons-øyeblikkene for å sette opp TCP/UDP ressursen",
+    "resourceConfigDescription": "Kopier og lim inn disse konfigurasjonsbitene for å sette opp TCP/UDP ressursen.",
    "resourceAddEntrypoints": "Traefik: Legg til inngangspunkter",
    "resourceExposePorts": "Gerbil: Eksponer Porter i Docker Compose",
    "resourceLearnRaw": "Lær hvordan å konfigurere TCP/UDP-ressurser",
@@ -287,6 +294,8 @@
    "labelDelete": "Slett etikett",
    "labelAdd": "Legg til etikett",
    "labelCreateSuccessMessage": "Etikett opprettet vellykket",
+    "labelDuplicateError": "Dupliser etikett",
+    "labelDuplicateErrorDescription": "En etikett med dette navnet finnes allerede.",
    "labelEditSuccessMessage": "Etikett endret vellykket",
    "labelNameField": "Etikettnavn",
    "labelColorField": "Etikettfarge",
@@ -311,7 +320,7 @@
    "rules": "Regler",
    "resourceSettingDescription": "Konfigurere innstillingene på ressursen",
    "resourceSetting": "{resourceName} Innstillinger",
-    "resourcePolicySettingDescription": "Konfigurer innstillingene på ressurspolitikken",
+    "resourcePolicySettingDescription": "Konfigurer innstillingene for denne offentlige ressursretningslinjen",
    "resourcePolicySetting": "{policyName} Innstillinger",
    "alwaysAllow": "Omgå Auth",
    "alwaysDeny": "Blokker tilgang",
@@ -719,7 +728,7 @@
    "targetSubmit": "Legg til mål",
    "targetNoOne": "Denne ressursen har ikke noen mål. Legg til et mål for å konfigurere hvor du vil sende forespørsler til backend.",
    "targetNoOneDescription": "Å legge til mer enn ett mål ovenfor vil aktivere lastbalansering.",
-    "targetsSubmit": "Lagre mål",
+    "targetsSubmit": "Lagre innstillinger",
    "addTarget": "Legg til mål",
    "proxyMultiSiteRoundRobinNodeHelp": "Rundkjøringrutefordeling vil ikke fungere mellom steder som ikke er koblet til samme node, men failover vil fungere.",
    "targetErrorInvalidIp": "Ugyldig IP-adresse",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Duplisert regel",
    "rulesErrorDuplicateDescription": "En regel med disse innstillingene finnes allerede",
    "rulesErrorInvalidIpAddressRange": "Ugyldig CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Vennligst skriv inn en gyldig CIDR-verdi",
-    "rulesErrorInvalidUrl": "Ugyldig URL-sti",
-    "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig verdi for URL-sti",
-    "rulesErrorInvalidIpAddress": "Ugyldig IP",
-    "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IP-adresse",
+    "rulesErrorInvalidIpAddressRangeDescription": "Skriv inn et gyldig CIDR-område (f.eks. 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Ugyldig sti",
+    "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig URL-sti eller et mønster (f.eks., /api/*).",
+    "rulesErrorInvalidIpAddress": "Ugyldig IP-adresse",
+    "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IPv4 eller IPv6 adresse.",
    "rulesErrorUpdate": "Kunne ikke oppdatere regler",
    "rulesErrorUpdateDescription": "Det oppsto en feil under oppdatering av regler",
    "rulesUpdated": "Aktiver Regler",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Angi en IP-adresse (f.eks. 103.21.244.12)",
    "rulesMatchUrl": "Skriv inn en URL-sti eller et mønster (f.eks. /api/v1/todos eller /api/v1/*)",
    "rulesErrorInvalidPriority": "Ugyldig prioritet",
-    "rulesErrorInvalidPriorityDescription": "Vennligst skriv inn en gyldig prioritet",
-    "rulesErrorDuplicatePriority": "Dupliserte prioriteringer",
-    "rulesErrorDuplicatePriorityDescription": "Vennligst angi unike prioriteringer",
+    "rulesErrorInvalidPriorityDescription": "Skriv inn et heltall på 1 eller høyere.",
+    "rulesErrorDuplicatePriority": "Dupliserte prioriteter",
+    "rulesErrorDuplicatePriorityDescription": "Hver regel må ha et unikt prioritetstall.",
+    "rulesErrorValidation": "Ugyldige regler",
+    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Velg en gyldig samsvarstype (sti, IP, CIDR, land, region eller ASN).",
+    "rulesErrorValueRequired": "Skriv inn en verdi for denne regelen.",
+    "rulesErrorInvalidCountry": "Ugyldig land",
+    "rulesErrorInvalidCountryDescription": "Velg et gyldig land.",
+    "rulesErrorInvalidAsn": "Ugyldig ASN",
+    "rulesErrorInvalidAsnDescription": "Skriv inn en gyldig ASN (f.eks., AS15169).",
    "ruleUpdated": "Regler oppdatert",
    "ruleUpdatedDescription": "Reglene er oppdatert",
    "ruleErrorUpdate": "Operasjon mislyktes",
    "ruleErrorUpdateDescription": "En feil oppsto under lagringsoperasjonen",
    "rulesPriority": "Prioritet",
+    "rulesReorderDragHandle": "Dra for å omorganisere regelprioriteringen",
    "rulesAction": "Handling",
    "rulesMatchType": "Trefftype",
    "value": "Verdi",
@@ -792,7 +810,7 @@
    "rulesResource": "Konfigurasjon av ressursregler",
    "rulesResourceDescription": "Konfigurer regler for å kontrollere tilgang til ressursen",
    "ruleSubmit": "Legg til regel",
-    "rulesNoOne": "Ingen regler. Legg til en regel ved å bruke skjemaet.",
+    "rulesNoOne": "Ingen regler ennå.",
    "rulesOrder": "Regler evalueres etter prioritet i stigende rekkefølge.",
    "rulesSubmit": "Lagre regler",
    "policyErrorCreate": "Feil ved opprettelse av policy",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "En uventet feil oppstod",
    "policyCreatedSuccess": "Ressurspolitikken ble opprettet vellykket",
    "policyUpdatedSuccess": "Ressurspolitikken ble oppdatert vellykket",
-    "authMethodsSave": "Lagre autentiseringsmetoder",
+    "authMethodsSave": "Lagre innstillinger",
+    "policyAuthStackTitle": "Autentisering",
+    "policyAuthStackDescription": "Kontroller hvilke autentiseringsmetoder som kreves for å få tilgang til denne ressursen",
+    "policyAuthOrLogicTitle": "Flere autentiseringsmetoder aktive",
+    "policyAuthOrLogicBanner": "Besøkende kan autentisere ved bruk av en hvilken som helst av de aktive metodene nedenfor. De trenger ikke å fullføre alle.",
+    "policyAuthMethodActive": "Aktiv",
+    "policyAuthMethodOff": "Av",
+    "policyAuthSsoTitle": "Plattform SSO",
+    "policyAuthSsoDescription": "Krev pålogging gjennom din organisasjons identitetsleverandør",
+    "policyAuthSsoSummary": "{idp} · {users} brukere, {roles} roller",
+    "policyAuthSsoDefaultIdp": "Standardleverandør",
+    "policyAuthAddDefaultIdentityProvider": "Legg til standard identitetsleverandør",
+    "policyAuthOtherMethodsTitle": "Andre metoder",
+    "policyAuthOtherMethodsDescription": "Valgfrie metoder som besøkende kan bruke i stedet for eller i tillegg til plattform SSO",
+    "policyAuthPasscodeTitle": "Kodeord",
+    "policyAuthPasscodeDescription": "Krev en delt alfanumerisk kodeord for å få tilgang til ressursen",
+    "policyAuthPasscodeSummary": "Kodeord satt",
+    "policyAuthPincodeTitle": "PIN-kode",
+    "policyAuthPincodeDescription": "En kort numerisk kode kreves for å få tilgang til ressursen",
+    "policyAuthPincodeSummary": "6-sifret PIN satt",
+    "policyAuthEmailTitle": "E-post hviteliste",
+    "policyAuthEmailDescription": "Tillat oppførte e-postadresser med engangspassord",
+    "policyAuthEmailSummary": "{count} adresser tillatt",
+    "policyAuthEmailOtpCallout": "Aktivering av e-post hviteliste sender en engangskode til den besøkendes e-post ved innlogging.",
+    "policyAuthHeaderAuthTitle": "Grunnleggende Header Autentisering",
+    "policyAuthHeaderAuthDescription": "Bekreft et tilpasset HTTP-headernavn og verdi ved hver forespørsel",
+    "policyAuthHeaderAuthSummary": "Header konfigurert",
+    "policyAuthHeaderName": "Headernavn",
+    "policyAuthHeaderValue": "Forventet verdi",
+    "policyAuthSetPasscode": "Angi passordkode",
+    "policyAuthSetPincode": "Sett PIN-kode",
+    "policyAuthSetEmailWhitelist": "Angi e-post hviteliste",
+    "policyAuthSetHeaderAuth": "Sett grunnleggende Header Autentisering",
+    "policyAccessRulesTitle": "Tilgangsregler",
+    "policyAccessRulesEnableDescription": "Når aktivert, blir regler evaluert i synkende rekkefølge til en evaluerer til sann.",
+    "policyAccessRulesFirstMatch": "Regler evalueres ovenfra og ned. Den første samsvarande regeln bestemmer utfall.",
+    "policyAccessRulesHowItWorks": "Regler samsvarer forespørsler etter sti, IP-adresse, lokasjon eller andre kriterier. Hver regel anvender en handling: omgå autentisering, blokkere tilgang, eller sende til autentisering. Hvis ingen regler samsvarer, fortsetter trafikken til autentisering.",
+    "policyAccessRulesFallthroughOff": "Når regler er deaktivert, går all trafikk gjennom til autentisering.",
+    "policyAccessRulesFallthroughOn": "Når ingen regler samsvarer, fortsetter trafikken til autentisering.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Lagre Regler",
    "resourceErrorCreate": "Feil under oppretting av ressurs",
    "resourceErrorCreateDescription": "Det oppstod en feil under oppretting av ressursen",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "En feil oppstod under oppdatering av ressursen",
    "access": "Tilgang",
    "accessControl": "Tilgangskontroll",
-    "shareLink": "{resource} Del Lenke",
+    "shareLink": "{resource} Delbar lenke",
    "resourceSelect": "Velg ressurs",
-    "shareLinks": "Del lenker",
+    "shareLinks": "Delbare lenker",
    "share": "Delbare lenker",
    "shareDescription2": "Opprett delbare lenker til ressurser. Lenker gir midlertidig eller ubegrenset tilgang til din ressurs. Du kan konfigurere utløpsvarigheten på lenken når du oppretter en.",
    "shareEasyCreate": "Enkelt å lage og dele",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Administratorer har alltid tilgang til denne ressursen.",
    "resourcePolicySelectTitle": "Ressurstilgangspolitikk",
    "resourcePolicySelectDescription": "Velg policytype for autentisering",
+    "resourcePolicyTypeLabel": "Policy-type",
+    "resourcePolicyLabel": "Ressurspolicy",
    "resourcePolicyInline": "Inline Ressursregler",
    "resourcePolicyInlineDescription": "Tilgangspolitikk som kun er gyldig for denne ressursen",
    "resourcePolicyShared": "Delte Ressursregler",
-    "resourcePolicySharedDescription": "Denne ressursen bruker en delt policy. Policyinnstillinger (autentiseringsmetoder, e-post whitelist) er låst. Du kan legge til ressurs-spesifikke regler, roller, og brukere nedenfor.",
+    "resourcePolicySharedDescription": "Denne ressursen bruker en delt policy.",
+    "sharedPolicy": "Delt policy",
+    "sharedPolicyNoneDescription": "Denne ressursen har sin egen policy.",
+    "resourceSharedPolicyOwnDescription": "Denne ressursen har sine egne autentiserings- og tilgangskontroller.",
+    "resourceSharedPolicyInheritedDescription": "Denne ressursen arver fra <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Denne ressursen bruker en delt policy. Noen autentiseringsinnstillinger kan redigeres på denne ressursen for å legge til policyen. For å endre den underliggende policyen, må du redigere til <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Denne ressursen bruker en delt policy. Noen tilgangsregler kan redigeres på denne ressursen. For å endre den underliggende policyen, må du redigere <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Tilgangskontroller",
    "resourceUsersRolesDescription": "Konfigurer hvilke brukere og roller som har tilgang til denne ressursen",
    "resourceUsersRolesSubmit": "Lagre tilgangskontroller",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Synlighet",
    "resourceVisibilityTitleDescription": "Fullstendig aktiver eller deaktiver ressursynlighet",
    "resourceGeneral": "Generelle innstillinger",
-    "resourceGeneralDescription": "Konfigurer de generelle innstillingene for denne ressursen",
+    "resourceGeneralDescription": "Konfigurer navn, adresse og tilgangspolicy for denne ressursen.",
+    "resourceGeneralDetailsSubsection": "Ressursdetaljer",
+    "resourceGeneralDetailsSubsectionDescription": "Angi visningsnavn, identifikator og offentlig tilgjengelig domene for denne ressursen.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Angi visningsnavn, identifikator og offentlig port for denne ressursen.",
+    "resourceGeneralPublicAddressSubsection": "Offentlig adresse",
+    "resourceGeneralPublicAddressSubsectionDescription": "Konfigurer hvordan brukere får tilgang til denne ressursen.",
+    "resourceGeneralAuthenticationAccessSubsection": "Autentisering og tilgang",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Velg om denne ressursen bruker sin egen policy eller arver fra en delt policy.",
    "resourceEnable": "Aktiver ressurs",
    "resourceTransfer": "Overfør Ressurs",
    "resourceTransferDescription": "Overfør denne ressursen til et annet område",
@@ -1220,11 +1294,14 @@
    "addLabels": "Legg til etiketter",
    "siteLabelsTab": "Etiketter",
    "siteLabelsDescription": "Administrer etiketter knyttet til dette nettstedet.",
-    "labelsNotFound": "Etiketter ikke funnet",
+    "labelsNotFound": "Ingen etiketter funnet.",
+    "labelsEmptyCreateHint": "Start å skrive ovenfor for å lage en etikett.",
    "labelSearch": "Søk etter etiketter",
+    "labelSearchOrCreate": "Søk eller opprett en etikett",
    "accessLabelFilterCount": "{count, plural, one {en etikett} other {# etiketter}}",
    "labelOverflowCount": "+{count, plural, one {en etikett} other {# etiketter}}",
    "accessLabelFilterClear": "Fjern etikettfiltre",
+    "accessFilterClear": "Fjern filtre",
    "selectColor": "Velg farge",
    "createNewLabel": "Opprett ny org-etikett \"{label}\"",
    "inviteInvalidDescription": "Invitasjonslenken er ugyldig.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Ressurser",
    "sidebarProxyResources": "Offentlig",
    "sidebarClientResources": "Privat",
-    "sidebarPolicies": "Retningslinjer",
-    "sidebarResourcePolicies": "Ressurser",
+    "sidebarPolicies": "Delte policies",
+    "sidebarResourcePolicies": "Offentlige ressurser",
    "sidebarAccessControl": "Tilgangskontroll",
    "sidebarLogsAndAnalytics": "Logger og analyser",
    "sidebarTeam": "Lag",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Invitasjoner",
    "sidebarRoles": "Roller",
-    "sidebarShareableLinks": "Lenker",
+    "sidebarShareableLinks": "Delbare lenker",
    "sidebarApiKeys": "API-nøkler",
    "sidebarProvisioning": "Levering",
    "sidebarSettings": "Innstillinger",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Ressurs {id}",
    "blueprints": "Tegninger",
    "blueprintsLog": "Blåkopieringslogg",
-    "blueprintsDescription": "Vis tidligere applikasjoner av blåkopier og deres resultater",
+    "blueprintsDescription": "Se tidligere blueprint-applikasjoner og deres resultater, eller bruk et nytt blueprint",
    "blueprintAdd": "Legg til blåkopi",
    "blueprintGoBack": "Se alle blåkopier",
    "blueprintCreate": "Opprette mal",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Aktiver Docker blåkopi",
    "enableDockerSocketDescription": "Aktiver Docker Socket etikett skrubbing for blueprint etiketter. Socket bane må oppgis til nettstedkobleren. Les om hvordan dette fungerer i <docsLink>dokumentasjonen</docsLink>.",
    "newtAutoUpdate": "Aktiver Automatisk Oppdatering av Nettsted",
-    "newtAutoUpdateDescription": "Når aktivert, vil nettstedskoblere automatisk oppdatere til nyeste versjon når en ny utgave er tilgjengelig.",
+    "newtAutoUpdateDescription": "Når aktivert, vil nettstedskoblinger automatisk laste ned den nyeste versjonen og starte seg selv på nytt. Dette kan overstyres på basis per nettsted.",
    "siteAutoUpdate": "Automatisk Oppdatering av Nettsted",
    "siteAutoUpdateLabel": "Aktiver Automatisk Oppdatering",
-    "siteAutoUpdateDescription": "Kontroller om denne sidens kobler automatisk laster ned den nyeste versjonen.",
+    "siteAutoUpdateDescription": "Når aktivert, vil denne nettstedets kobling automatisk laste ned den nyeste versjonen og starte seg selv på nytt.",
    "siteAutoUpdateOrgDefault": "Organisasjon standard: {state}",
    "siteAutoUpdateOverriding": "Overstyrer organisasjonens innstilling",
    "siteAutoUpdateResetToOrg": "Tilbakestill til Organisasjonsstandard",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Kontooppsett fullført! Velkommen til Pangolin!",
    "documentation": "Dokumentasjon",
    "saveAllSettings": "Lagre alle innstillinger",
-    "saveResourceTargets": "Lagre mål",
-    "saveResourceHttp": "Lagre proxy-innstillinger",
-    "saveProxyProtocol": "Lagre proxy-protokollinnstillinger",
+    "saveResourceTargets": "Lagre innstillinger",
+    "saveResourceHttp": "Lagre innstillinger",
+    "saveProxyProtocol": "Lagre innstillinger",
    "settingsUpdated": "Innstillinger oppdatert",
    "settingsUpdatedDescription": "Innstillinger oppdatert vellykket",
    "settingsErrorUpdate": "Klarte ikke å oppdatere innstillinger",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Ukjent",
    "healthCheck": "Helsekontroll",
    "configureHealthCheck": "Konfigurer Helsekontroll",
-    "configureHealthCheckDescription": "Sett opp helsekontroll for {target}",
+    "configureHealthCheckDescription": "Sett opp overvåking av ressursen din for å sikre at den alltid er tilgjengelig",
    "enableHealthChecks": "Aktiver Helsekontroller",
    "healthCheckDisabledStateDescription": "Når deaktivert, vil ikke nettstedet utføre helsekontroller, og tilstanden vil anses som ukjent.",
    "enableHealthChecksDescription": "Overvåk helsen til dette målet. Du kan overvåke et annet endepunkt enn målet hvis nødvendig.",
    "healthScheme": "Metode",
    "healthSelectScheme": "Velg metode",
-    "healthCheckPortInvalid": "Helsekontrollporten må være mellom 1 og 65535",
+    "healthCheckPortInvalid": "Porten må være mellom 1 og 65535",
    "healthCheckPath": "Sti",
    "healthHostname": "IP / Vert",
    "healthPort": "Port",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Krev enhetsgodkjenning",
    "requireDeviceApprovalDescription": "Brukere med denne rollen trenger nye enheter godkjent av en admin før de kan koble seg og få tilgang til ressurser.",
    "sshSettings": "SSH Innstillinger",
+    "sshAccess": "SSH-tilgang",
    "rdpSettings": "RDP Innstillinger",
    "vncSettings": "VNC Innstillinger",
    "sshServer": "SSH-server",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Sørg for at målenheten din er riktig konfigurert for å kjøre autentiseringsdaemon før du fullfører denne oppsettet, eller klargjøring vil mislykkes.",
    "sshDaemonPort": "Daemon-port",
    "sshServerDestination": "Serverens Destinasjon",
-    "sshServerDestinationDescription": "Konfigurer destinasjonen og porten til SSH-serveren",
+    "sshServerDestinationDescription": "Konfigurer destinasjonen for SSH-serveren",
    "destination": "Destinasjon",
+    "destinationRequired": "Destinasjon er påkrevd.",
+    "domainRequired": "Domene er påkrevd.",
+    "proxyPortRequired": "Port er påkrevd.",
+    "invalidPathConfiguration": "Ugyldig sti-konfigurasjon.",
+    "invalidRewritePathConfiguration": "Ugyldig omskrivingssti-konfigurasjon.",
    "bgTargetMultiSiteDisclaimer": "Ved å velge flere nettsteder aktiveres robust ruting og feilaktig avbrudd for høy tilgjengelighet.",
    "roleAllowSsh": "Tillat SSH",
    "roleAllowSshAllow": "Tillat",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
    "sshSudo": "Tillat sudo",
    "sshSudoCommands": "Sudo kommandoer",
-    "sshSudoCommandsDescription": "Kommaseparert liste over kommandoer brukeren tillates å kjøre med sudo. Absolutte stier må brukes.",
+    "sshSudoCommandsDescription": "Liste over kommandoer brukeren har lov til å kjøre med sudo, separert med komma, mellomrom eller nye linjer. Absolutte stier må brukes.",
    "sshCreateHomeDir": "Opprett hjemmappe",
    "sshUnixGroups": "Unix grupper",
-    "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
+    "sshUnixGroupsDescription": "Unix-grupper å legge til brukeren i på målverten, separert med komma, mellomrom eller nye linjer.",
+    "roleTextFieldPlaceholder": "Skriv inn verdier, eller slipp en .txt eller .csv fil",
+    "roleTextImportTitle": "Importer fra fil",
+    "roleTextImportDescription": "Importerer {fileName} til {fieldLabel}.",
+    "roleTextImportSkipHeader": "Hopp over første rad (header)",
+    "roleTextImportOverride": "Erstatte eksisterende",
+    "roleTextImportAppend": "Legg til eksisterende",
+    "roleTextImportMode": "Importmodus",
+    "roleTextImportPreview": "Forhåndsvisning",
+    "roleTextImportItemCount": "{count, plural, =0 {Ingen elementer å importere} one {ett element å importere} other {# elementer å importere}}",
+    "roleTextImportTotalCount": "{existing} eksisterende + {imported} importert = {total} totalt",
+    "roleTextImportConfirm": "Import",
+    "roleTextImportInvalidFile": "Ustøttet filtype",
+    "roleTextImportInvalidFileDescription": "Bare .txt og .csv filer er støttet.",
+    "roleTextImportEmpty": "Ingen elementer funnet i filen",
+    "roleTextImportEmptyDescription": "Filen inneholder ingen importerbare elementer.",
    "retryAttempts": "Forsøk på nytt",
    "expectedResponseCodes": "Forventede svarkoder",
    "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Aktiver Proxy-protokoll",
    "proxyProtocolInfo": "Bevar klientens IP-adresser for TCP backends",
    "proxyProtocolVersion": "Proxy protokoll versjon",
-    "version1": " Versjon 1 (Anbefalt)",
+    "version1": "Versjon 1 (Anbefalt)",
    "version2": "Versjon 2",
-    "versionDescription": "Versjon 1 er tekstbasert og støttet. Versjon 2 er binært og mer effektivt, men mindre kompatibel.",
+    "version1Description": "Tekstbasert og bredt støttet. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
+    "version2Description": "Binært og mer effektivt, men mindre kompatibel. Sørg for at servertransport er lagt til dynamisk konfigurasjon.",
    "warning": "Advarsel",
    "proxyProtocolWarning": "backend-programmet må konfigureres til å akseptere forbindelser i Proxy Protokoll. Hvis backend ikke støtter Proxy Beskyttelse vil aktivering av dette ødelegge alle tilkoblinger så bare dette hvis du vet hva du gjør. Sørg for å konfigurere backend til å stole på Proxy Protokoll overskrifter fra Traefik.",
    "restarting": "Restarter...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Skriv inn bekreftelse",
    "blueprintViewDetails": "Detaljer",
    "defaultIdentityProvider": "Standard identitetsleverandør",
-    "defaultIdentityProviderDescription": "Når en standard identitetsleverandør er valgt, vil brukeren automatisk bli omdirigert til leverandøren for autentisering.",
+    "defaultIdentityProviderDescription": "Brukeren vil automatisk bli videresendt til denne identitetsleverandøren for autentisering.",
    "editInternalResourceDialogNetworkSettings": "Nettverksinnstillinger",
    "editInternalResourceDialogAccessPolicy": "Tilgangsregler for tilgang",
    "editInternalResourceDialogAddRoles": "Legg til roller",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Vedlikeholdsmodus type",
    "showMaintenancePage": "Vis en vedlikeholdsside til besøkende",
    "enableMaintenanceMode": "Aktiver vedlikeholdsmodus",
+    "enableMaintenanceModeDescription": "Når aktivert, vil besøkende se en vedlikeholdsside i stedet for ressursen din.",
    "automatic": "Automatisk",
    "automaticModeDescription": "Vis vedlikeholdsside kun når alle serverens mål er nede eller usunne. Ressursen din fortsetter å fungere normalt så lenge minst ett mål er sunt.",
    "forced": "Tvunget",
@@ -3082,6 +3182,8 @@
    "warning:": "Advarsel:",
    "forcedeModeWarning": "All trafikk vil bli dirigeres til vedlikeholdssiden. Serverens ressurser vil ikke motta noen forespørsler.",
    "pageTitle": "Sidetittel",
+    "maintenancePageContentSubsection": "Sideinnhold",
+    "maintenancePageContentSubsectionDescription": "Tilpass innholdet som vises på vedlikeholdssiden",
    "pageTitleDescription": "Hovedoverskriften vist på vedlikeholdssiden",
    "maintenancePageMessage": "Vedlikeholdsbeskjed",
    "maintenancePageMessagePlaceholder": "Vi kommer snart tilbake! Vårt nettsted gjennomgår for øyeblikket planlagt vedlikehold.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Er du sikker på at du vil frakoble denne identitetsleverandøren fra denne organisasjonen?",
    "idpUnassociateDescription": "Alle brukere knyttet til denne identitetsleverandøren vil bli fjernet fra denne organisasjonen, men identitetsleverandøren vil fortsatt eksistere for andre tilknyttede organisasjoner.",
    "idpUnassociateConfirm": "Bekreft frakobling av identitetsleverandør",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "SLETT OG FJERN MEG FRA ORGANISASJONEN",
+    "idpUnassociateAndRemoveMeFromOrg": "AVKOBLE OG FJERN MEG FRA ORGANISASJONEN",
    "idpUnassociateWarning": "Dette kan ikke angres for denne organisasjonen.",
    "idpUnassociatedDescription": "Identitetsleverandør er vellykket frakoblet fra denne organisasjonen",
    "idpUnassociateMenu": "Frakoble",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Kobler til…",
    "sshInitializing": "Initialiserer…",
    "sshSignInTitle": "Logg inn på SSH",
-    "sshSignInDescription": "Oppgi dine SSH-legitimasjoner",
+    "sshSignInDescription": "Skriv inn dine SSH-legitimasjon for å koble til",
    "sshPasswordTab": "Passord",
    "sshPrivateKeyTab": "Privat Nøkkel",
    "sshPrivateKeyField": "Privat Nøkkel",
    "sshPrivateKeyDisclaimer": "Din private nøkkel er ikke lagret eller synlig for Pangolin. Alternativt kan du bruke kortevaliderte sertifikater for sømløs autentisering ved å bruke din eksisterende Pangolin-identitet.",
    "sshLearnMore": "Lær mer",
    "sshPrivateKeyFile": "Privat Nøkkelfil",
-    "sshAuthenticate": "Autentiser",
+    "sshAuthenticate": "Koble til",
    "sshTerminate": "Avslutt",
    "sshPoweredBy": "Drevet av",
    "sshErrorNoTarget": "Ingen mål spesifisert",
    "sshErrorWebSocket": "WebSocket-tilkobling mislyktes",
    "sshErrorAuthFailed": "Autentisering mislyktes",
-    "sshErrorConnectionClosed": "Tilkobling avsluttet før autentisering ble fullført"
+    "sshErrorConnectionClosed": "Tilkobling avsluttet før autentisering ble fullført",
+    "sitePangolinSshDescription": "Tillat SSH-tilgang til ressurser på dette nettstedet. Dette kan endres senere.",
+    "browserGatewayNoResourceForDomain": "Ingen ressurser funnet for dette domenet",
+    "browserGatewayNoTarget": "Ingen mål",
+    "browserGatewayConnect": "Koble til",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Kunne ikke signere SSH-nøkkel for PAM-påloggingsautentisering. Logget du inn som bruker?",
+    "sshTerminalError": "Feil: {error}",
+    "sshConnectionClosedCode": "Tilkoblingen ble lukket (kode {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGYNN OPENSSH PRIVAT NØKKEL-----",
+    "sshPrivateKeyRequired": "Privat nøkkel er påkrevd",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Skriv inn VNC-passordet for å koble til",
+    "vncPasswordOptional": "Passord (valgfritt)",
+    "vncNoResourceTarget": "Ingen ressursemål tilgjengelig",
+    "vncFailedToLoadNovnc": "Klarte ikke å laste noVNC",
+    "vncAuthFailedStatus": "Status {status}",
+    "vncPasteClipboard": "Lim inn utklippstavle",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Logg på Fjernskrivebord",
+    "rdpSignInDescription": "Skriv inn Windows-legitimasjon for å koble til",
+    "rdpLoadingModule": "Laster modul...",
+    "rdpFailedToLoadModule": "Kunne ikke laste RDP-modul",
+    "rdpNotReady": "Ikke klar",
+    "rdpModuleInitializing": "RDP-modulen er fortsatt under initialisering",
+    "rdpDownloadingFiles": "Laster ned {count} fil(er) fra fjern…",
+    "rdpDownloadFailed": "Nedlasting feilet: {fileName}",
+    "rdpUploaded": "Opplastet: {fileName}",
+    "rdpNoConnectionTarget": "Ingen tilkoblingsmål tilgjengelig",
+    "rdpConnectionFailed": "Tilkoblingen feilet",
+    "rdpFit": "Tilpass",
+    "rdpFull": "Full",
+    "rdpReal": "Ekte",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Last opp filer",
+    "rdpFilesReadyToPaste": "Filer klare til å limes inn",
+    "rdpFilesReadyToPasteDescription": "{count} fil(er) kopiert til fjernutklippstavlen — trykk Ctrl+V på fjernskrivebordet for å lime inn.",
+    "rdpUploadFailed": "Opplastningen mislyktes",
+    "rdpUnicodeKeyboardMode": "Unicode tastaturmodus",
+    "sessionToolbarShow": "Vis verktøylinje",
+    "sessionToolbarHide": "Skjul verktøylinje"
 }
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Privébronnen bekijken",
    "siteInstallNewt": "Installeer Newt",
    "siteInstallNewtDescription": "Laat Newt draaien op uw systeem",
+    "siteInstallKubernetesDocsDescription": "Voor meer informatie over de installatie van Kubernetes, zie <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Voor instructies voor de installatie van Advantech modems, zie <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "WireGuard Configuratie",
    "WgConfigurationDescription": "Gebruik de volgende configuratie om verbinding te maken met het netwerk",
    "operatingSystem": "Operating systeem",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
    "siteInfo": "Site informatie",
    "status": "Status",
-    "shareTitle": "Beheer deellinks",
+    "shareTitle": "Beheer Deelbare Links",
    "shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot proxybronnen te verlenen",
-    "shareSearch": "Zoek share links...",
-    "shareCreate": "Maak Share link",
+    "shareSearch": "Zoek deelbare links...",
+    "shareCreate": "Creëer Deelbare Link",
    "shareErrorDelete": "Kan link niet verwijderen",
    "shareErrorDeleteMessage": "Fout opgetreden tijdens het verwijderen link",
    "shareDeleted": "Link verwijderd",
    "shareDeletedDescription": "De link is verwijderd",
-    "shareDelete": "Verwijder Deel Link",
-    "shareDeleteConfirm": "Bevestig verwijdering van Deel Link",
+    "shareDelete": "Verwijder Deelbare Link",
+    "shareDeleteConfirm": "Bevestig Verwijdering Deelbare Link",
    "shareQuestionRemove": "Weet u zeker dat u deze deel link wilt verwijderen?",
    "shareMessageRemove": "Zodra verwijderd, zal de link niet meer werken en zal iedereen die het gebruikt de toegang tot de bron verliezen.",
    "shareTokenDescription": "De toegangstoken kan op twee manieren worden doorgegeven: als queryparameter of in de aanvraagheaders. Deze moeten worden doorgegeven van de client op elk verzoek voor geverifieerde toegang.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Iedereen met deze link heeft toegang tot de pagina",
    "shareTitleOptional": "Titel (optioneel)",
    "sharePathOptional": "Pad (optioneel)",
+    "sharePathDescription": "De link zal gebruikers naar dit pad doorsturen na authenticatie.",
    "expireIn": "Vervalt in",
    "neverExpire": "Nooit verlopen",
    "shareExpireDescription": "Vervaltijd is hoe lang de link bruikbaar is en geeft toegang tot de bron. Na deze tijd zal de link niet meer werken en zullen gebruikers die deze link hebben gebruikt de toegang tot de pagina verliezen.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Selecteer een bron",
    "proxyResourceTitle": "Openbare bronnen beheren",
    "proxyResourceDescription": "Creëer en beheer bronnen die openbaar toegankelijk zijn via een webbrowser",
-    "publicResourcesBannerTitle": "Webgebaseerde openbare toegang",
-    "publicResourcesBannerDescription": "Openbare bronnen zijn HTTPS of TCP/UDP-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot priv<EFBFBD><EFBFBD>bronnen vereisen ze geen client-side software maar kunnen ze identiteits- en context-bewuste toegangsrichtlijnen bevatten.",
+    "publicResourcesBannerTitle": "Web-gebaseerde Openbare Toegang",
+    "publicResourcesBannerDescription": "Openbare bronnen zijn HTTPS-proxies die toegankelijk zijn voor iedereen op het internet via een webbrowser. In tegenstelling tot privébronnen hoeven ze geen client-software te hebben en kunnen ze identiteit- en context bewuste toegangsmiddelen bevatten.",
    "clientResourceTitle": "Privébronnen beheren",
    "clientResourceDescription": "Creëer en beheer bronnen die alleen toegankelijk zijn via een verbonden client",
    "privateResourcesBannerTitle": "Zero-Trust Private Access",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Zoek bronnen...",
    "resourceAdd": "Bron toevoegen",
    "resourceErrorDelte": "Fout bij verwijderen document",
-    "resourcePoliciesTitle": "Beheer Bron Beleid",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Bijgevoegde bronnen",
+    "resourcePoliciesBannerTitle": "Herbruik Authenticatie en Toegangsregels",
+    "resourcePoliciesBannerDescription": "Gedeelde bronbeleidslijnen laten u authenticatiemethoden en toegangsregels eenmaal definiëren, en ze vervolgens koppelen aan meerdere openbare bronnen. Wanneer u een beleid bijwerkt, erft elke gekoppelde bron de wijziging automatisch.",
+    "resourcePoliciesBannerButtonText": "Meer informatie",
+    "resourcePoliciesTitle": "Beheer Openbare Bronnenbeleid",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Bronnen",
    "resourcePoliciesAttachedResources": "{count} bron(nen)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# bron} other {# bronnen}}",
    "resourcePoliciesAttachedResourcesEmpty": "geen bronnen",
-    "resourcePoliciesDescription": "Maak en beheer authenticatiebeleid om toegang tot uw bronnen te controleren",
+    "resourcePoliciesDescription": "Creëer en beheer authenticatiebeleid om toegang tot uw openbare bronnen te controleren",
    "resourcePoliciesSearch": "Beleidsregels zoeken...",
    "resourcePoliciesAdd": "Beleid toevoegen",
    "resourcePoliciesDefaultBadgeText": "Standaard beleidsregel",
-    "resourcePoliciesCreate": "Creëer Bronbeleid",
+    "resourcePoliciesCreate": "Openbare Bronbeleid maken",
    "resourcePoliciesCreateDescription": "Volg de onderstaande stappen om een nieuw beleid aan te maken",
    "resourcePolicyName": "Beleidsregelnaam",
    "resourcePolicyNameDescription": "Geef deze beleidsregel een naam om deze te identificeren in uw bronnen",
@@ -274,7 +281,7 @@
    "back": "Achterzijde",
    "cancel": "Annuleren",
    "resourceConfig": "Configuratie tekstbouwstenen",
-    "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om de TCP/UDP-bron in te stellen",
+    "resourceConfigDescription": "Kopieer en plak deze configuratiesnippets om de TCP/UDP-bron op te zetten.",
    "resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
    "resourceExposePorts": "Gerbild: Gevangen blootstellen in Docker Compose",
    "resourceLearnRaw": "Leer hoe je TCP/UDP bronnen kunt configureren",
@@ -287,6 +294,8 @@
    "labelDelete": "Label verwijderen",
    "labelAdd": "Label toevoegen",
    "labelCreateSuccessMessage": "Label succesvol aangemaakt",
+    "labelDuplicateError": "Dubbel Label",
+    "labelDuplicateErrorDescription": "Een label met deze naam bestaat al.",
    "labelEditSuccessMessage": "Label succesvol gewijzigd",
    "labelNameField": "Labelnaam",
    "labelColorField": "Label kleur",
@@ -311,7 +320,7 @@
    "rules": "Regels",
    "resourceSettingDescription": "Configureer de instellingen in de bron",
    "resourceSetting": "{resourceName} instellingen",
-    "resourcePolicySettingDescription": "Configureer de instellingen op het bronbeleid",
+    "resourcePolicySettingDescription": "Configureer de instellingen van dit openbare bronbeleid",
    "resourcePolicySetting": "{policyName} instellingen",
    "alwaysAllow": "Authenticatie omzeilen",
    "alwaysDeny": "Blokkeer toegang",
@@ -719,7 +728,7 @@
    "targetSubmit": "Doelwit toevoegen",
    "targetNoOne": "Deze bron heeft geen doelwitten. Voeg een doel toe om te configureren waar verzoeken naar de backend verzonden kunnen worden.",
    "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
-    "targetsSubmit": "Doelstellingen opslaan",
+    "targetsSubmit": "Instellingen opslaan",
    "addTarget": "Doelwit toevoegen",
    "proxyMultiSiteRoundRobinNodeHelp": "Round-robin routering werkt niet tussen locaties die niet met hetzelfde knooppunt zijn verbonden, maar failover werkt wel.",
    "targetErrorInvalidIp": "Ongeldig IP-adres",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Dupliceer regel",
    "rulesErrorDuplicateDescription": "Een regel met deze instellingen bestaat al",
    "rulesErrorInvalidIpAddressRange": "Ongeldige CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldige CIDR waarde in",
-    "rulesErrorInvalidUrl": "Ongeldige URL pad",
-    "rulesErrorInvalidUrlDescription": "Voer een geldige URL padwaarde in",
-    "rulesErrorInvalidIpAddress": "Ongeldig IP",
-    "rulesErrorInvalidIpAddressDescription": "Voer een geldig IP-adres in",
+    "rulesErrorInvalidIpAddressRangeDescription": "Voer een geldig CIDR-bereik in (bijv. 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Ongeldig pad",
+    "rulesErrorInvalidUrlDescription": "Voer een geldig URL-pad of patroon in (bijv. /api/*).",
+    "rulesErrorInvalidIpAddress": "Ongeldig IP-adres",
+    "rulesErrorInvalidIpAddressDescription": "Voer een geldig IPv4- of IPv6-adres in.",
    "rulesErrorUpdate": "Regels bijwerken mislukt",
    "rulesErrorUpdateDescription": "Fout opgetreden tijdens het bijwerken van de regels",
    "rulesUpdated": "Regels inschakelen",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Voer een IP-adres in (bijv. 103.21.244.12)",
    "rulesMatchUrl": "Voer een URL-pad of patroon in (bijv. /api/v1/todos of /api/v1/*)",
    "rulesErrorInvalidPriority": "Ongeldige prioriteit",
-    "rulesErrorInvalidPriorityDescription": "Voer een geldige prioriteit in",
+    "rulesErrorInvalidPriorityDescription": "Voer een geheel getal van 1 of hoger in.",
    "rulesErrorDuplicatePriority": "Dubbele prioriteiten",
-    "rulesErrorDuplicatePriorityDescription": "Voer unieke prioriteiten in",
+    "rulesErrorDuplicatePriorityDescription": "Elke regel moet een uniek prioriteitsnummer hebben.",
+    "rulesErrorValidation": "Ongeldige regels",
+    "rulesErrorValidationRuleDescription": "Regel {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Selecteer een geldig matchtype (pad, IP, CIDR, land, regio of ASN).",
+    "rulesErrorValueRequired": "Voer een waarde in voor deze regel.",
+    "rulesErrorInvalidCountry": "Ongeldig land",
+    "rulesErrorInvalidCountryDescription": "Selecteer een geldig land.",
+    "rulesErrorInvalidAsn": "Ongeldige ASN",
+    "rulesErrorInvalidAsnDescription": "Voer een geldig ASN in (bijv. AS15169).",
    "ruleUpdated": "Regels bijgewerkt",
    "ruleUpdatedDescription": "Regels met succes bijgewerkt",
    "ruleErrorUpdate": "Bewerking mislukt",
    "ruleErrorUpdateDescription": "Er is een fout opgetreden tijdens het opslaan",
    "rulesPriority": "Prioriteit",
+    "rulesReorderDragHandle": "Sleep om de regelprioriteit te herordenen",
    "rulesAction": "actie",
    "rulesMatchType": "Wedstrijd Type",
    "value": "Waarde",
@@ -792,7 +810,7 @@
    "rulesResource": "Configuratie Resource Regels",
    "rulesResourceDescription": "Regels instellen om toegang tot de bron te beheren",
    "ruleSubmit": "Regel toevoegen",
-    "rulesNoOne": "Geen regels. Voeg een regel toe via het formulier.",
+    "rulesNoOne": "Nog geen regels.",
    "rulesOrder": "Regels worden in oplopende volgorde volgens prioriteit beoordeeld.",
    "rulesSubmit": "Regels opslaan",
    "policyErrorCreate": "Fout bij het maken van beleid",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Er is een onverwachte fout opgetreden",
    "policyCreatedSuccess": "Bronbeleid met succes aangemaakt",
    "policyUpdatedSuccess": "Bronbeleid succesvol bijgewerkt",
-    "authMethodsSave": "Bewaar authenticatiemethoden",
+    "authMethodsSave": "Instellingen opslaan",
+    "policyAuthStackTitle": "Authenticatie",
+    "policyAuthStackDescription": "Bepaal welke authenticatiemethoden vereist zijn om toegang tot deze bron te krijgen",
+    "policyAuthOrLogicTitle": "Meerdere authenticatiemethoden actief",
+    "policyAuthOrLogicBanner": "Bezoekers kunnen zich aanmelden met een van de hieronder actieve methoden. Ze hoeven ze niet allemaal te voltooien.",
+    "policyAuthMethodActive": "Actief",
+    "policyAuthMethodOff": "Uit",
+    "policyAuthSsoTitle": "Platform SSO",
+    "policyAuthSsoDescription": "Vereis inloggen via de identiteit provider van uw organisatie",
+    "policyAuthSsoSummary": "{idp} · {users} gebruikers, {roles} rollen",
+    "policyAuthSsoDefaultIdp": "Standaard provider",
+    "policyAuthAddDefaultIdentityProvider": "Standaard Identiteit Provider Toevoegen",
+    "policyAuthOtherMethodsTitle": "Andere Methoden",
+    "policyAuthOtherMethodsDescription": "Optionele methoden die bezoekers kunnen gebruiken in plaats van of samen met platform SSO",
+    "policyAuthPasscodeTitle": "Toegangscode",
+    "policyAuthPasscodeDescription": "Vereis een alfanumerieke toegangscode om toegang te krijgen tot de bron",
+    "policyAuthPasscodeSummary": "Toegangscode ingesteld",
+    "policyAuthPincodeTitle": "Pincode",
+    "policyAuthPincodeDescription": "Een korte numerieke code vereist om toegang tot de bron te krijgen",
+    "policyAuthPincodeSummary": "6-cijferige Pincode ingesteld",
+    "policyAuthEmailTitle": "E-mail Whitelist",
+    "policyAuthEmailDescription": "Sta vermelde e-mailadressen toe met eenmalige wachtwoorden",
+    "policyAuthEmailSummary": "{count} adressen toegestaan",
+    "policyAuthEmailOtpCallout": "Het inschakelen van e-mailwhitelist stuurt een eenmalig wachtwoord naar de e-mail van de bezoeker bij het inloggen.",
+    "policyAuthHeaderAuthTitle": "Basic Header Authenticatie",
+    "policyAuthHeaderAuthDescription": "Valideer een aangepaste HTTP-headernaam en waarde bij elk verzoek",
+    "policyAuthHeaderAuthSummary": "Header geconfigureerd",
+    "policyAuthHeaderName": "Header naam",
+    "policyAuthHeaderValue": "Verwachte waarde",
+    "policyAuthSetPasscode": "Stel toegangscode in",
+    "policyAuthSetPincode": "Stel Pincode in",
+    "policyAuthSetEmailWhitelist": "Stel E-mail Whitelist in",
+    "policyAuthSetHeaderAuth": "Stel Basis Header Authenticatie in",
+    "policyAccessRulesTitle": "Toegang Regels",
+    "policyAccessRulesEnableDescription": "Wanneer ingeschakeld, worden regels in aflopende volgorde geëvalueerd totdat er één als waar wordt geoordeeld.",
+    "policyAccessRulesFirstMatch": "Regels worden van boven naar beneden geëvalueerd. De eerste overeenkomstige regel bepaalt de uitkomst.",
+    "policyAccessRulesHowItWorks": "Regels komen overeen met verzoeken op basis van pad, IP-adres, locatie of andere criteria. Elke regel past een actie toe: authenticatie omzeilen, toegang blokkeren of authenticatie doorgeven. Als er geen regel overeenkomt, gaat het verkeer door naar authenticatie.",
+    "policyAccessRulesFallthroughOff": "Wanneer regels zijn uitgeschakeld, passeert al het verkeer naar authenticatie.",
+    "policyAccessRulesFallthroughOn": "Wanneer geen regel overeenkomt, passeert het verkeer naar authenticatie.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Regels opslaan",
    "resourceErrorCreate": "Fout bij maken document",
    "resourceErrorCreateDescription": "Er is een fout opgetreden bij het maken van het document",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Er is een fout opgetreden tijdens het bijwerken van het document",
    "access": "Toegangsrechten",
    "accessControl": "Toegangs controle",
-    "shareLink": "{resource} Share link",
+    "shareLink": "{resource} Deelbare Link",
    "resourceSelect": "Selecteer resource",
-    "shareLinks": "Links delen",
+    "shareLinks": "Deelbare Links",
    "share": "Deelbare links",
    "shareDescription2": "Maak deelbare links naar bronnen. Links bieden tijdelijke of onbeperkte toegang tot je bestand. U kunt de vervalduur van de link configureren wanneer u er een aanmaakt.",
    "shareEasyCreate": "Makkelijk te maken en te delen",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Beheerders hebben altijd toegang tot deze bron.",
    "resourcePolicySelectTitle": "Toegangsbeleid voor bronnen",
    "resourcePolicySelectDescription": "Selecteer het bronbeleidstype voor authenticatie",
+    "resourcePolicyTypeLabel": "Beleidstype",
+    "resourcePolicyLabel": "Bronbeleid",
    "resourcePolicyInline": "Inline bronbeleid",
    "resourcePolicyInlineDescription": "Toegangsbeleid alleen gericht op deze bron",
    "resourcePolicyShared": "Gedeeld bronbeleid",
-    "resourcePolicySharedDescription": "Deze bron gebruikt een gedeeld beleid. Instellingen op beleidsniveau (authenticatiemethoden, e-mailwhitelist) zijn vergrendeld. U kunt hieronder bron-specifieke regels, rollen en gebruikers toevoegen.",
+    "resourcePolicySharedDescription": "Deze bron gebruikt een gedeeld beleid.",
+    "sharedPolicy": "Gedeeld Beleid",
+    "sharedPolicyNoneDescription": "Deze bron heeft zijn eigen beleid.",
+    "resourceSharedPolicyOwnDescription": "Deze bron heeft zijn eigen authenticatie- en toegangsvanregels.",
+    "resourceSharedPolicyInheritedDescription": "Deze bron erft van <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Deze bron gebruikt een gedeeld beleid. Sommige authenticatie-instellingen kunnen op deze bron worden bewerkt om toe te voegen aan het beleid. Om het onderliggende beleid te wijzigen, moet u het beleid bewerken in <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Deze bron gebruikt een gedeeld beleid. Sommige toegangsregels kunnen op deze bron worden bewerkt. Om het onderliggende beleid te wijzigen, moet u <policyLink>{policyName}</policyLink> bewerken.",
    "resourceUsersRoles": "Toegang Bediening",
    "resourceUsersRolesDescription": "Configureer welke gebruikers en rollen deze pagina kunnen bezoeken",
    "resourceUsersRolesSubmit": "Bewaar Toegangsbesturing",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Zichtbaarheid",
    "resourceVisibilityTitleDescription": "Zichtbaarheid van bestanden volledig in- of uitschakelen",
    "resourceGeneral": "Algemene instellingen",
-    "resourceGeneralDescription": "Configureer de algemene instellingen voor deze bron",
+    "resourceGeneralDescription": "Configureer naam, adres en toegangspolicy voor deze bron.",
+    "resourceGeneralDetailsSubsection": "Bron Details",
+    "resourceGeneralDetailsSubsectionDescription": "Stel de weergavenaam, identificatiecode en publiek toegankelijk domein voor deze bron in.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Stel de weergavenaam, identificatiecode en publieke poort voor deze bron in.",
+    "resourceGeneralPublicAddressSubsection": "Publiek Adres",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configureer hoe gebruikers deze bron bereiken.",
+    "resourceGeneralAuthenticationAccessSubsection": "Authenticatie & Toegang",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Kies of deze bron zijn eigen beleid gebruikt of van een gedeeld beleid erft.",
    "resourceEnable": "Resource inschakelen",
    "resourceTransfer": "Bronnen overdragen",
    "resourceTransferDescription": "Verplaats dit document naar een andere site",
@@ -1220,11 +1294,14 @@
    "addLabels": "Labels toevoegen",
    "siteLabelsTab": "Labels",
    "siteLabelsDescription": "Beheer labels geassocieerd met deze site.",
-    "labelsNotFound": "Labels niet gevonden",
+    "labelsNotFound": "Geen labels gevonden.",
+    "labelsEmptyCreateHint": "Begin hierboven te typen om een label te maken.",
    "labelSearch": "Labels zoeken",
+    "labelSearchOrCreate": "Zoek of maak een label",
    "accessLabelFilterCount": "{count, plural, one {# label} other {# labels}}",
    "labelOverflowCount": "+{count, plural, one {# label} other {# labels}}",
    "accessLabelFilterClear": "Labelfilters wissen",
+    "accessFilterClear": "Wissen van filters",
    "selectColor": "Kleur selecteren",
    "createNewLabel": "Nieuw org-label \"{label}\" aanmaken",
    "inviteInvalidDescription": "Uitnodigingslink is ongeldig.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Bronnen",
    "sidebarProxyResources": "Openbaar",
    "sidebarClientResources": "Privé",
-    "sidebarPolicies": "Beleid",
-    "sidebarResourcePolicies": "Bronnen",
+    "sidebarPolicies": "Gedeeld Beleid",
+    "sidebarResourcePolicies": "Openbare Bronnen",
    "sidebarAccessControl": "Toegangs controle",
    "sidebarLogsAndAnalytics": "Logs & Analytics",
    "sidebarTeam": "Team",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Beheerder",
    "sidebarInvitations": "Uitnodigingen",
    "sidebarRoles": "Rollen",
-    "sidebarShareableLinks": "Koppelingen",
+    "sidebarShareableLinks": "Deelbare Links",
    "sidebarApiKeys": "API sleutels",
    "sidebarProvisioning": "Provisie",
    "sidebarSettings": "Instellingen",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Bron {id}",
    "blueprints": "Blauwdrukken",
    "blueprintsLog": "Log Blueprints",
-    "blueprintsDescription": "Bekijk eerdere blueprint-toepassingen en hun resultaten",
+    "blueprintsDescription": "Bekijk eerdere blauwdruktoepassingen en hun resultaten of pas een nieuwe blauwdruk toe",
    "blueprintAdd": "Blauwdruk toevoegen",
    "blueprintGoBack": "Bekijk alle Blauwdrukken",
    "blueprintCreate": "Creëer blauwdruk",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Schakel Docker Blauwdruk in",
    "enableDockerSocketDescription": "Schakel Docker Socket-label in voor blueprint-labels. Socket-pad moet worden opgegeven aan de siteconnector. Lees meer over hoe dit werkt in <docsLink>de documentatie</docsLink>.",
    "newtAutoUpdate": "Automatische site-update inschakelen",
-    "newtAutoUpdateDescription": "Wanneer ingeschakeld, zullen site-connectors automatisch updaten naar de nieuwste versie wanneer een nieuwe release beschikbaar is.",
+    "newtAutoUpdateDescription": "Als ingeschakeld, downloaden de site-connectoren automatisch de laatste versie en starten zichzelf opnieuw. Dit kan per site worden overschreven.",
    "siteAutoUpdate": "Automatische site-update",
    "siteAutoUpdateLabel": "Automatische update inschakelen",
-    "siteAutoUpdateDescription": "Controleer of de siteconnector automatisch de laatste versie downloadt.",
+    "siteAutoUpdateDescription": "Als dit is ingeschakeld, downloadt en start deze site-connector automatisch de nieuwste versie opnieuw.",
    "siteAutoUpdateOrgDefault": "Standaard van organisatie: {state}",
    "siteAutoUpdateOverriding": "Overschrijving van organisatiestandaardinstelling",
    "siteAutoUpdateResetToOrg": "Terugzetten naar standaard van organisatie",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Accountinstelling voltooid! Welkom bij Pangolin!",
    "documentation": "Documentatie",
    "saveAllSettings": "Alle instellingen opslaan",
-    "saveResourceTargets": "Doelstellingen opslaan",
-    "saveResourceHttp": "Proxyinstellingen opslaan",
-    "saveProxyProtocol": "Proxy-protocolinstellingen opslaan",
+    "saveResourceTargets": "Instellingen opslaan",
+    "saveResourceHttp": "Instellingen opslaan",
+    "saveProxyProtocol": "Instellingen opslaan",
    "settingsUpdated": "Instellingen bijgewerkt",
    "settingsUpdatedDescription": "Instellingen succesvol bijgewerkt",
    "settingsErrorUpdate": "Bijwerken van instellingen mislukt",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Onbekend",
    "healthCheck": "Gezondheidscontrole",
    "configureHealthCheck": "Configureer Gezondheidscontrole",
-    "configureHealthCheckDescription": "Stel gezondheid monitor voor {target} in",
+    "configureHealthCheckDescription": "Stel monitoring in voor uw bron om ervoor te zorgen dat deze altijd beschikbaar is",
    "enableHealthChecks": "Inschakelen Gezondheidscontroles",
    "healthCheckDisabledStateDescription": "Wanneer uitgeschakeld, zal de site geen gezondheidscontroles uitvoeren en wordt de staat als onbekend beschouwd.",
    "enableHealthChecksDescription": "Controleer de gezondheid van dit doel. U kunt een ander eindpunt monitoren dan het doel indien vereist.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Selecteer methode",
-    "healthCheckPortInvalid": "Health check poort moet tussen 1 en 65535 zijn",
+    "healthCheckPortInvalid": "Poort moet tussen 1 en 65535 zijn",
    "healthCheckPath": "Pad",
    "healthHostname": "IP / Hostnaam",
    "healthPort": "Poort",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Vereist goedkeuring van apparaat",
    "requireDeviceApprovalDescription": "Gebruikers met deze rol hebben nieuwe apparaten nodig die door een beheerder zijn goedgekeurd voordat ze verbinding kunnen maken met bronnen en deze kunnen gebruiken.",
    "sshSettings": "SSH-instellingen",
+    "sshAccess": "SSH Toegang",
    "rdpSettings": "RDP-instellingen",
    "vncSettings": "VNC-instellingen",
    "sshServer": "SSH-server",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Zorg ervoor dat uw doelhost goed is geconfigureerd om de auth daemon uit te voeren voordat u deze configuratie voltooit, anders zal de voorziening mislukken.",
    "sshDaemonPort": "Demonpoort",
    "sshServerDestination": "Serverbestemming",
-    "sshServerDestinationDescription": "Configureer de bestemming en poort van de SSH-server",
+    "sshServerDestinationDescription": "Configureer de bestemming van de SSH-server",
    "destination": "Bestemming",
+    "destinationRequired": "Bestemming is vereist.",
+    "domainRequired": "Domein is vereist.",
+    "proxyPortRequired": "Poort is vereist.",
+    "invalidPathConfiguration": "Ongeldige padconfiguratie.",
+    "invalidRewritePathConfiguration": "Ongeldige overschrijfpadconfiguratie.",
    "bgTargetMultiSiteDisclaimer": "Het selecteren van meerdere sites maakt veerkrachtige routering mogelijk en failover voor hoge beschikbaarheid.",
    "roleAllowSsh": "SSH toestaan",
    "roleAllowSshAllow": "Toestaan",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
    "sshSudo": "sudo toestaan",
    "sshSudoCommands": "Sudo Commando's",
-    "sshSudoCommandsDescription": "Commagescheiden lijst van commando's die de gebruiker met sudo mag uitvoeren. Absolute paden moeten worden gebruikt.",
+    "sshSudoCommandsDescription": "Lijst met commando's die de gebruiker mag uitvoeren met sudo, gescheiden door komma's, spaties of nieuwe regels. Absolute paden moeten worden gebruikt.",
    "sshCreateHomeDir": "Maak Home Directory",
    "sshUnixGroups": "Unix groepen",
-    "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
+    "sshUnixGroupsDescription": "Unix-groepen om de gebruiker aan toe te voegen op de doelhost, gescheiden door komma's, spaties of nieuwe regels.",
+    "roleTextFieldPlaceholder": "Voer waarden in, of sleep een .txt of .csv-bestand",
+    "roleTextImportTitle": "Importeer vanuit Bestand",
+    "roleTextImportDescription": "{fileName} importeren naar {fieldLabel}.",
+    "roleTextImportSkipHeader": "Sla de eerste rij over (header)",
+    "roleTextImportOverride": "Vervang Bestaande",
+    "roleTextImportAppend": "Voeg toe aan Bestaande",
+    "roleTextImportMode": "Importeer modus",
+    "roleTextImportPreview": "Voorbeeld",
+    "roleTextImportItemCount": "{count, plural, =0 {Geen items om te importeren} one {1 item om te importeren} other {# items om te importeren}}",
+    "roleTextImportTotalCount": "{existing} bestaande + {imported} geïmporteerd = {total} totaal",
+    "roleTextImportConfirm": "Importeren",
+    "roleTextImportInvalidFile": "Niet-ondersteund bestandstype",
+    "roleTextImportInvalidFileDescription": "Alleen .txt en .csv-bestanden worden ondersteund.",
+    "roleTextImportEmpty": "Geen items gevonden in bestand",
+    "roleTextImportEmptyDescription": "Het bestand bevat geen importeerbare items.",
    "retryAttempts": "Herhaal Pogingen",
    "expectedResponseCodes": "Verwachte Reactiecodes",
    "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Proxy Protocol inschakelen",
    "proxyProtocolInfo": "Behoud IP adressen van de client voor TCP backends",
    "proxyProtocolVersion": "Proxy Protocol Versie",
-    "version1": " Versie 1 (Aanbevolen)",
+    "version1": "Versie 1 (Aanbevolen)",
    "version2": "Versie 2",
-    "versionDescription": "Versie 1 is text-based en breed ondersteund. Versie 2 is binair en efficiënter maar minder compatibel.",
+    "version1Description": "Tekstgebaseerd en breed ondersteund. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
+    "version2Description": "Binair en efficiënter maar minder compatibel. Zorg ervoor dat servertransport aan dynamische configuratie is toegevoegd.",
    "warning": "Waarschuwing",
    "proxyProtocolWarning": "De backend applicatie moet worden geconfigureerd om Proxy Protocol verbindingen te accepteren. Als je backend geen Proxy Protocol ondersteunt, zal het inschakelen van dit alle verbindingen verbreken, dus schakel dit alleen in als je weet wat je doet. Zorg ervoor dat je je backend configureert om Proxy Protocol headers van Traefik.",
    "restarting": "Herstarten...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Bevestiging invoeren",
    "blueprintViewDetails": "Details",
    "defaultIdentityProvider": "Standaard Identiteitsprovider",
-    "defaultIdentityProviderDescription": "Wanneer een standaard identity provider is geselecteerd, zal de gebruiker automatisch worden doorgestuurd naar de provider voor authenticatie.",
+    "defaultIdentityProviderDescription": "De gebruiker wordt automatisch doorgestuurd naar deze identity provider voor authenticatie.",
    "editInternalResourceDialogNetworkSettings": "Netwerkinstellingen",
    "editInternalResourceDialogAccessPolicy": "Toegangsbeleid",
    "editInternalResourceDialogAddRoles": "Rollen toevoegen",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Type onderhoudsmodus",
    "showMaintenancePage": "Toon een onderhoudspagina aan bezoekers",
    "enableMaintenanceMode": "Onderhoudsmodus inschakelen",
+    "enableMaintenanceModeDescription": "Wanneer ingeschakeld zien bezoekers een onderhoudspagina in plaats van uw bron.",
    "automatic": "Automatisch",
    "automaticModeDescription": " Toon onderhoudspagina alleen wanneer alle back-enddoelen niet beschikbaar zijn of ongezond zijn. Jouw bron blijft normaal functioneren zolang er tenminste één doel gezond is.",
    "forced": "Geforceerd",
@@ -3082,6 +3182,8 @@
    "warning:": "Waarschuwing:",
    "forcedeModeWarning": "Al het verkeer wordt naar de onderhoudspagina geleid. Jouw back-endbronnen ontvangen geen verzoeken.",
    "pageTitle": "Paginatitel",
+    "maintenancePageContentSubsection": "Pagina-inhoud",
+    "maintenancePageContentSubsectionDescription": "Pas de inhoud aan die op de onderhoudspagina wordt weergegeven",
    "pageTitleDescription": "De hoofdkop die op de onderhoudspagina wordt weergegeven",
    "maintenancePageMessage": "Onderhoudsbericht",
    "maintenancePageMessagePlaceholder": "We keren snel terug! Onze site ondergaat momenteel gepland onderhoud.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Weet u zeker dat u deze identiteitsprovider van deze organisatie wilt loskoppelen?",
    "idpUnassociateDescription": "Alle gebruikers die aan deze identiteitsprovider zijn gekoppeld, worden uit deze organisatie verwijderd, maar de identiteitsprovider blijft bestaan voor andere gerelateerde organisaties.",
    "idpUnassociateConfirm": "Bevestig ontkoppelen identiteitsprovider",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "VERWIJDER EN VERWIJDER ME VAN ORG",
+    "idpUnassociateAndRemoveMeFromOrg": "ONTKOPPEL EN VERWIJDER ME VAN ORG",
    "idpUnassociateWarning": "Dit kan niet ongedaan worden gemaakt voor deze organisatie.",
    "idpUnassociatedDescription": "Identiteitsprovider succesvol losgekoppeld van deze organisatie",
    "idpUnassociateMenu": "Ontkoppelen",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Verbinding maken…",
    "sshInitializing": "Initialiseren…",
    "sshSignInTitle": "Meld u aan bij SSH",
-    "sshSignInDescription": "Voer uw SSH-referenties in",
+    "sshSignInDescription": "Voer uw SSH-gegevens in om verbinding te maken",
    "sshPasswordTab": "Wachtwoord",
    "sshPrivateKeyTab": "Privésleutel",
    "sshPrivateKeyField": "Privésleutel",
    "sshPrivateKeyDisclaimer": "Uw privésleutel wordt niet opgeslagen of zichtbaar gemaakt voor Pangolin. U kunt ook gebruik maken van kortlopende certificaten voor naadloze authenticatie met uw bestaande Pangolin-identiteit.",
    "sshLearnMore": "Meer informatie",
    "sshPrivateKeyFile": "Bestand met privésleutel",
-    "sshAuthenticate": "Authenticeren",
+    "sshAuthenticate": "Verbinden",
    "sshTerminate": "Beëindigen",
    "sshPoweredBy": "Aangeboden door",
    "sshErrorNoTarget": "Geen doelwit gespecificeerd",
    "sshErrorWebSocket": "WebSocket-verbinding is mislukt",
    "sshErrorAuthFailed": "Authenticatie mislukt",
-    "sshErrorConnectionClosed": "Verbinding gesloten voordat authenticatie was voltooid"
+    "sshErrorConnectionClosed": "Verbinding gesloten voordat authenticatie was voltooid",
+    "sitePangolinSshDescription": "Sta SSH-toegang toe tot bronnen op deze site. Dit kan later worden gewijzigd.",
+    "browserGatewayNoResourceForDomain": "Geen bron gevonden voor dit domein",
+    "browserGatewayNoTarget": "Geen doelwit",
+    "browserGatewayConnect": "Verbinden",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Kan SSH-sleutel voor PAM push-authenticatie niet ondertekenen. Heeft u als gebruiker aangemeld?",
+    "sshTerminalError": "Fout: {error}",
+    "sshConnectionClosedCode": "Verbinding gesloten (code {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "Privésleutel is vereist",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Voer uw VNC-wachtwoord in om verbinding te maken",
+    "vncPasswordOptional": "Wachtwoord (optioneel)",
+    "vncNoResourceTarget": "Geen bron doelwit beschikbaar",
+    "vncFailedToLoadNovnc": "Laden van noVNC mislukt",
+    "vncAuthFailedStatus": "Status {status}",
+    "vncPasteClipboard": "Klembord plakken",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Meld u aan bij Remote Desktop",
+    "rdpSignInDescription": "Voer Windows-gegevens in om verbinding te maken",
+    "rdpLoadingModule": "Module laden...",
+    "rdpFailedToLoadModule": "Laden van RDP-module mislukt",
+    "rdpNotReady": "Niet gereed",
+    "rdpModuleInitializing": "RDP-module is nog aan het initialiseren",
+    "rdpDownloadingFiles": "{count} bestand(en) worden van een externe locatie gedownload…",
+    "rdpDownloadFailed": "Download mislukt: {fileName}",
+    "rdpUploaded": "Geüpload: {fileName}",
+    "rdpNoConnectionTarget": "Geen verbinding doelwit beschikbaar",
+    "rdpConnectionFailed": "Verbinding mislukt",
+    "rdpFit": "Schalen",
+    "rdpFull": "Volledig",
+    "rdpReal": "Reëel",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Bestanden uploaden",
+    "rdpFilesReadyToPaste": "Bestanden klaar om te plakken",
+    "rdpFilesReadyToPasteDescription": "{count} bestand(en) gekopieerd naar klembord op afstand — druk op Ctrl+V op het externe bureaublad om te plakken.",
+    "rdpUploadFailed": "Upload mislukt",
+    "rdpUnicodeKeyboardMode": "Unicode toetsenbordmodus",
+    "sessionToolbarShow": "Toon werkbalk",
+    "sessionToolbarHide": "Verberg werkbalk"
 }
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Zobacz zasoby prywatne",
    "siteInstallNewt": "Zainstaluj Newt",
    "siteInstallNewtDescription": "Uruchom Newt w swoim systemie",
+    "siteInstallKubernetesDocsDescription": "Aby uzyskać więcej aktualnych informacji o instalacji Kubernetes, zobacz <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Aby uzyskać instrukcje dotyczące instalacji modemu Advantech, zobacz: <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Konfiguracja WireGuard",
    "WgConfigurationDescription": "Użyj następującej konfiguracji, aby połączyć się z siecią",
    "operatingSystem": "System operacyjny",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Możesz to zobaczyć tylko raz. Upewnij się, że skopiuj je do bezpiecznego miejsca.",
    "siteInfo": "Informacje o witrynie",
    "status": "Status",
-    "shareTitle": "Zarządzaj linkami udostępniania",
+    "shareTitle": "Zarządzaj linkami do udostępnienia",
    "shareDescription": "Utwórz linki do współdzielenia, aby przyznać tymczasowy lub stały dostęp do zasobów proxy",
-    "shareSearch": "Szukaj linków udostępnienia...",
-    "shareCreate": "Utwórz link udostępniania",
+    "shareSearch": "Wyszukaj linki do udostępnienia...",
+    "shareCreate": "Utwórz link do udostępnienia",
    "shareErrorDelete": "Nie udało się usunąć linku",
    "shareErrorDeleteMessage": "Wystąpił błąd podczas usuwania linku",
    "shareDeleted": "Link usunięty",
    "shareDeletedDescription": "Link został usunięty",
-    "shareDelete": "Usuń link udostępniania",
-    "shareDeleteConfirm": "Potwierdź usunięcie linku udostępniania",
+    "shareDelete": "Usuń link do udostępnienia",
+    "shareDeleteConfirm": "Potwierdź usunięcie linku do udostępnienia",
    "shareQuestionRemove": "Czy na pewno chcesz usunąć ten link udostępniania?",
    "shareMessageRemove": "Po usunięciu, link przestanie działać i wszyscy korzystający z niego stracą dostęp do zasobu.",
    "shareTokenDescription": "Token dostępu może być przekazywany na dwa sposoby: jako parametr zapytania lub w nagłówkach żądania. Muszą być przekazywane z klienta na każde żądanie uwierzytelnionego dostępu.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Każdy z tym linkiem może uzyskać dostęp do zasobu",
    "shareTitleOptional": "Tytuł (opcjonalnie)",
    "sharePathOptional": "Ścieżka (opcjonalnie)",
+    "sharePathDescription": "Link przekieruje użytkowników do tej ścieżki po uwierzytelnieniu.",
    "expireIn": "Wygasa za",
    "neverExpire": "Nigdy nie wygasa",
    "shareExpireDescription": "Czas wygaśnięcia to jak długo link będzie mógł być użyty i zapewni dostęp do zasobu. Po tym czasie link nie będzie już działał, a użytkownicy, którzy użyli tego linku, utracą dostęp do zasobu.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Wybierz zasób",
    "proxyResourceTitle": "Zarządzaj zasobami publicznymi",
    "proxyResourceDescription": "Twórz i zarządzaj zasobami, które są publicznie dostępne w przeglądarce internetowej",
-    "publicResourcesBannerTitle": "Publiczny dostęp za pośrednictwem sieci Web",
-    "publicResourcesBannerDescription": "Zasoby publiczne to proxy HTTPS lub TCP/UDP dostępne dla każdego w internecie za pośrednictwem przeglądarki internetowej. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
+    "publicResourcesBannerTitle": "Publiczny dostęp przez przeglądarkę internetową",
+    "publicResourcesBannerDescription": "Zasoby publiczne to serwery proxy HTTPS, dostępne dla każdego w Internecie za pośrednictwem przeglądarki. W przeciwieństwie do zasobów prywatnych, nie wymagają oprogramowania po stronie klienta i mogą obejmować polityki dostępu świadome tożsamości i kontekstu.",
    "clientResourceTitle": "Zarządzaj zasobami prywatnymi",
    "clientResourceDescription": "Twórz i zarządzaj zasobami, które są dostępne tylko za pośrednictwem połączonego klienta",
    "privateResourcesBannerTitle": "Zero zaufania do prywatnego dostępu",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Szukaj zasobów...",
    "resourceAdd": "Dodaj zasób",
    "resourceErrorDelte": "Błąd podczas usuwania zasobu",
-    "resourcePoliciesTitle": "Zarządzaj politykami zasobów",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Dołączone zasoby",
+    "resourcePoliciesBannerTitle": "Ponownie użyj Uwierzytelniania i Zasad Dostępu",
+    "resourcePoliciesBannerDescription": "Polityki zasobów współdzielonych pozwalają zdefiniować metody uwierzytelniania oraz zasady dostępu jednokrotnie, a następnie przypiąć je do wielu zasobów publicznych. Po zaktualizowaniu polityki każda powiązana zasób automatycznie dziedziczy zmianę.",
+    "resourcePoliciesBannerButtonText": "Dowiedz się więcej",
+    "resourcePoliciesTitle": "Zarządzaj publicznymi zasadami zasobów",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Zasoby",
    "resourcePoliciesAttachedResources": "{count} zasób(y)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# zasób} few {# zasoby} many {# zasobów} other {# zasobów}}",
    "resourcePoliciesAttachedResourcesEmpty": "brak zasobów",
-    "resourcePoliciesDescription": "Twórz i zarządzaj politykami uwierzytelniania, aby kontrolować dostęp do swoich zasobów",
+    "resourcePoliciesDescription": "Twórz i zarządzaj politykami uwierzytelniania, aby kontrolować dostęp do swoich zasobów publicznych",
    "resourcePoliciesSearch": "Szukaj polityk...",
    "resourcePoliciesAdd": "Dodaj politykę",
    "resourcePoliciesDefaultBadgeText": "Domyślna polityka",
-    "resourcePoliciesCreate": "Utwórz politykę zasobu",
+    "resourcePoliciesCreate": "Utwórz publiczną politykę zasobów",
    "resourcePoliciesCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nową politykę",
    "resourcePolicyName": "Nazwa polityki",
    "resourcePolicyNameDescription": "Nadaj tej polityce nazwę, aby można ją było zidentyfikować w całych zasobach",
@@ -274,7 +281,7 @@
    "back": "Powrót",
    "cancel": "Anuluj",
    "resourceConfig": "Snippety konfiguracji",
-    "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP",
+    "resourceConfigDescription": "Skopiuj i wklej te fragmenty konfiguracji, aby skonfigurować zasób TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Dodaj punkty wejścia",
    "resourceExposePorts": "Gerbil: Podnieś porty w Komponencie Dockera",
    "resourceLearnRaw": "Dowiedz się, jak skonfigurować zasoby TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Usuń etykietę",
    "labelAdd": "Dodaj etykietę",
    "labelCreateSuccessMessage": "Etykieta została utworzona pomyślnie",
+    "labelDuplicateError": "Zduplikowana etykieta",
+    "labelDuplicateErrorDescription": "Etykieta o tej nazwie już istnieje.",
    "labelEditSuccessMessage": "Etykieta została pomyślnie zmodyfikowana",
    "labelNameField": "Nazwa etykiety",
    "labelColorField": "Kolor etykiety",
@@ -311,7 +320,7 @@
    "rules": "Regulamin",
    "resourceSettingDescription": "Skonfiguruj ustawienia zasobu",
    "resourceSetting": "Ustawienia {resourceName}",
-    "resourcePolicySettingDescription": "Skonfiguruj ustawienia w polityce zasobów",
+    "resourcePolicySettingDescription": "Skonfiguruj ustawienia tej publicznej polityki zasobów",
    "resourcePolicySetting": "Ustawienia {policyName}",
    "alwaysAllow": "Omijanie uwierzytelniania",
    "alwaysDeny": "Blokuj dostęp",
@@ -719,7 +728,7 @@
    "targetSubmit": "Dodaj cel",
    "targetNoOne": "Ten zasób nie ma żadnych celów. Dodaj cel do skonfigurowania adresów wysyłania żądań do backendu.",
    "targetNoOneDescription": "Dodanie więcej niż jednego celu powyżej włączy równoważenie obciążenia.",
-    "targetsSubmit": "Zapisz cele",
+    "targetsSubmit": "Zapisz ustawienia",
    "addTarget": "Dodaj cel",
    "proxyMultiSiteRoundRobinNodeHelp": "Trasowanie round-robin nie będzie działać między witrynami, które nie są połączone z tym samym węzłem, ale przełączanie awaryjne będzie działać.",
    "targetErrorInvalidIp": "Nieprawidłowy adres IP",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Duplikat reguły",
    "rulesErrorDuplicateDescription": "Reguła o tych ustawieniach już istnieje",
    "rulesErrorInvalidIpAddressRange": "Nieprawidłowy CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź prawidłową wartość CIDR",
-    "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka URL",
-    "rulesErrorInvalidUrlDescription": "Wprowadź prawidłową wartość ścieżki URL",
-    "rulesErrorInvalidIpAddress": "Nieprawidłowe IP",
-    "rulesErrorInvalidIpAddressDescription": "Wprowadź prawidłowy adres IP",
+    "rulesErrorInvalidIpAddressRangeDescription": "Wprowadź poprawny zakres CIDR (np. 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Nieprawidłowa ścieżka",
+    "rulesErrorInvalidUrlDescription": "Wprowadź poprawną ścieżkę URL lub wzorzec (np. /api/*).",
+    "rulesErrorInvalidIpAddress": "Nieprawidłowy adres IP",
+    "rulesErrorInvalidIpAddressDescription": "Wprowadź poprawny adres IPv4 lub IPv6.",
    "rulesErrorUpdate": "Nie udało się zaktualizować reguł",
    "rulesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji reguł",
    "rulesUpdated": "Włącz reguły",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Wprowadź adres IP (np. 103.21.244.12)",
    "rulesMatchUrl": "Wprowadź ścieżkę URL lub wzorzec (np. /api/v1/todos lub /api/v1/*)",
    "rulesErrorInvalidPriority": "Nieprawidłowy priorytet",
-    "rulesErrorInvalidPriorityDescription": "Wprowadź prawidłowy priorytet",
+    "rulesErrorInvalidPriorityDescription": "Wprowadź liczbę całkowitą 1 lub wyższą.",
    "rulesErrorDuplicatePriority": "Zduplikowane priorytety",
-    "rulesErrorDuplicatePriorityDescription": "Wprowadź unikalne priorytety",
+    "rulesErrorDuplicatePriorityDescription": "Każda reguła musi mieć unikalny numer priorytetu.",
+    "rulesErrorValidation": "Nieprawidłowe reguły",
+    "rulesErrorValidationRuleDescription": "Reguła {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Wybierz poprawny typ dopasowania (ścieżka, IP, CIDR, kraj, region lub ASN).",
+    "rulesErrorValueRequired": "Wprowadź wartość dla tej reguły.",
+    "rulesErrorInvalidCountry": "Nieprawidłowy kraj",
+    "rulesErrorInvalidCountryDescription": "Wybierz poprawny kraj.",
+    "rulesErrorInvalidAsn": "Nieprawidłowy ASN",
+    "rulesErrorInvalidAsnDescription": "Wprowadź poprawny ASN (np. AS15169).",
    "ruleUpdated": "Reguły zaktualizowane",
    "ruleUpdatedDescription": "Reguły zostały pomyślnie zaktualizowane",
    "ruleErrorUpdate": "Operacja nie powiodła się",
    "ruleErrorUpdateDescription": "Wystąpił błąd podczas operacji zapisu",
    "rulesPriority": "Priorytet",
+    "rulesReorderDragHandle": "Przeciągnij, aby zmienić kolejność priorytetów reguł",
    "rulesAction": "Akcja",
    "rulesMatchType": "Typ dopasowania",
    "value": "Wartość",
@@ -792,7 +810,7 @@
    "rulesResource": "Konfiguracja reguł zasobu",
    "rulesResourceDescription": "Skonfiguruj reguły, aby kontrolować dostęp do zasobu",
    "ruleSubmit": "Dodaj regułę",
-    "rulesNoOne": "Brak reguł. Dodaj regułę używając formularza.",
+    "rulesNoOne": "Brak reguł.",
    "rulesOrder": "Reguły są oceniane według priorytetu w kolejności rosnącej.",
    "rulesSubmit": "Zapisz reguły",
    "policyErrorCreate": "Błąd przy tworzeniu polityki",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Wystąpił nieoczekiwany błąd",
    "policyCreatedSuccess": "Polityka zasobów została pomyślnie utworzona",
    "policyUpdatedSuccess": "Polityka zasobów została pomyślnie zaktualizowana",
-    "authMethodsSave": "Zapisz metody uwierzytelniania",
+    "authMethodsSave": "Zapisz ustawienia",
+    "policyAuthStackTitle": "Uwierzytelnianie",
+    "policyAuthStackDescription": "Kontroluj, które metody uwierzytelniania są wymagane do uzyskania dostępu do tego zasobu",
+    "policyAuthOrLogicTitle": "Kilka metod uwierzytelniania jest aktywnych",
+    "policyAuthOrLogicBanner": "Odwiedzający mogą się uwierzytelnić, korzystając z jednej z poniższych aktywnych metod. Nie muszą ukończyć wszystkich z nich.",
+    "policyAuthMethodActive": "Aktywny",
+    "policyAuthMethodOff": "Wyłączony",
+    "policyAuthSsoTitle": "Platforma SSO",
+    "policyAuthSsoDescription": "Wymagany znak w identyfikatorze dostawcy Twojej organizacji",
+    "policyAuthSsoSummary": "{idp} · {users} użytkowników, {roles} ról",
+    "policyAuthSsoDefaultIdp": "Dostawca domyślny",
+    "policyAuthAddDefaultIdentityProvider": "Dodaj Dostawcę Tożsamości Domyślnej",
+    "policyAuthOtherMethodsTitle": "Inne Metody",
+    "policyAuthOtherMethodsDescription": "Opcjonalne metody, których odwiedzający mogą używać zamiast lub razem z platformą SSO",
+    "policyAuthPasscodeTitle": "Hasło dostępu",
+    "policyAuthPasscodeDescription": "Wymagane wspólne hasło alfanumeryczne do uzyskania dostępu do zasobu",
+    "policyAuthPasscodeSummary": "Zestaw hasła dostępu",
+    "policyAuthPincodeTitle": "Kod PIN",
+    "policyAuthPincodeDescription": "Krótki kod numeryczny wymagany do uzyskania dostępu do zasobu",
+    "policyAuthPincodeSummary": "Ustawiono 6-cyfrowy kod PIN",
+    "policyAuthEmailTitle": "Biała lista e-mail",
+    "policyAuthEmailDescription": "Dozwolone adresy e-mail z hasłami jednorazowymi",
+    "policyAuthEmailSummary": "Dozwolonych {count} adresów",
+    "policyAuthEmailOtpCallout": "Włączenie białej listy e-mail wysyła hasło jednorazowe na e-mail odwiedzającego podczas logowania.",
+    "policyAuthHeaderAuthTitle": "Podstawowe Uwierzytelnianie Nagłówka",
+    "policyAuthHeaderAuthDescription": "Walidacja niestandardowej nazwy i wartości nagłówka HTTP przy każdym żądaniu",
+    "policyAuthHeaderAuthSummary": "Skonfigurowany nagłówek",
+    "policyAuthHeaderName": "Nazwa nagłówka",
+    "policyAuthHeaderValue": "Oczekiwana wartość",
+    "policyAuthSetPasscode": "Ustaw hasło dostępu",
+    "policyAuthSetPincode": "Ustaw kod PIN",
+    "policyAuthSetEmailWhitelist": "Ustaw białą listę e-mail",
+    "policyAuthSetHeaderAuth": "Ustaw Podstawowe Uwierzytelnianie Nagłówka",
+    "policyAccessRulesTitle": "Zasady Dostępu",
+    "policyAccessRulesEnableDescription": "Gdy zostaną włączone, reguły są oceniane w kolejności malejącej, aż jedna z nich zostanie oceniona jako prawdziwa.",
+    "policyAccessRulesFirstMatch": "Reguły są oceniane od góry do dołu. Pierwsza pasująca reguła decyduje o wyniku.",
+    "policyAccessRulesHowItWorks": "Reguły dopasowują żądania według ścieżki, adresu IP, lokalizacji lub innych kryteriów. Każda reguła stosuje działanie: pominięcie uwierzytelniania, blokowanie dostępu lub przekazanie do uwierzytelniania. Jeśli żadna reguła nie pasuje, ruch przechodzi dalej do uwierzytelniania.",
+    "policyAccessRulesFallthroughOff": "Gdy reguły są wyłączone, cały ruch przechodzi do uwierzytelniania.",
+    "policyAccessRulesFallthroughOn": "Gdy żadna reguła nie pasuje, ruch przechodzi do uwierzytelniania.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Zapisz zasady",
    "resourceErrorCreate": "Błąd podczas tworzenia zasobu",
    "resourceErrorCreateDescription": "Wystąpił błąd podczas tworzenia zasobu",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji zasobu",
    "access": "Dostęp",
    "accessControl": "Kontrola dostępu",
-    "shareLink": "Link udostępniania {resource}",
+    "shareLink": "{resource} Link do udostępnienia",
    "resourceSelect": "Wybierz zasób",
-    "shareLinks": "Linki udostępniania",
+    "shareLinks": "Linki do udostępnienia",
    "share": "Linki do udostępniania",
    "shareDescription2": "Utwórz linki do zasobów, które można współdzielić. Linki zapewniają tymczasowy lub nieograniczony dostęp do twojego zasobu. Możesz skonfigurować czas ważności linku, gdy go utworzysz.",
    "shareEasyCreate": "Łatwe tworzenie i udostępnianie",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Administratorzy zawsze mają dostęp do tego zasobu.",
    "resourcePolicySelectTitle": "Polityka dostępu do zasobów",
    "resourcePolicySelectDescription": "Wybierz typ polityki zasobów do uwierzytelniania",
+    "resourcePolicyTypeLabel": "Typ polityki",
+    "resourcePolicyLabel": "Polityka zasobów",
    "resourcePolicyInline": "Warunkowa polityka zasobów",
    "resourcePolicyInlineDescription": "Polityka dostępu tylko do tego zasobu",
    "resourcePolicyShared": "Dzielona polityka zasobów",
-    "resourcePolicySharedDescription": "Ten zasób korzysta z dzielonej polityki. Ustawienia na poziomie polityki (metody uwierzytelniania, biała lista e-maili) są zablokowane. Możesz dodać zasady specyficzne dla zasobów, role i użytkowników poniżej.",
+    "resourcePolicySharedDescription": "Ten zasób korzysta z polityki współdzielonej.",
+    "sharedPolicy": "Polityka Współdzielona",
+    "sharedPolicyNoneDescription": "Ten zasób ma własną politykę.",
+    "resourceSharedPolicyOwnDescription": "Ten zasób ma własne kontrole zasad uwierzytelniania i dostępu.",
+    "resourceSharedPolicyInheritedDescription": "Ten zasób dziedziczy z <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Ten zasób używa polityki współdzielonej. Niektóre ustawienia uwierzytelniania można edytować w tym zasobie, aby dodać do polityki. Aby zmienić podlegającą politykę, musisz ją edytować do <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Ten zasób używa polityki współdzielonej. Niektóre zasady dostępu można edytować w tym zasobie. Aby zmienić podlegającą politykę, musisz edytować <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Kontrola dostępu",
    "resourceUsersRolesDescription": "Skonfiguruj, którzy użytkownicy i role mogą odwiedzać ten zasób",
    "resourceUsersRolesSubmit": "Zapisz kontrole dostępu",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Widoczność",
    "resourceVisibilityTitleDescription": "Całkowicie włącz lub wyłącz widoczność zasobu",
    "resourceGeneral": "Ustawienia ogólne",
-    "resourceGeneralDescription": "Skonfiguruj ustawienia ogólne dla tego zasobu",
+    "resourceGeneralDescription": "Skonfiguruj nazwę, adres i zasady dostępu dla tego zasobu.",
+    "resourceGeneralDetailsSubsection": "Szczegóły zasobu",
+    "resourceGeneralDetailsSubsectionDescription": "Ustaw nazwę wyświetlaną, identyfikator i publicznie dostępna domenę dla tego zasobu.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Ustaw nazwę wyświetlaną, identyfikator i publiczny port dla tego zasobu.",
+    "resourceGeneralPublicAddressSubsection": "Publiczny Adres",
+    "resourceGeneralPublicAddressSubsectionDescription": "Skonfiguruj, jak użytkownicy mogą dotrzeć do tego zasobu.",
+    "resourceGeneralAuthenticationAccessSubsection": "Uwierzytelnianie i Dostęp",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Wybierz, czy ten zasób używa własnej polityki, czy dziedziczy z polityki współdzielonej.",
    "resourceEnable": "Włącz zasób",
    "resourceTransfer": "Przenieś zasób",
    "resourceTransferDescription": "Przenieś ten zasób do innej witryny",
@@ -1220,11 +1294,14 @@
    "addLabels": "Dodaj etykiety",
    "siteLabelsTab": "Etykiety",
    "siteLabelsDescription": "Zarządzaj etykietami powiązanymi z tą stroną.",
-    "labelsNotFound": "Nie znaleziono etykiet",
+    "labelsNotFound": "Nie znaleziono etykiet.",
+    "labelsEmptyCreateHint": "Zacznij pisać powyżej, aby utworzyć etykietę.",
    "labelSearch": "Szukaj etykiet",
+    "labelSearchOrCreate": "Wyszukaj lub utwórz etykietę",
    "accessLabelFilterCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
    "labelOverflowCount": "+{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
    "accessLabelFilterClear": "Wyczyść filtry etykiet",
+    "accessFilterClear": "Wyczyść filtry",
    "selectColor": "Wybierz kolor",
    "createNewLabel": "Utwórz nową etykietę org \"{label}\"",
    "inviteInvalidDescription": "Link zapraszający jest nieprawidłowy.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Zasoby",
    "sidebarProxyResources": "Publiczne",
    "sidebarClientResources": "Prywatny",
-    "sidebarPolicies": "Polityki",
-    "sidebarResourcePolicies": "Zasoby",
+    "sidebarPolicies": "Polityki Współdzielone",
+    "sidebarResourcePolicies": "Zasoby publiczne",
    "sidebarAccessControl": "Kontrola dostępu",
    "sidebarLogsAndAnalytics": "Logi i Analityki",
    "sidebarTeam": "Drużyna",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Zaproszenia",
    "sidebarRoles": "Role",
-    "sidebarShareableLinks": "Linki",
+    "sidebarShareableLinks": "Linki do udostępnienia",
    "sidebarApiKeys": "Klucze API",
    "sidebarProvisioning": "Dostarczanie",
    "sidebarSettings": "Ustawienia",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Zasób {id}",
    "blueprints": "Schematy",
    "blueprintsLog": "Dziennik szablonów",
-    "blueprintsDescription": "Zobacz wcześniejsze zastosowania szablonów i ich wyniki",
+    "blueprintsDescription": "Przeglądaj wcześniejsze aplikacje wzorców i ich wyniki lub zastosuj nowy wzorzec",
    "blueprintAdd": "Dodaj schemat",
    "blueprintGoBack": "Zobacz wszystkie schematy",
    "blueprintCreate": "Utwórz schemat",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Włącz schemat dokera",
    "enableDockerSocketDescription": "Włącz etykietowanie gniazda dokera dla etykiet szablonów. Ścieżka do gniazda musi być dostarczona do łącznika strony. Przeczytaj zarówno jak to działa w <docsLink>dokumentacji</docsLink>.",
    "newtAutoUpdate": "Włącz automatyczną aktualizację witryny",
-    "newtAutoUpdateDescription": "Kiedy włączone, łączniki witryn będą się automatycznie aktualizować do najnowszej wersji, gdy dostępne będzie nowe wydanie.",
+    "newtAutoUpdateDescription": "Po włączeniu, łączniki witryn automatycznie pobiorą najnowszą wersję i uruchomią się ponownie. Można to nadpisać na poziomie poszczególnych witryn.",
    "siteAutoUpdate": "Automatyczna aktualizacja strony",
    "siteAutoUpdateLabel": "Włącz aktualizacje automatyczne",
-    "siteAutoUpdateDescription": "Kontroluj czy łącznik tej strony automatycznie pobiera najnowszą wersję.",
+    "siteAutoUpdateDescription": "Po włączeniu, łącznik tej witryny automatycznie pobierze najnowszą wersję i uruchomi się ponownie.",
    "siteAutoUpdateOrgDefault": "Domyślnie dla organizacji: {state}",
    "siteAutoUpdateOverriding": "Nadpisywanie ustawień organizacji",
    "siteAutoUpdateResetToOrg": "Zresetuj do domyślnych ustawień organizacji",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Konfiguracja konta zakończona! Witaj w Pangolin!",
    "documentation": "Dokumentacja",
    "saveAllSettings": "Zapisz wszystkie ustawienia",
-    "saveResourceTargets": "Zapisz cele",
-    "saveResourceHttp": "Zapisz ustawienia proxy",
-    "saveProxyProtocol": "Zapisz ustawienia protokołu proxy",
+    "saveResourceTargets": "Zapisz ustawienia",
+    "saveResourceHttp": "Zapisz ustawienia",
+    "saveProxyProtocol": "Zapisz ustawienia",
    "settingsUpdated": "Ustawienia zaktualizowane",
    "settingsUpdatedDescription": "Ustawienia zostały pomyślnie zaktualizowane",
    "settingsErrorUpdate": "Nie udało się zaktualizować ustawień",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Nieznany",
    "healthCheck": "Kontrola Zdrowia",
    "configureHealthCheck": "Skonfiguruj Kontrolę Zdrowia",
-    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zdrowia dla {target}",
+    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zasobu, aby zapewnić jego dostępność",
    "enableHealthChecks": "Włącz Kontrole Zdrowia",
    "healthCheckDisabledStateDescription": "Gdy wyłączone, strona nie będzie wykonywać kontroli zdrowia, a stan zostanie uznany za nieznany.",
    "enableHealthChecksDescription": "Monitoruj zdrowie tego celu. Możesz monitorować inny punkt końcowy niż docelowy w razie potrzeby.",
    "healthScheme": "Metoda",
    "healthSelectScheme": "Wybierz metodę",
-    "healthCheckPortInvalid": "Port oceny stanu musi znajdować się między 1 a 65535",
+    "healthCheckPortInvalid": "Port musi być pomiędzy 1 a 65535",
    "healthCheckPath": "Ścieżka",
    "healthHostname": "IP / Nazwa hosta",
    "healthPort": "Port",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Wymagaj zatwierdzenia urządzenia",
    "requireDeviceApprovalDescription": "Użytkownicy o tej roli potrzebują nowych urządzeń zatwierdzonych przez administratora, zanim będą mogli połączyć się i uzyskać dostęp do zasobów.",
    "sshSettings": "Ustawienia SSH",
+    "sshAccess": "Dostęp SSH",
    "rdpSettings": "Ustawienia RDP",
    "vncSettings": "Ustawienia VNC",
    "sshServer": "Serwer SSH",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Upewnij się, że Twoja maszyna docelowa jest poprawnie skonfigurowana do uruchamiania demona uwierzytelniania zanim ukończysz tę konfigurację, w przeciwnym razie provisioning zakończy się niepowodzeniem.",
    "sshDaemonPort": "Port Demona",
    "sshServerDestination": "Miejsce docelowe serwera",
-    "sshServerDestinationDescription": "Skonfiguruj miejsce docelowe i port serwera SSH",
+    "sshServerDestinationDescription": "Skonfiguruj miejsce docelowe serwera SSH",
    "destination": "Miejsce docelowe",
+    "destinationRequired": "Wymagane jest miejsce docelowe.",
+    "domainRequired": "Wymagana jest domena.",
+    "proxyPortRequired": "Wymagany jest port.",
+    "invalidPathConfiguration": "Nieprawidłowa konfiguracja ścieżki.",
+    "invalidRewritePathConfiguration": "Nieprawidłowa konfiguracja ścieżki modyfikacji.",
    "bgTargetMultiSiteDisclaimer": "Wybór wielu stron umożliwia odporność trasowania i zmienioność dla wysokiej dostępności.",
    "roleAllowSsh": "Zezwalaj na SSH",
    "roleAllowSshAllow": "Zezwól",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
    "sshSudo": "Zezwól na sudo",
    "sshSudoCommands": "Komendy Sudo",
-    "sshSudoCommandsDescription": "Lista rozdzielona przecinkami poleceń, które użytkownik może uruchomić z sudo. Należy używać ścieżek bezwzględnych.",
+    "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchomić z sudo, oddzielone przecinkami, spacjami lub nowymi liniami. Absolutne ścieżki muszą być używane.",
    "sshCreateHomeDir": "Utwórz katalog domowy",
    "sshUnixGroups": "Grupy Unix",
-    "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
+    "sshUnixGroupsDescription": "Grupy Uniksowe, do których dodać użytkownika na docelowym hoście, oddzielone przecinkami, spacjami, lub nowymi liniami.",
+    "roleTextFieldPlaceholder": "Wprowadź wartości lub upuść plik .txt lub .csv",
+    "roleTextImportTitle": "Importuj z pliku",
+    "roleTextImportDescription": "Importowanie {fileName} do {fieldLabel}.",
+    "roleTextImportSkipHeader": "Pomiń pierwszy wiersz (Nagłówek)",
+    "roleTextImportOverride": "Zamień istniejące",
+    "roleTextImportAppend": "Dołącz do istniejącego",
+    "roleTextImportMode": "Tryb importu",
+    "roleTextImportPreview": "Podgląd",
+    "roleTextImportItemCount": "{count, plural, =0 {Brak elementów do zaimportowania} one {1 element do zaimportowania} few {# elementy do zaimportowania} many {# elementów do zaimportowania} other {# elementów do zaimportowania}}",
+    "roleTextImportTotalCount": "{existing} istniejące + {imported} zaimportowane = {total} łącznie",
+    "roleTextImportConfirm": "Importuj",
+    "roleTextImportInvalidFile": "Nieobsługiwany typ pliku",
+    "roleTextImportInvalidFileDescription": "Obsługiwane są tylko pliki .txt i .csv.",
+    "roleTextImportEmpty": "Nie znaleziono elementów w pliku",
+    "roleTextImportEmptyDescription": "Plik nie zawiera żadnych elementów możliwych do zaimportowania.",
    "retryAttempts": "Próby Ponowienia",
    "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
    "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Włącz protokół proxy",
    "proxyProtocolInfo": "Zachowaj adresy IP klienta dla backendów TCP",
    "proxyProtocolVersion": "Wersja protokołu proxy",
-    "version1": " Wersja 1 (zalecane)",
+    "version1": "Wersja 1 (Zalecane)",
    "version2": "Wersja 2",
-    "versionDescription": "Wersja 1 jest oparta na tekście i szeroko wspierana. Wersja 2 jest binarna i bardziej efektywna, ale mniej kompatybilna.",
+    "version1Description": "Oparta na tekście i szeroko wspierana. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
+    "version2Description": "Binarna i bardziej efektywna, ale mniej kompatybilna. Upewnij się, że transport serwera został dodany do dynamicznej konfiguracji.",
    "warning": "Ostrzeżenie",
    "proxyProtocolWarning": "Aplikacja backend musi być skonfigurowana do akceptowania połączeń protokołu proxy. Jeśli Twój backend nie obsługuje protokołu Proxy, włączenie tego spowoduje przerwanie wszystkich połączeń, więc włącz to tylko jeśli wiesz, co robisz. Upewnij się, że konfiguracja twojego backendu do zaufanych nagłówków protokołu proxy z Traefik.",
    "restarting": "Restartowanie...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Wprowadź potwierdzenie",
    "blueprintViewDetails": "Szczegóły",
    "defaultIdentityProvider": "Domyślny dostawca tożsamości",
-    "defaultIdentityProviderDescription": "Gdy zostanie wybrany domyślny dostawca tożsamości, użytkownik zostanie automatycznie przekierowany do dostawcy w celu uwierzytelnienia.",
+    "defaultIdentityProviderDescription": "Użytkownik zostanie automatycznie przekierowany do tego dostawcy tożsamości w celu uwierzytelnienia.",
    "editInternalResourceDialogNetworkSettings": "Ustawienia sieci",
    "editInternalResourceDialogAccessPolicy": "Polityka dostępowa",
    "editInternalResourceDialogAddRoles": "Dodaj role",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Typ trybu konserwacji",
    "showMaintenancePage": "Pokaż odwiedzającym stronę konserwacji",
    "enableMaintenanceMode": "Włącz tryb konserwacji",
+    "enableMaintenanceModeDescription": "Gdy włączone, odwiedzający zobaczą stronę konserwacyjną zamiast Twojego zasobu.",
    "automatic": "Automatycznie",
    "automaticModeDescription": "Pokaż stronę konserwacyjną tylko wtedy, gdy wszystkie cele zaplecza są wyłączone lub niezdrowe. Twój zasób działa nadal normalnie, o ile przynajmniej jeden cel jest zdrowy.",
    "forced": "Wymuszone",
@@ -3082,6 +3182,8 @@
    "warning:": "Ostrzeżenie:",
    "forcedeModeWarning": "Cały ruch zostanie skierowany na stronę konserwacyjną. Twoje zasoby zaplecza nie otrzymają żadnych żądań.",
    "pageTitle": "Tytuł strony",
+    "maintenancePageContentSubsection": "Zawartość strony",
+    "maintenancePageContentSubsectionDescription": "Dostosuj treść wyświetlaną na stronie konserwacyjnej",
    "pageTitleDescription": "Główny nagłówek wyświetlany na stronie konserwacyjnej",
    "maintenancePageMessage": "Komunikat konserwacyjny",
    "maintenancePageMessagePlaceholder": "Wrócimy wkrótce! Nasza strona przechodzi obecnie zaplanowaną konserwację.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Czy na pewno chcesz odłączyć tego dostawcę tożsamości od tej organizacji?",
    "idpUnassociateDescription": "Wszystkie użytkownicy powiązani z tym dostawcą tożsamości zostaną usunięci z tej organizacji, ale dostawca tożsamości będzie nadal istniał dla innych powiązanych organizacji.",
    "idpUnassociateConfirm": "Potwierdź odłączenie dostawcy tożsamości",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "USUŃ I USUŃ MNIE Z ORGANIZACJI",
+    "idpUnassociateAndRemoveMeFromOrg": "ODSTAW I USUŃ MNIE Z ORGANIZACJI",
    "idpUnassociateWarning": "Tego nie można cofnąć dla tej organizacji.",
    "idpUnassociatedDescription": "Dostawca tożsamości pomyślnie odłączony od tej organizacji",
    "idpUnassociateMenu": "Odłącz",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Łączenie…",
    "sshInitializing": "Inicjalizacja…",
    "sshSignInTitle": "Zaloguj się do SSH",
-    "sshSignInDescription": "Wprowadź swoje poświadczenia SSH",
+    "sshSignInDescription": "Wprowadź poświadczenia SSH, aby się połączyć",
    "sshPasswordTab": "Hasło",
    "sshPrivateKeyTab": "Klucz prywatny",
    "sshPrivateKeyField": "Klucz prywatny",
    "sshPrivateKeyDisclaimer": "Twój klucz prywatny nie jest przechowywany ani widoczny dla Pangolin. Alternatywnie, możesz używać certyfikatów krótkoterminowych do bezproblemowego uwierzytelniania za pomocą Twojej istniejącej tożsamości Pangolin.",
    "sshLearnMore": "Dowiedz się więcej",
    "sshPrivateKeyFile": "Plik klucza prywatnego",
-    "sshAuthenticate": "Uwierzytelnij",
+    "sshAuthenticate": "Połącz",
    "sshTerminate": "Zakończ",
    "sshPoweredBy": "Obsługiwane przez",
    "sshErrorNoTarget": "Nie określono celu",
    "sshErrorWebSocket": "Połączenie WebSocket nie powiodło się",
    "sshErrorAuthFailed": "Uwierzytelnianie nie powiodło się",
-    "sshErrorConnectionClosed": "Połączenie zamknięte przed ukończeniem uwierzytelniania"
+    "sshErrorConnectionClosed": "Połączenie zamknięte przed ukończeniem uwierzytelniania",
+    "sitePangolinSshDescription": "Pozwól na dostęp SSH do zasobów na tej stronie. Można to zmienić później.",
+    "browserGatewayNoResourceForDomain": "Nie znaleziono zasobu dla tej domeny",
+    "browserGatewayNoTarget": "Brak celu",
+    "browserGatewayConnect": "Połącz",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Nie udało się podpisać klucza SSH dla uwierzytelniania PAM. Czy zalogowałeś się jako użytkownik?",
+    "sshTerminalError": "Błąd: {error}",
+    "sshConnectionClosedCode": "Połączenie zamknięte (kod {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "Wymagany jest klucz prywatny",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Wprowadź hasło VNC, aby się połączyć",
+    "vncPasswordOptional": "Hasło (opcjonalne)",
+    "vncNoResourceTarget": "Brak dostępnego celu zasobu",
+    "vncFailedToLoadNovnc": "Błąd ładowania noVNC",
+    "vncAuthFailedStatus": "Status {status}",
+    "vncPasteClipboard": "Wklej schowek",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Zaloguj się na Pulpit Zdalny",
+    "rdpSignInDescription": "Wprowadź poświadczenia Windows, aby się połączyć",
+    "rdpLoadingModule": "Ładowanie modułu...",
+    "rdpFailedToLoadModule": "Nie udało się załadować modułu RDP",
+    "rdpNotReady": "Nie gotowy",
+    "rdpModuleInitializing": "Moduł RDP jest nadal inicjalizowany",
+    "rdpDownloadingFiles": "Pobieranie {count} pliku(ów) zdalnego…",
+    "rdpDownloadFailed": "Nie udało się pobrać: {fileName}",
+    "rdpUploaded": "Przesłano: {fileName}",
+    "rdpNoConnectionTarget": "Brak dostępnego celu połączenia",
+    "rdpConnectionFailed": "Połączenie niepowiodło się",
+    "rdpFit": "Dopasuj",
+    "rdpFull": "Pełny",
+    "rdpReal": "Rzeczywisty",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Prześlij pliki",
+    "rdpFilesReadyToPaste": "Pliki gotowe do wklejenia",
+    "rdpFilesReadyToPasteDescription": "Skopiowano {count} plik(-ów/-i) do zdalnego schowka — naciśnij Ctrl+V na zdalnym pulpicie, aby wkleić.",
+    "rdpUploadFailed": "Niepowodzenie przesyłania",
+    "rdpUnicodeKeyboardMode": "Tryb klawiatury Unicode",
+    "sessionToolbarShow": "Pokaż pasek narzędzi",
+    "sessionToolbarHide": "Ukryj pasek narzędzi"
 }
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Visualizar Recursos Privados",
    "siteInstallNewt": "Instalar Novo",
    "siteInstallNewtDescription": "Novo item em execução no seu sistema",
+    "siteInstallKubernetesDocsDescription": "Para mais informações atualizadas sobre a instalação do Kubernetes, veja <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Para instruções de instalação do modem da Advantech, veja <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Configuração do WireGuard",
    "WgConfigurationDescription": "Use a seguinte configuração para conectar-se à rede",
    "operatingSystem": "Sistema operacional",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Você só será capaz de ver esta vez. Certifique-se de copiá-lo para um lugar seguro.",
    "siteInfo": "Informações do Site",
    "status": "SItuação",
-    "shareTitle": "Gerir links partilhados",
+    "shareTitle": "Gerenciar Links Compartilháveis",
    "shareDescription": "Criar links compartilháveis para conceder acesso temporário ou permanente aos recursos do proxy",
-    "shareSearch": "Pesquisar links de compartilhamento...",
-    "shareCreate": "Criar Link de Compartilhamento",
+    "shareSearch": "Pesquisar links compartilháveis...",
+    "shareCreate": "Criar Link Compartilhável",
    "shareErrorDelete": "Falha ao apagar o link",
    "shareErrorDeleteMessage": "Ocorreu um erro ao apagar o link",
    "shareDeleted": "Link excluído",
    "shareDeletedDescription": "O link foi eliminado",
-    "shareDelete": "Excluir Link de Compartilhamento",
-    "shareDeleteConfirm": "Confirmar Exclusão de Link de Compartilhamento",
+    "shareDelete": "Excluir Link Compartilhável",
+    "shareDeleteConfirm": "Confirmar exclusão do Link Compartilhável",
    "shareQuestionRemove": "Tem certeza de que deseja excluir este link de compartilhamento?",
    "shareMessageRemove": "Uma vez excluído, o link não funcionará mais e qualquer pessoa que o utilizar perderá o acesso ao recurso.",
    "shareTokenDescription": "O token de acesso pode ser passado de duas maneiras: como um parâmetro de consulta ou nos cabeçalhos da solicitação. Estes devem ser passados do cliente em todas as solicitações para acesso autenticado.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Qualquer um com este link pode aceder o recurso",
    "shareTitleOptional": "Título (opcional)",
    "sharePathOptional": "Caminho (opcional)",
+    "sharePathDescription": "O link redirecionará os usuários para este caminho após a autenticação.",
    "expireIn": "Expira em",
    "neverExpire": "Nunca expirar",
    "shareExpireDescription": "Tempo de expiração é quanto tempo o link será utilizável e oferecerá acesso ao recurso. Após este tempo, o link não funcionará mais, e os utilizadores que usaram este link perderão acesso ao recurso.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Por favor, selecione um recurso",
    "proxyResourceTitle": "Gerenciar Recursos Públicos",
    "proxyResourceDescription": "Criar e gerenciar recursos que são acessíveis publicamente por meio de um navegador da web",
-    "publicResourcesBannerTitle": "Acesso Público via Web",
-    "publicResourcesBannerDescription": "Os recursos públicos são proxies HTTPS ou TCP/UDP acessíveis a qualquer pessoa na internet por meio de um navegador web. Ao contrário dos recursos privados, eles não requerem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
+    "publicResourcesBannerTitle": "Acesso Público Baseado em Web",
+    "publicResourcesBannerDescription": "Os recursos públicos são proxies HTTPS acessíveis a qualquer pessoa na internet através de um navegador web. Ao contrário dos recursos privados, eles não exigem software do lado do cliente e podem incluir políticas de acesso conscientes de identidade e contexto.",
    "clientResourceTitle": "Gerenciar recursos privados",
    "clientResourceDescription": "Criar e gerenciar recursos que só são acessíveis por meio de um cliente conectado",
    "privateResourcesBannerTitle": "Acesso Privado com Confiança Zero",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Procurar recursos...",
    "resourceAdd": "Adicionar Recurso",
    "resourceErrorDelte": "Erro ao apagar recurso",
-    "resourcePoliciesTitle": "Gerenciar Políticas de Recurso",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos Anexados",
+    "resourcePoliciesBannerTitle": "Reutilizar Regras de Autenticação e Acesso",
+    "resourcePoliciesBannerDescription": "Políticas de recursos compartilhados permitem que você defina métodos de autenticação e regras de acesso apenas uma vez, e então as associe a vários recursos públicos. Quando você atualiza uma política, cada recurso vinculado herda a alteração automaticamente.",
+    "resourcePoliciesBannerButtonText": "Saiba mais",
+    "resourcePoliciesTitle": "Gerenciar Políticas de Recursos Públicos",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Recursos",
    "resourcePoliciesAttachedResources": "{count} recurso(s)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# recurso} other {# recursos}}",
    "resourcePoliciesAttachedResourcesEmpty": "sem recursos",
-    "resourcePoliciesDescription": "Crie e gerencie políticas de autenticação para controlar o acesso aos seus recursos",
+    "resourcePoliciesDescription": "Crie e gerencie políticas de autenticação para controlar o acesso aos seus recursos públicos",
    "resourcePoliciesSearch": "Pesquisar políticas...",
    "resourcePoliciesAdd": "Adicionar Política",
    "resourcePoliciesDefaultBadgeText": "Política Padrão",
-    "resourcePoliciesCreate": "Criar Política de Recurso",
+    "resourcePoliciesCreate": "Criar Política de Recurso Público",
    "resourcePoliciesCreateDescription": "Siga os passos abaixo para criar uma nova política",
    "resourcePolicyName": "Nome da Política",
    "resourcePolicyNameDescription": "Dê um nome a esta política para identificá-la em seus recursos",
@@ -274,7 +281,7 @@
    "back": "Anterior",
    "cancel": "cancelar",
    "resourceConfig": "Snippets de Configuração",
-    "resourceConfigDescription": "Copie e cole estes snippets de configuração para configurar o recurso TCP/UDP",
+    "resourceConfigDescription": "Copie e cole estes trechos de configuração para configurar o recurso TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Adicionar pontos de entrada",
    "resourceExposePorts": "Gerbil: Expor Portas no Docker Compose",
    "resourceLearnRaw": "Aprenda como configurar os recursos TCP/UDP",
@@ -287,6 +294,8 @@
    "labelDelete": "Excluir Etiqueta",
    "labelAdd": "Adicionar Etiqueta",
    "labelCreateSuccessMessage": "Etiqueta Criada com Sucesso",
+    "labelDuplicateError": "Etiqueta Duplicada",
+    "labelDuplicateErrorDescription": "Já existe uma etiqueta com este nome.",
    "labelEditSuccessMessage": "Etiqueta Modificada com Sucesso",
    "labelNameField": "Nome da Etiqueta",
    "labelColorField": "Cor da Etiqueta",
@@ -311,7 +320,7 @@
    "rules": "Regras",
    "resourceSettingDescription": "Configure as configurações do recurso",
    "resourceSetting": "Configurações do {resourceName}",
-    "resourcePolicySettingDescription": "Configure as configurações na política de recurso",
+    "resourcePolicySettingDescription": "Configure as configurações nesta política de recurso público",
    "resourcePolicySetting": "Configurações de {policyName}",
    "alwaysAllow": "Autenticação de bypass",
    "alwaysDeny": "Bloquear Acesso",
@@ -719,7 +728,7 @@
    "targetSubmit": "Adicionar Alvo",
    "targetNoOne": "Este recurso não tem nenhum alvo. Adicione um alvo para configurar para onde enviar solicitações para o backend.",
    "targetNoOneDescription": "Adicionar mais de um alvo acima habilitará o balanceamento de carga.",
-    "targetsSubmit": "Guardar Alvos",
+    "targetsSubmit": "Salvar Configurações",
    "addTarget": "Adicionar Alvo",
    "proxyMultiSiteRoundRobinNodeHelp": "O roteamento round robin não funcionará entre sites que não estão conectados ao mesmo nó, mas o failover funcionará.",
    "targetErrorInvalidIp": "Endereço IP inválido",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Regra duplicada",
    "rulesErrorDuplicateDescription": "Uma regra com estas configurações já existe",
    "rulesErrorInvalidIpAddressRange": "CIDR inválido",
-    "rulesErrorInvalidIpAddressRangeDescription": "Por favor, insira um valor CIDR válido",
-    "rulesErrorInvalidUrl": "Caminho URL inválido",
-    "rulesErrorInvalidUrlDescription": "Por favor, insira um valor de caminho URL válido",
-    "rulesErrorInvalidIpAddress": "IP inválido",
-    "rulesErrorInvalidIpAddressDescription": "Por favor, insira um endereço IP válido",
+    "rulesErrorInvalidIpAddressRangeDescription": "Digite um intervalo CIDR válido (ex.: 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Caminho inválido",
+    "rulesErrorInvalidUrlDescription": "Insira um caminho URL válido ou padrão (ex.: /api/*).",
+    "rulesErrorInvalidIpAddress": "Endereço IP inválido",
+    "rulesErrorInvalidIpAddressDescription": "Insira um endereço IPv4 ou IPv6 válido.",
    "rulesErrorUpdate": "Falha ao atualizar regras",
    "rulesErrorUpdateDescription": "Ocorreu um erro ao atualizar regras",
    "rulesUpdated": "Ativar Regras",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "Insira um endereço no formato CIDR (ex: 103.21.244.0/22)",
    "rulesMatchIpAddress": "Insira um endereço IP (ex: 103.21.244.12)",
    "rulesMatchUrl": "Insira um caminho URL ou padrão (ex: /api/v1/todos ou /api/v1/*)",
-    "rulesErrorInvalidPriority": "Prioridade Inválida",
-    "rulesErrorInvalidPriorityDescription": "Por favor, insira uma prioridade válida",
-    "rulesErrorDuplicatePriority": "Prioridades Duplicadas",
-    "rulesErrorDuplicatePriorityDescription": "Por favor, insira prioridades únicas",
+    "rulesErrorInvalidPriority": "Prioridade inválida",
+    "rulesErrorInvalidPriorityDescription": "Digite um número inteiro de 1 ou mais.",
+    "rulesErrorDuplicatePriority": "Prioridades duplicadas",
+    "rulesErrorDuplicatePriorityDescription": "Cada regra deve ter um número de prioridade único.",
+    "rulesErrorValidation": "Regras inválidas",
+    "rulesErrorValidationRuleDescription": "Regra {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Selecione um tipo de correspondência válido (caminho, IP, CIDR, país, região ou ASN).",
+    "rulesErrorValueRequired": "Digite um valor para esta regra.",
+    "rulesErrorInvalidCountry": "País inválido",
+    "rulesErrorInvalidCountryDescription": "Selecione um país válido.",
+    "rulesErrorInvalidAsn": "ASN inválido",
+    "rulesErrorInvalidAsnDescription": "Insira um ASN válido (ex.: AS15169).",
    "ruleUpdated": "Regras atualizadas",
    "ruleUpdatedDescription": "Regras atualizadas com sucesso",
    "ruleErrorUpdate": "Operação falhou",
    "ruleErrorUpdateDescription": "Ocorreu um erro durante a operação de salvamento",
    "rulesPriority": "Prioridade",
+    "rulesReorderDragHandle": "Arraste para reordenar a prioridade da regra",
    "rulesAction": "Ação",
    "rulesMatchType": "Tipo de Correspondência",
    "value": "Valor",
@@ -792,7 +810,7 @@
    "rulesResource": "Configuração de Regras do Recurso",
    "rulesResourceDescription": "Configurar regras para controlar o acesso ao recurso",
    "ruleSubmit": "Adicionar Regra",
-    "rulesNoOne": "Sem regras. Adicione uma regra usando o formulário.",
+    "rulesNoOne": "Ainda não há regras.",
    "rulesOrder": "As regras são avaliadas por prioridade em ordem ascendente.",
    "rulesSubmit": "Guardar Regras",
    "policyErrorCreate": "Erro ao criar política",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Ocorreu um erro inesperado",
    "policyCreatedSuccess": "Política de recurso criada com sucesso",
    "policyUpdatedSuccess": "Política de recurso atualizada com sucesso",
-    "authMethodsSave": "Salvar métodos de autenticação",
+    "authMethodsSave": "Salvar Configurações",
+    "policyAuthStackTitle": "Autenticação",
+    "policyAuthStackDescription": "Controle quais métodos de autenticação são necessários para acessar este recurso",
+    "policyAuthOrLogicTitle": "Vários métodos de autenticação ativos",
+    "policyAuthOrLogicBanner": "Os visitantes podem autenticar-se usando qualquer um dos métodos ativos abaixo. Eles não precisam completar todos eles.",
+    "policyAuthMethodActive": "Ativo",
+    "policyAuthMethodOff": "Desligado",
+    "policyAuthSsoTitle": "SSO da Plataforma",
+    "policyAuthSsoDescription": "Exigir login pelo provedor de identidade da sua organização",
+    "policyAuthSsoSummary": "{idp} · {users} usuários, {roles} funções",
+    "policyAuthSsoDefaultIdp": "Provedor padrão",
+    "policyAuthAddDefaultIdentityProvider": "Adicionar Provedor de Identidade Padrão",
+    "policyAuthOtherMethodsTitle": "Outros Métodos",
+    "policyAuthOtherMethodsDescription": "Métodos opcionais que os visitantes podem usar em vez da SSO da plataforma ou junto com ela",
+    "policyAuthPasscodeTitle": "Código de Acesso",
+    "policyAuthPasscodeDescription": "Requer um código de acesso alfanumérico compartilhado para acessar o recurso",
+    "policyAuthPasscodeSummary": "Código de acesso definido",
+    "policyAuthPincodeTitle": "Código PIN",
+    "policyAuthPincodeDescription": "Um código numérico curto necessário para acessar o recurso",
+    "policyAuthPincodeSummary": "Código PIN de 6 dígitos definido",
+    "policyAuthEmailTitle": "Lista de E-mails Permitidos",
+    "policyAuthEmailDescription": "Permitir endereços de e-mail listados com senhas temporárias",
+    "policyAuthEmailSummary": "{count} endereços permitidos",
+    "policyAuthEmailOtpCallout": "Ativar a lista de e-mails permitidos envia uma senha temporária para o e-mail do visitante no login.",
+    "policyAuthHeaderAuthTitle": "Autenticação de Cabeçalho Básico",
+    "policyAuthHeaderAuthDescription": "Valide um nome e valor de cabeçalho HTTP personalizado em cada solicitação",
+    "policyAuthHeaderAuthSummary": "Cabeçalho configurado",
+    "policyAuthHeaderName": "Nome do Cabeçalho",
+    "policyAuthHeaderValue": "Valor esperado",
+    "policyAuthSetPasscode": "Definir Código de Acesso",
+    "policyAuthSetPincode": "Definir Código PIN",
+    "policyAuthSetEmailWhitelist": "Definir Lista de E-mails Permitidos",
+    "policyAuthSetHeaderAuth": "Definir Autenticação de Cabeçalho Básico",
+    "policyAccessRulesTitle": "Regras de Acesso",
+    "policyAccessRulesEnableDescription": "Quando ativadas, as regras são avaliadas em ordem decrescente até que uma delas seja verdadeira.",
+    "policyAccessRulesFirstMatch": "As regras são avaliadas de cima para baixo. A primeira regra correspondente decide o resultado.",
+    "policyAccessRulesHowItWorks": "As regras correspondem a solicitações por caminho, endereço IP, localização ou outros critérios. Cada regra aplica uma ação: ignorar autenticação, bloquear acesso ou passar para autenticação. Se nenhuma regra corresponder, o tráfego continua até a autenticação.",
+    "policyAccessRulesFallthroughOff": "Quando as regras estão desativadas, todo o tráfego passa para a autenticação.",
+    "policyAccessRulesFallthroughOn": "Quando nenhuma regra corresponde, o tráfego passa para a autenticação.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Guardar Regras",
    "resourceErrorCreate": "Erro ao criar recurso",
    "resourceErrorCreateDescription": "Ocorreu um erro ao criar o recurso",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Ocorreu um erro ao atualizar o recurso",
    "access": "Acesso",
    "accessControl": "Controle de Acesso",
-    "shareLink": "Link de Compartilhamento {resource}",
+    "shareLink": "Link Compartilhável {resource}",
    "resourceSelect": "Selecionar recurso",
-    "shareLinks": "Links de Compartilhamento",
+    "shareLinks": "Links Compartilháveis",
    "share": "Links Compartilháveis",
    "shareDescription2": "Crie links compartilháveis para recursos. Links fornecem acesso temporário ou ilimitado ao seu recurso. Você pode configurar a duração de expiração do link quando você criar um.",
    "shareEasyCreate": "Fácil de criar e compartilhar",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Administradores sempre podem aceder este recurso.",
    "resourcePolicySelectTitle": "Política de Acesso ao Recurso",
    "resourcePolicySelectDescription": "Selecione o tipo de política de recurso para autenticação",
+    "resourcePolicyTypeLabel": "Tipo de política",
+    "resourcePolicyLabel": "Política de recurso",
    "resourcePolicyInline": "Política de Recurso Inline",
    "resourcePolicyInlineDescription": "Política de Acesso abrange apenas este recurso",
    "resourcePolicyShared": "Política de Recurso Compartilhada",
-    "resourcePolicySharedDescription": "Este recurso usa uma política compartilhada. As configurações a nível de política (métodos de autenticação, lista de emails permitidos) estão bloqueadas. Você pode adicionar regras, funções e usuários específicos ao recurso abaixo.",
+    "resourcePolicySharedDescription": "Este recurso usa uma política compartilhada.",
+    "sharedPolicy": "Política Compartilhada",
+    "sharedPolicyNoneDescription": "Este recurso tem sua própria política.",
+    "resourceSharedPolicyOwnDescription": "Este recurso possui seus próprios controles de autenticação e regras de acesso.",
+    "resourceSharedPolicyInheritedDescription": "Este recurso herda de <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Este recurso está usando uma política compartilhada. Algumas configurações de autenticação podem ser editadas neste recurso para adicionar à política. Para alterar a política subjacente, você deve editar para <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Este recurso está usando uma política compartilhada. Algumas regras de acesso podem ser editadas neste recurso. Para alterar a política subjacente, você deve editar <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Controlos de Acesso",
    "resourceUsersRolesDescription": "Configure quais utilizadores e funções podem visitar este recurso",
    "resourceUsersRolesSubmit": "Guardar Controlos de Acesso",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Visibilidade",
    "resourceVisibilityTitleDescription": "Ativar ou desativar completamente a visibilidade do recurso",
    "resourceGeneral": "Configurações Gerais",
-    "resourceGeneralDescription": "Configure as configurações gerais para este recurso",
+    "resourceGeneralDescription": "Configure o nome, endereço e política de acesso para este recurso.",
+    "resourceGeneralDetailsSubsection": "Detalhes do Recurso",
+    "resourceGeneralDetailsSubsectionDescription": "Defina o nome de exibição, identificador e domínio publicamente acessível para este recurso.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Defina o nome de exibição, identificador e porta pública para este recurso.",
+    "resourceGeneralPublicAddressSubsection": "Endereço Público",
+    "resourceGeneralPublicAddressSubsectionDescription": "Configure como os usuários alcançarão este recurso.",
+    "resourceGeneralAuthenticationAccessSubsection": "Autenticação & Acesso",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Escolha se este recurso usa sua própria política ou herda de uma política compartilhada.",
    "resourceEnable": "Ativar Recurso",
    "resourceTransfer": "Transferir Recurso",
    "resourceTransferDescription": "Transferir este recurso para um site diferente",
@@ -1220,11 +1294,14 @@
    "addLabels": "Adicionar etiquetas",
    "siteLabelsTab": "Etiquetas",
    "siteLabelsDescription": "Gerencie etiquetas associadas a este site.",
-    "labelsNotFound": "Etiquetas não encontradas",
+    "labelsNotFound": "Nenhuma etiqueta encontrada.",
+    "labelsEmptyCreateHint": "Comece a digitar acima para criar uma etiqueta.",
    "labelSearch": "Pesquisar etiquetas",
+    "labelSearchOrCreate": "Pesquisar ou criar uma etiqueta",
    "accessLabelFilterCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
    "labelOverflowCount": "+{count, plural, one {# etiqueta} other {# etiquetas}}",
    "accessLabelFilterClear": "Limpar filtros de etiquetas",
+    "accessFilterClear": "Limpar filtros",
    "selectColor": "Selecionar cor",
    "createNewLabel": "Criar nova etiqueta na organização \"{label}\"",
    "inviteInvalidDescription": "O link do convite é inválido.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Recursos",
    "sidebarProxyResources": "Público",
    "sidebarClientResources": "Privado",
-    "sidebarPolicies": "Políticas",
-    "sidebarResourcePolicies": "Recursos",
+    "sidebarPolicies": "Políticas Compartilhadas",
+    "sidebarResourcePolicies": "Recursos Públicos",
    "sidebarAccessControl": "Controle de Acesso",
    "sidebarLogsAndAnalytics": "Registros e Análises",
    "sidebarTeam": "Equipe",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Administrador",
    "sidebarInvitations": "Convites",
    "sidebarRoles": "Papéis",
-    "sidebarShareableLinks": "Links",
+    "sidebarShareableLinks": "Links Compartilháveis",
    "sidebarApiKeys": "Chaves API",
    "sidebarProvisioning": "Provisionamento",
    "sidebarSettings": "Configurações",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Recurso {id}",
    "blueprints": "Diagramas",
    "blueprintsLog": "Registo dos Blueprint",
-    "blueprintsDescription": "Ver aplicações de blueprint passadas e seus resultados",
+    "blueprintsDescription": "Visualizar aplicações de blueprint passadas e seus resultados ou aplicar um novo blueprint",
    "blueprintAdd": "Adicionar Diagrama",
    "blueprintGoBack": "Ver todos os Diagramas",
    "blueprintCreate": "Criar Diagrama",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Habilitar o Diagrama Docker",
    "enableDockerSocketDescription": "Ative a raspagem de etiquetas do Docker Socket para etiquetas de modelo. O caminho do Socket deve ser fornecido ao conector do site. Leia sobre como isso funciona na <docsLink>documentação</docsLink>.",
    "newtAutoUpdate": "Ativar Atualização Automática do Site",
-    "newtAutoUpdateDescription": "Quando ativado, os conectores de site atualizarão automaticamente para a versão mais recente quando uma nova versão estiver disponível.",
+    "newtAutoUpdateDescription": "Quando ativada, os conectores do site baixarão automaticamente a versão mais recente e reiniciarão por conta própria. Isto pode ser sobrescrito com base em cada site.",
    "siteAutoUpdate": "Atualização Automática do Site",
    "siteAutoUpdateLabel": "Ativar Atualização Automática",
-    "siteAutoUpdateDescription": "Controle se o conector deste site baixa automaticamente a versão mais recente.",
+    "siteAutoUpdateDescription": "Quando ativado, o conector deste site baixará automaticamente a versão mais recente e reiniciará por si mesmo.",
    "siteAutoUpdateOrgDefault": "Padrão da organização: {state}",
    "siteAutoUpdateOverriding": "Substituindo configuração da organização",
    "siteAutoUpdateResetToOrg": "Redefinir para Padrão da Organização",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Configuração da conta concluída! Bem-vindo ao Pangolin!",
    "documentation": "Documentação",
    "saveAllSettings": "Guardar Todas as Configurações",
-    "saveResourceTargets": "Guardar Alvos",
-    "saveResourceHttp": "Guardar Configurações de Proxy",
-    "saveProxyProtocol": "Salvar configurações do protocolo de proxy",
+    "saveResourceTargets": "Salvar Configurações",
+    "saveResourceHttp": "Salvar Configurações",
+    "saveProxyProtocol": "Salvar Configurações",
    "settingsUpdated": "Configurações atualizadas",
    "settingsUpdatedDescription": "Configurações atualizadas com sucesso",
    "settingsErrorUpdate": "Falha ao atualizar configurações",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Desconhecido",
    "healthCheck": "Verificação de Saúde",
    "configureHealthCheck": "Configurar Verificação de Saúde",
-    "configureHealthCheckDescription": "Configure a monitorização de saúde para {target}",
+    "configureHealthCheckDescription": "Configure a monitorização para o seu recurso para garantir que ele esteja sempre disponível",
    "enableHealthChecks": "Ativar Verificações de Saúde",
    "healthCheckDisabledStateDescription": "Quando desativado, o site não realizará verificações de saúde e o estado será considerado desconhecido.",
    "enableHealthChecksDescription": "Monitore a saúde deste alvo. Você pode monitorar um ponto de extremidade diferente do alvo, se necessário.",
    "healthScheme": "Método",
    "healthSelectScheme": "Selecione o Método",
-    "healthCheckPortInvalid": "A porta do exame de saúde deve estar entre 1 e 65535",
+    "healthCheckPortInvalid": "A porta deve estar entre 1 e 65535",
    "healthCheckPath": "Caminho",
    "healthHostname": "IP / Nome do Host",
    "healthPort": "Porta",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Exigir aprovação do dispositivo",
    "requireDeviceApprovalDescription": "Usuários com esta função precisam de novos dispositivos aprovados por um administrador antes que eles possam se conectar e acessar recursos.",
    "sshSettings": "Configurações SSH",
+    "sshAccess": "Acesso SSH",
    "rdpSettings": "Configurações RDP",
    "vncSettings": "Configurações VNC",
    "sshServer": "Servidor SSH",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Certifique-se de que seu host de destino está devidamente configurado para executar o daemon de autenticação antes de concluir esta configuração, ou o provisionamento falhará.",
    "sshDaemonPort": "Porta do Daemon",
    "sshServerDestination": "Destino do Servidor",
-    "sshServerDestinationDescription": "Configure o destino e a porta do servidor SSH",
+    "sshServerDestinationDescription": "Configure o destino do servidor SSH",
    "destination": "Destino",
+    "destinationRequired": "Destino é obrigatório.",
+    "domainRequired": "Domínio é obrigatório.",
+    "proxyPortRequired": "Porta é obrigatória.",
+    "invalidPathConfiguration": "Configuração de caminho inválida.",
+    "invalidRewritePathConfiguration": "Configuração de caminho de reescrita inválida.",
    "bgTargetMultiSiteDisclaimer": "Selecionar vários sites permite roteamento resiliente e failover para alta disponibilidade.",
    "roleAllowSsh": "Permitir SSH",
    "roleAllowSshAllow": "Autorizar",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo. Caminhos absolutos devem ser usados.",
+    "sshSudoCommandsDescription": "Lista de comandos que o usuário está autorizado a executar com sudo, separados por vírgulas, espaços ou novas linhas. Devem ser usados caminhos absolutos.",
    "sshCreateHomeDir": "Criar Diretório Inicial",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.",
+    "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino, separados por vírgulas, espaços ou novas linhas.",
+    "roleTextFieldPlaceholder": "Insira valores, ou solte um arquivo .txt ou .csv",
+    "roleTextImportTitle": "Importar de Arquivo",
+    "roleTextImportDescription": "Importando {fileName} para {fieldLabel}.",
+    "roleTextImportSkipHeader": "Pular Primeira Linha (Cabeçalho)",
+    "roleTextImportOverride": "Substituir Existente",
+    "roleTextImportAppend": "Anexar ao Existente",
+    "roleTextImportMode": "Modo de Importação",
+    "roleTextImportPreview": "Visualizar",
+    "roleTextImportItemCount": "{count, plural, =0 {Sem itens para importar} one {1 item para importar} other {# itens para importar}}",
+    "roleTextImportTotalCount": "{existing} existente + {imported} importado = {total} total",
+    "roleTextImportConfirm": "Importar",
+    "roleTextImportInvalidFile": "Tipo de arquivo não suportado",
+    "roleTextImportInvalidFileDescription": "Apenas arquivos .txt e .csv são suportados.",
+    "roleTextImportEmpty": "Nenhum item encontrado no arquivo",
+    "roleTextImportEmptyDescription": "O arquivo não contém quaisquer itens importáveis.",
    "retryAttempts": "Tentativas de Repetição",
    "expectedResponseCodes": "Códigos de Resposta Esperados",
    "expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Habilitar protocolo proxy",
    "proxyProtocolInfo": "Preservar endereços IP do cliente para backends TCP",
    "proxyProtocolVersion": "Versão do Protocolo Proxy",
-    "version1": " Versão 1 (recomendado)",
+    "version1": "Versão 1 (Recomendado)",
    "version2": "Versão 2",
-    "versionDescription": "A versão 1 é baseada em texto e amplamente suportada. A versão 2 é binária e mais eficiente, mas menos compatível.",
+    "version1Description": "Baseado em texto e amplamente suportado. Certifique-se de que o transporte dos servidores seja adicionado à configuração dinâmica.",
+    "version2Description": "Binário e mais eficiente, mas menos compatível. Certifique-se de que o transporte do servidor seja adicionado à configuração dinâmica.",
    "warning": "ATENÇÃO",
    "proxyProtocolWarning": "A aplicação de backend deve ser configurada para aceitar conexões de protocolo proxy. Se o seu backend não suporta o Protocolo de Proxy, habilitando isto quebrará todas as conexões, então só habilite isso se você souber o que está fazendo. Certifique-se de configurar seu backend para confiar nos cabeçalhos do protocolo proxy no Traefik.",
    "restarting": "Reiniciando...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Inserir confirmação",
    "blueprintViewDetails": "Detalhes",
    "defaultIdentityProvider": "Provedor de Identidade Padrão",
-    "defaultIdentityProviderDescription": "Quando um provedor de identidade padrão for selecionado, o usuário será automaticamente redirecionado para o provedor de autenticação.",
+    "defaultIdentityProviderDescription": "O usuário será redirecionado automaticamente para este provedor de identidade para autenticação.",
    "editInternalResourceDialogNetworkSettings": "Configurações de Rede",
    "editInternalResourceDialogAccessPolicy": "Política de Acesso",
    "editInternalResourceDialogAddRoles": "Adicionar Funções",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Tipo de Modo de Manutenção",
    "showMaintenancePage": "Mostrar uma página de manutenção para os visitantes",
    "enableMaintenanceMode": "Ativar Modo de Manutenção",
+    "enableMaintenanceModeDescription": "Quando ativado, os visitantes verãos uma página de manutenção em vez do seu recurso.",
    "automatic": "Automático",
    "automaticModeDescription": "Exibir página de manutenção apenas quando todos os destinos de back-end estiverem inativos ou não saudáveis. Seu recurso continua funcionando normalmente desde que pelo menos um destino esteja saudável.",
    "forced": "Forçado",
@@ -3082,6 +3182,8 @@
    "warning:": "Aviso:",
    "forcedeModeWarning": "Todo o tráfego será direcionado para a página de manutenção. Seus recursos de back-end não receberão nenhuma solicitação.",
    "pageTitle": "Título da Página",
+    "maintenancePageContentSubsection": "Conteúdo da Página",
+    "maintenancePageContentSubsectionDescription": "Personalize o conteúdo exibido na página de manutenção",
    "pageTitleDescription": "O título principal exibido na página de manutenção",
    "maintenancePageMessage": "Mensagem de Manutenção",
    "maintenancePageMessagePlaceholder": "Voltaremos em breve! Nosso site está passando por manutenção programada.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Tem certeza de que deseja desassociar este provedor de identidade desta organização?",
    "idpUnassociateDescription": "Todos os usuários associados a este provedor de identidade serão removidos desta organização, mas o provedor de identidade continuará a existir para outras organizações associadas.",
    "idpUnassociateConfirm": "Confirmar Desassociação do Provedor de Identidade",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "DELETAR E REMOVER-ME DA ORGANIZAÇÃO",
+    "idpUnassociateAndRemoveMeFromOrg": "DESASSOCIAR E REMOVER-ME DA ORGANIZAÇÃO",
    "idpUnassociateWarning": "Isso não pode ser desfeito para esta organização.",
    "idpUnassociatedDescription": "Provedor de identidade desassociado desta organização com sucesso",
    "idpUnassociateMenu": "Desassociar",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "A conectar…",
    "sshInitializing": "A iniciar…",
    "sshSignInTitle": "Entrar no SSH",
-    "sshSignInDescription": "Insira suas credenciais SSH",
+    "sshSignInDescription": "Digite suas credenciais SSH para conectar",
    "sshPasswordTab": "Palavra-passe",
    "sshPrivateKeyTab": "Chave Privada",
    "sshPrivateKeyField": "Chave Privada",
    "sshPrivateKeyDisclaimer": "Sua chave privada não é armazenada ou visível para Pangolin. Alternativamente, você pode usar certificados de curta duração para autenticação perfeita usando sua identidade Pangolin existente.",
    "sshLearnMore": "Saiba mais",
    "sshPrivateKeyFile": "Arquivo de Chave Privada",
-    "sshAuthenticate": "Autenticar",
+    "sshAuthenticate": "Conectar",
    "sshTerminate": "Terminar",
    "sshPoweredBy": "Desenvolvido por",
    "sshErrorNoTarget": "Nenhum alvo especificado",
    "sshErrorWebSocket": "Falha na conexão WebSocket",
    "sshErrorAuthFailed": "Falha na autenticação",
-    "sshErrorConnectionClosed": "Conexão encerrada antes de concluir a autenticação"
+    "sshErrorConnectionClosed": "Conexão encerrada antes de concluir a autenticação",
+    "sitePangolinSshDescription": "Permitir acesso SSH aos recursos deste site. Isso pode ser alterado mais tarde.",
+    "browserGatewayNoResourceForDomain": "Nenhum recurso encontrado para este domínio",
+    "browserGatewayNoTarget": "Sem alvo",
+    "browserGatewayConnect": "Conectar",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Falha ao assinar a chave SSH para autenticação PAM push. Você se conectou como um usuário?",
+    "sshTerminalError": "Erro: {error}",
+    "sshConnectionClosedCode": "Conexão encerrada (código {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "Chave privada é necessária",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Digite sua senha VNC para conectar",
+    "vncPasswordOptional": "Senha (opcional)",
+    "vncNoResourceTarget": "Nenhum alvo de recurso disponível",
+    "vncFailedToLoadNovnc": "Falha ao carregar noVNC",
+    "vncAuthFailedStatus": "Status {status}",
+    "vncPasteClipboard": "Colar conteúdo da área de transferência",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Conectar-se à Área de Trabalho Remota",
+    "rdpSignInDescription": "Digite as credenciais do Windows para conectar",
+    "rdpLoadingModule": "Carregando módulo...",
+    "rdpFailedToLoadModule": "Falha ao carregar módulo RDP",
+    "rdpNotReady": "Não está pronto",
+    "rdpModuleInitializing": "Módulo RDP ainda está inicializando",
+    "rdpDownloadingFiles": "Baixando {count} arquivo(s) do remoto…",
+    "rdpDownloadFailed": "Falha ao baixar: {fileName}",
+    "rdpUploaded": "Enviado: {fileName}",
+    "rdpNoConnectionTarget": "Nenhum alvo de conexão disponível",
+    "rdpConnectionFailed": "Conexão falhou",
+    "rdpFit": "Ajustar",
+    "rdpFull": "Completo",
+    "rdpReal": "Real",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Upload de arquivos",
+    "rdpFilesReadyToPaste": "Arquivos prontos para colar",
+    "rdpFilesReadyToPasteDescription": "{count} arquivo(s) copiado(s) para a área de transferência remota — pressione Ctrl+V na área de trabalho remota para colar.",
+    "rdpUploadFailed": "Falha no upload",
+    "rdpUnicodeKeyboardMode": "Modo de teclado Unicode",
+    "sessionToolbarShow": "Mostrar barra de ferramentas",
+    "sessionToolbarHide": "Ocultar barra de ferramentas"
 }
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Просмотр частных ресурсов",
    "siteInstallNewt": "Установить Newt",
    "siteInstallNewtDescription": "Запустите Newt в вашей системе",
+    "siteInstallKubernetesDocsDescription": "Для получения дополнительной информации об установке Kubernetes, см. <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>.",
+    "siteInstallAdvantechDocsDescription": "Для инструкций по установке модема Advantech, см. <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>.",
    "WgConfiguration": "Конфигурация WireGuard",
    "WgConfigurationDescription": "Используйте следующую конфигурацию для подключения к сети",
    "operatingSystem": "Операционная система",
@@ -157,7 +159,7 @@
    "shareDeleted": "Ссылка удалена",
    "shareDeletedDescription": "Ссылка была успешно удалена",
    "shareDelete": "Удалить общую ссылку",
-    "shareDeleteConfirm": "Подтвердите удаление общей ссылки",
+    "shareDeleteConfirm": "Подтвердить удаление общей ссылки",
    "shareQuestionRemove": "Вы уверены, что хотите удалить эту общую ссылку?",
    "shareMessageRemove": "После удаления ссылка перестанет работать, и все, кто ее использует, потеряют доступ к ресурсу.",
    "shareTokenDescription": "Токен доступа может быть передан двумя способами: как параметр запроса или в заголовках запроса. Они должны быть переданы от клиента по каждому запросу для аутентифицированного доступа.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Любой, у кого есть эта ссылка, может получить доступ к ресурсу",
    "shareTitleOptional": "Заголовок (необязательно)",
    "sharePathOptional": "Путь (необязательно)",
+    "sharePathDescription": "Ссылка перенаправит пользователей на этот путь после аутентификации.",
    "expireIn": "Срок действия",
    "neverExpire": "Бессрочный доступ",
    "shareExpireDescription": "Срок действия - это период, в течение которого ссылка будет работать и предоставлять доступ к ресурсу. После этого времени ссылка перестанет работать, и пользователи, использовавшие эту ссылку, потеряют доступ к ресурсу.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Пожалуйста, выберите ресурс",
    "proxyResourceTitle": "Управление публичными ресурсами",
    "proxyResourceDescription": "Создание и управление ресурсами, которые доступны через веб-браузер",
-    "publicResourcesBannerTitle": "Общедоступный доступ через веб",
-    "publicResourcesBannerDescription": "Общедоступные ресурсы - это прокси-по HTTPS или TCP/UDP, доступные любому пользователю в Интернете через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать политики доступа на основе идентификации и контекста.",
+    "publicResourcesBannerTitle": "Веб-доступ к публичным ресурсам",
+    "publicResourcesBannerDescription": "Публичные ресурсы — это HTTPS-прокси, доступные для любого пользователя Интернета через веб-браузер. В отличие от частных ресурсов, они не требуют программного обеспечения на стороне клиента и могут включать в себя политики доступа, учитывающие идентичность и контекст.",
    "clientResourceTitle": "Управление приватными ресурсами",
    "clientResourceDescription": "Создание и управление ресурсами, которые доступны только через подключенный клиент",
    "privateResourcesBannerTitle": "Частный доступ с нулевым доверием",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Поиск ресурсов...",
    "resourceAdd": "Добавить ресурс",
    "resourceErrorDelte": "Ошибка при удалении ресурса",
-    "resourcePoliciesTitle": "Управление политиками ресурсов",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Прикрепленные ресурсы",
+    "resourcePoliciesBannerTitle": "Повторное использование правил аутентификации и доступа",
+    "resourcePoliciesBannerDescription": "Политики общих ресурсов позволяют один раз определить методы аутентификации и правила доступа, а затем прикреплять их к нескольким публичным ресурсам. Когда вы обновляете политику, каждое связанное с ней наследует изменение автоматически.",
+    "resourcePoliciesBannerButtonText": "Узнать больше",
+    "resourcePoliciesTitle": "Управление политиками публичных ресурсов",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Ресурсы",
    "resourcePoliciesAttachedResources": "{count} ресурс(ов)",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# ресурс} few {# ресурса} many {# ресурсов} other {# ресурсов}}",
    "resourcePoliciesAttachedResourcesEmpty": "нет ресурсов",
-    "resourcePoliciesDescription": "Создавайте и управляйте политиками аутентификации для контроля доступа к вашим ресурсам",
+    "resourcePoliciesDescription": "Создание и управление политиками аутентификации для контроля доступа к вашим публичным ресурсам",
    "resourcePoliciesSearch": "Поиск политик...",
    "resourcePoliciesAdd": "Добавить политику",
    "resourcePoliciesDefaultBadgeText": "Политика по умолчанию",
-    "resourcePoliciesCreate": "Создать политику ресурса",
+    "resourcePoliciesCreate": "Создать политику публичного ресурса",
    "resourcePoliciesCreateDescription": "Следуйте шагам ниже, чтобы создать новую политику",
    "resourcePolicyName": "Имя политики",
    "resourcePolicyNameDescription": "Дайте этой политике имя для идентификации ее в ваших ресурсах",
@@ -274,7 +281,7 @@
    "back": "Назад",
    "cancel": "Отмена",
    "resourceConfig": "Фрагменты конфигурации",
-    "resourceConfigDescription": "Скопируйте и вставьте эти сниппеты для настройки TCP/UDP ресурса",
+    "resourceConfigDescription": "Скопируйте и вставьте эти фрагменты конфигурации для настройки ресурса TCP/UDP.",
    "resourceAddEntrypoints": "Traefik: Добавить точки входа",
    "resourceExposePorts": "Gerbil: Открыть порты в Docker Compose",
    "resourceLearnRaw": "Узнайте, как настроить TCP/UDP-ресурсы",
@@ -287,6 +294,8 @@
    "labelDelete": "Удалить метку",
    "labelAdd": "Добавить метку",
    "labelCreateSuccessMessage": "Метка успешно создана",
+    "labelDuplicateError": "Повторяющаяся метка",
+    "labelDuplicateErrorDescription": "Метка с таким именем уже существует.",
    "labelEditSuccessMessage": "Метка успешно изменена",
    "labelNameField": "Название метки",
    "labelColorField": "Цвет метки",
@@ -311,7 +320,7 @@
    "rules": "Правила",
    "resourceSettingDescription": "Настройка параметров ресурса",
    "resourceSetting": "Настройки {resourceName}",
-    "resourcePolicySettingDescription": "Настройка параметров политики ресурса",
+    "resourcePolicySettingDescription": "Настройте параметры этой политики публичного ресурса",
    "resourcePolicySetting": "Настройки {policyName}",
    "alwaysAllow": "Авторизация байпасса",
    "alwaysDeny": "Блокировать доступ",
@@ -719,7 +728,7 @@
    "targetSubmit": "Добавить цель",
    "targetNoOne": "Этот ресурс не имеет никаких целей. Добавьте цель для настройки, где отправлять запросы в бэкэнд.",
    "targetNoOneDescription": "Добавление более одной цели выше включит балансировку нагрузки.",
-    "targetsSubmit": "Сохранить цели",
+    "targetsSubmit": "Сохранить настройки",
    "addTarget": "Добавить цель",
    "proxyMultiSiteRoundRobinNodeHelp": "Роутинг с балансировкой нагрузки не будет работать между сайтами, не подключенными к одному и тому же узлу, но подмена будет работать.",
    "targetErrorInvalidIp": "Неверный IP-адрес",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Дублирующее правило",
    "rulesErrorDuplicateDescription": "Правило с такими настройками уже существует",
    "rulesErrorInvalidIpAddressRange": "Неверный CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Пожалуйста, введите корректное значение CIDR",
-    "rulesErrorInvalidUrl": "Неверный URL путь",
-    "rulesErrorInvalidUrlDescription": "Пожалуйста, введите корректное значение URL пути",
-    "rulesErrorInvalidIpAddress": "Неверный IP",
-    "rulesErrorInvalidIpAddressDescription": "Пожалуйста, введите корректный IP адрес",
+    "rulesErrorInvalidIpAddressRangeDescription": "Введите действительный диапазон CIDR (например, 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Неверный путь",
+    "rulesErrorInvalidUrlDescription": "Введите действительный URL-путь или шаблон (например, /api/*).",
+    "rulesErrorInvalidIpAddress": "Недействительный IP адрес",
+    "rulesErrorInvalidIpAddressDescription": "Введите действительный адрес IPv4 или IPv6.",
    "rulesErrorUpdate": "Не удалось обновить правила",
    "rulesErrorUpdateDescription": "Произошла ошибка при обновлении правил",
    "rulesUpdated": "Включить правила",
@@ -766,14 +775,23 @@
    "rulesMatchIpAddress": "Введите IP адрес (например, 103.21.244.12)",
    "rulesMatchUrl": "Введите URL путь или шаблон (например, /api/v1/todos или /api/v1/*)",
    "rulesErrorInvalidPriority": "Неверный приоритет",
-    "rulesErrorInvalidPriorityDescription": "Пожалуйста, введите корректный приоритет",
-    "rulesErrorDuplicatePriority": "Дублирующие приоритеты",
-    "rulesErrorDuplicatePriorityDescription": "Пожалуйста, введите уникальные приоритеты",
+    "rulesErrorInvalidPriorityDescription": "Введите целое число 1 или больше.",
+    "rulesErrorDuplicatePriority": "Повторяющиеся приоритеты",
+    "rulesErrorDuplicatePriorityDescription": "Каждое правило должно иметь уникальный номер приоритета.",
+    "rulesErrorValidation": "Неверные правила",
+    "rulesErrorValidationRuleDescription": "Правило {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Выберите действительный тип совпадения (путь, IP, CIDR, страна, регион или ASN).",
+    "rulesErrorValueRequired": "Введите значение для этого правила.",
+    "rulesErrorInvalidCountry": "Недействительная страна",
+    "rulesErrorInvalidCountryDescription": "Выберите правильную страну.",
+    "rulesErrorInvalidAsn": "Недействительный ASN",
+    "rulesErrorInvalidAsnDescription": "Введите действительный ASN (например, AS15169).",
    "ruleUpdated": "Правила обновлены",
    "ruleUpdatedDescription": "Правила успешно обновлены",
    "ruleErrorUpdate": "Операция не удалась",
    "ruleErrorUpdateDescription": "Произошла ошибка во время операции сохранения",
    "rulesPriority": "Приоритет",
+    "rulesReorderDragHandle": "Перетащите, чтобы изменить приоритет правила",
    "rulesAction": "Действие",
    "rulesMatchType": "Тип совпадения",
    "value": "Значение",
@@ -792,7 +810,7 @@
    "rulesResource": "Конфигурация правил ресурса",
    "rulesResourceDescription": "Настройка правил для контроля доступа к ресурсу",
    "ruleSubmit": "Добавить правило",
-    "rulesNoOne": "Нет правил. Добавьте правило с помощью формы.",
+    "rulesNoOne": "Пока нет правил.",
    "rulesOrder": "Правила оцениваются по приоритету в возрастающем порядке.",
    "rulesSubmit": "Сохранить правила",
    "policyErrorCreate": "Ошибка создания политики",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Произошла неожиданная ошибка",
    "policyCreatedSuccess": "Политика ресурса успешно создана",
    "policyUpdatedSuccess": "Политика ресурса успешно обновлена",
-    "authMethodsSave": "Сохранить методы аутентификации",
+    "authMethodsSave": "Сохранить настройки",
+    "policyAuthStackTitle": "Аутентификация",
+    "policyAuthStackDescription": "Контроль, какие методы аутентификации требуются для доступа к этому ресурсу",
+    "policyAuthOrLogicTitle": "Несколько методов аутентификации активны",
+    "policyAuthOrLogicBanner": "Посетители могут аутентифицироваться, используя любой из активных методов ниже. Им не нужно выполнять все.",
+    "policyAuthMethodActive": "Активно",
+    "policyAuthMethodOff": "Отключено",
+    "policyAuthSsoTitle": "Платформа SSO",
+    "policyAuthSsoDescription": "Требуется войти через поставщика удостоверений вашей организации",
+    "policyAuthSsoSummary": "{idp} · {users} пользователей, {roles} ролей",
+    "policyAuthSsoDefaultIdp": "Поставщик по умолчанию",
+    "policyAuthAddDefaultIdentityProvider": "Добавить поставщика удостоверений по умолчанию",
+    "policyAuthOtherMethodsTitle": "Другие методы",
+    "policyAuthOtherMethodsDescription": "Дополнительные методы, которые посетители могут использовать вместо или вместе с платформой SSO",
+    "policyAuthPasscodeTitle": "Пароль",
+    "policyAuthPasscodeDescription": "Требуется общий буквенно-цифровой пароль для доступа к ресурсу",
+    "policyAuthPasscodeSummary": "Пароль установлен",
+    "policyAuthPincodeTitle": "ПИН-код",
+    "policyAuthPincodeDescription": "Краткий числовой код, необходимый для доступа к ресурсу",
+    "policyAuthPincodeSummary": "Установлен 6-значный PIN-код",
+    "policyAuthEmailTitle": "Белый список email",
+    "policyAuthEmailDescription": "Разрешить перечисленные email-адреса с одноразовыми паролями",
+    "policyAuthEmailSummary": "Разрешено адресов: {count}",
+    "policyAuthEmailOtpCallout": "Включение белого списка email отправляет одноразовый пароль на email посетителя при входе.",
+    "policyAuthHeaderAuthTitle": "Базовая аутентификация заголовка",
+    "policyAuthHeaderAuthDescription": "Проверка пользовательского имени и значения HTTP-заголовка для каждого запроса",
+    "policyAuthHeaderAuthSummary": "Заголовок настроен",
+    "policyAuthHeaderName": "Имя заголовка",
+    "policyAuthHeaderValue": "Ожидаемое значение",
+    "policyAuthSetPasscode": "Установить пароль",
+    "policyAuthSetPincode": "Установить ПИН-код",
+    "policyAuthSetEmailWhitelist": "Установить белый список email",
+    "policyAuthSetHeaderAuth": "Установить базовую аутентификацию заголовка",
+    "policyAccessRulesTitle": "Правила доступа",
+    "policyAccessRulesEnableDescription": "При включении правила оцениваются в порядке убывания до тех пор, пока одно из них не оценивается как истинное.",
+    "policyAccessRulesFirstMatch": "Правила оцениваются сверху вниз. Первое совпадающее правило определяет результат.",
+    "policyAccessRulesHowItWorks": "Правила сопоставляют запросы по пути, IP-адресу, местоположению или другим критериям. Каждое правило применяет действие: обойти аутентификацию, заблокировать доступ или передать для аутентификации. Если правило не подписано, трафик продолжается для аутентификации.",
+    "policyAccessRulesFallthroughOff": "Когда правила отключены, весь трафик проходит для аутентификации.",
+    "policyAccessRulesFallthroughOn": "Когда правило не совпадает, трафик проходит для аутентификации.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Сохранить правила",
    "resourceErrorCreate": "Ошибка при создании ресурса",
    "resourceErrorCreateDescription": "Произошла ошибка при создании ресурса",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Администраторы всегда имеют доступ к этому ресурсу.",
    "resourcePolicySelectTitle": "Политика доступа к ресурсам",
    "resourcePolicySelectDescription": "Выберите тип политики ресурса для аутентификации",
+    "resourcePolicyTypeLabel": "Тип политики",
+    "resourcePolicyLabel": "Политика ресурса",
    "resourcePolicyInline": "Политика ресурса на месте",
    "resourcePolicyInlineDescription": "Политика доступа ограничена только этим ресурсом",
    "resourcePolicyShared": "Общая политика ресурса",
-    "resourcePolicySharedDescription": "Этот ресурс использует общую политику. Настройки уровня политики (методы аутентификации, список разрешенных email) заблокированы. Вы можете добавить правила, роли и пользователей, специфичные для ресурса, ниже.",
+    "resourcePolicySharedDescription": "Этот ресурс использует общую политику.",
+    "sharedPolicy": "Общая политика",
+    "sharedPolicyNoneDescription": "У этого ресурса есть своя политика.",
+    "resourceSharedPolicyOwnDescription": "У этого ресурса есть собственные средства управления аутентификацией и правилами доступа.",
+    "resourceSharedPolicyInheritedDescription": "Этот ресурс наследует от <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyAuthenticationNotice": "Этот ресурс использует общую политику. Некоторые настройки аутентификации можно изменить в этом ресурсе, чтобы добавить их в политику. Чтобы изменить основную политику, отредактируйте <policyLink>{policyName}</policyLink>.",
+    "resourceSharedPolicyRulesNotice": "Этот ресурс использует общую политику. Некоторые правила доступа могут быть отредактированы для этого ресурса. Чтобы изменить основную политику, вы должны отредактировать <policyLink>{policyName}</policyLink>.",
    "resourceUsersRoles": "Контроль доступа",
    "resourceUsersRolesDescription": "Выберите пользователей и роли с доступом к этому ресурсу",
    "resourceUsersRolesSubmit": "Сохранить контроль доступа",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Видимость",
    "resourceVisibilityTitleDescription": "Включите или отключите видимость ресурса",
    "resourceGeneral": "Общие настройки",
-    "resourceGeneralDescription": "Настройте общие параметры этого ресурса",
+    "resourceGeneralDescription": "Настройте имя, адрес и политику доступа для этого ресурса.",
+    "resourceGeneralDetailsSubsection": "Детали ресурса",
+    "resourceGeneralDetailsSubsectionDescription": "Установите отображаемое имя, идентификатор и публично доступный домен для этого ресурса.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Установите отображаемое имя, идентификатор и публичный порт для этого ресурса.",
+    "resourceGeneralPublicAddressSubsection": "Публичный адрес",
+    "resourceGeneralPublicAddressSubsectionDescription": "Настройте, как пользователи будут получать доступ к этому ресурсу.",
+    "resourceGeneralAuthenticationAccessSubsection": "Аутентификация и доступ",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Выберите, будет ли этот ресурс использовать собственную политику или наследовать от общей политики.",
    "resourceEnable": "Ресурс активен",
    "resourceTransfer": "Перенести ресурс",
    "resourceTransferDescription": "Перенесите этот ресурс на другой сайт",
@@ -1220,11 +1294,14 @@
    "addLabels": "Добавить метки",
    "siteLabelsTab": "Метки",
    "siteLabelsDescription": "Управляйте метками, связанными с этим сайтом.",
-    "labelsNotFound": "Метки не найдены",
+    "labelsNotFound": "Метки не найдены.",
+    "labelsEmptyCreateHint": "Начните печатать выше, чтобы создать метку.",
    "labelSearch": "Поиск меток",
+    "labelSearchOrCreate": "Найти или создать метку",
    "accessLabelFilterCount": "{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
    "labelOverflowCount": "+{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
    "accessLabelFilterClear": "Очистить фильтры меток",
+    "accessFilterClear": "Очистить фильтры",
    "selectColor": "Выберите цвет",
    "createNewLabel": "Создать новую метку организации \"{label}\"",
    "inviteInvalidDescription": "Ссылка на приглашение недействительна.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Ресурсы",
    "sidebarProxyResources": "Публичный",
    "sidebarClientResources": "Приватный",
-    "sidebarPolicies": "Политики",
-    "sidebarResourcePolicies": "Ресурсы",
+    "sidebarPolicies": "Общие политики",
+    "sidebarResourcePolicies": "Публичные ресурсы",
    "sidebarAccessControl": "Контроль доступа",
    "sidebarLogsAndAnalytics": "Журналы и аналитика",
    "sidebarTeam": "Команда",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Админ",
    "sidebarInvitations": "Приглашения",
    "sidebarRoles": "Роли",
-    "sidebarShareableLinks": "Ссылки",
+    "sidebarShareableLinks": "Общие ссылки",
    "sidebarApiKeys": "API ключи",
    "sidebarProvisioning": "Подготовка",
    "sidebarSettings": "Настройки",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Ресурс {id}",
    "blueprints": "Чертежи",
    "blueprintsLog": "Журнал чертежей",
-    "blueprintsDescription": "Просмотр прошлых применений чертежа и их результатов",
+    "blueprintsDescription": "Просмотреть предыдущие приложения с чертежами и их результаты или применить новый чертеж",
    "blueprintAdd": "Добавить чертёж",
    "blueprintGoBack": "Посмотреть все чертежи",
    "blueprintCreate": "Создать чертёж",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Включить чертёж Docker",
    "enableDockerSocketDescription": "Включить сбор меток Docker Socket для чертежей. Путь сокета должен быть предоставлен подключателю сайта. Прочтите о том, как это работает, в <docsLink>документации</docsLink>.",
    "newtAutoUpdate": "Включить автообновление сайта",
-    "newtAutoUpdateDescription": "При включении, коннекторы сайта будут автоматически обновляться до последней версии, когда доступен новый выпуск.",
+    "newtAutoUpdateDescription": "При включении разъемы сайта автоматически загрузят последнюю версию и перезапустятся. Это можно переопределить на уровне каждого сайта.",
    "siteAutoUpdate": "Автообновление сайта",
    "siteAutoUpdateLabel": "Включить автообновление",
-    "siteAutoUpdateDescription": "Контролировать, будет ли коннектор этого сайта автоматически загружать последнюю версию.",
+    "siteAutoUpdateDescription": "При включении разъем этого сайта автоматически скачает последнюю версию и перезапустится.",
    "siteAutoUpdateOrgDefault": "Значение по умолчанию для организации: {state}",
    "siteAutoUpdateOverriding": "Переопределение настройки организации",
    "siteAutoUpdateResetToOrg": "Сброс до значения по умолчанию для организации",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Настройка аккаунта завершена! Добро пожаловать в Pangolin!",
    "documentation": "Документация",
    "saveAllSettings": "Сохранить все настройки",
-    "saveResourceTargets": "Сохранить цели",
-    "saveResourceHttp": "Сохранить настройки прокси",
-    "saveProxyProtocol": "Сохранить настройки прокси-протокола",
+    "saveResourceTargets": "Сохранить настройки",
+    "saveResourceHttp": "Сохранить настройки",
+    "saveProxyProtocol": "Сохранить настройки",
    "settingsUpdated": "Настройки обновлены",
    "settingsUpdatedDescription": "Настройки успешно обновлены",
    "settingsErrorUpdate": "Не удалось обновить настройки",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Неизвестно",
    "healthCheck": "Проверка здоровья",
    "configureHealthCheck": "Настроить проверку здоровья",
-    "configureHealthCheckDescription": "Настройте мониторинг состояния для {target}",
+    "configureHealthCheckDescription": "Настройте мониторинг вашего ресурса, чтобы обеспечить его постоянную доступность",
    "enableHealthChecks": "Включить проверки здоровья",
    "healthCheckDisabledStateDescription": "Когда отключен, сайт не будет выполнять проверки состояния и состояние будет считаться неизвестным.",
    "enableHealthChecksDescription": "Мониторинг здоровья этой цели. При необходимости можно контролировать другую конечную точку.",
    "healthScheme": "Метод",
    "healthSelectScheme": "Выберите метод",
-    "healthCheckPortInvalid": "Порт проверки здоровья должен быть от 1 до 65535",
+    "healthCheckPortInvalid": "Порт должен быть в диапазоне от 1 до 65535",
    "healthCheckPath": "Путь",
    "healthHostname": "IP / хост",
    "healthPort": "Порт",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Требовать подтверждения устройства",
    "requireDeviceApprovalDescription": "Пользователям с этой ролью нужны новые устройства, одобренные администратором, прежде чем они смогут подключаться и получать доступ к ресурсам.",
    "sshSettings": "Настройки SSH",
+    "sshAccess": "Доступ по SSH",
    "rdpSettings": "Настройки RDP",
    "vncSettings": "Настройки VNC",
    "sshServer": "SSH сервер",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Убедитесь, что целевой хост правильно настроен для запуска демона аутентификации перед завершением этой настройки, иначе предоставление не удастся.",
    "sshDaemonPort": "Порт демона",
    "sshServerDestination": "Пункт назначения сервера",
-    "sshServerDestinationDescription": "Настройте пункт назначения и порт SSH-сервера",
+    "sshServerDestinationDescription": "Настройте адрес сервера SSH",
    "destination": "Пункт назначения",
+    "destinationRequired": "Требуется указание пункта назначения.",
+    "domainRequired": "Требуется домен.",
+    "proxyPortRequired": "Требуется порт.",
+    "invalidPathConfiguration": "Недействительная конфигурация пути.",
+    "invalidRewritePathConfiguration": "Недействительная конфигурация пути переписывания.",
    "bgTargetMultiSiteDisclaimer": "Выбор нескольких сайтов включает в себя устойчивую маршрутизацию и автоматический отказ для обеспечения высокой доступности.",
    "roleAllowSsh": "Разрешить SSH",
    "roleAllowSshAllow": "Разрешить",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.",
    "sshSudo": "Разрешить sudo",
    "sshSudoCommands": "Sudo Команды",
-    "sshSudoCommandsDescription": "Список команд, которые пользователь может выполнять с sudo, через запятую. Должны использоваться абсолютные пути.",
+    "sshSudoCommandsDescription": "Список команд, которые пользователь может запускать с sudo, разделенный запятыми, пробелами или новыми строками. Должны использоваться абсолютные пути.",
    "sshCreateHomeDir": "Создать домашний каталог",
    "sshUnixGroups": "Unix группы",
-    "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.",
+    "sshUnixGroupsDescription": "Группы Unix, к которым пользователь добавляется на целевом хосте, разделяются запятыми, пробелами или новыми строками.",
+    "roleTextFieldPlaceholder": "Введите значения или перетащите файл .txt или .csv",
+    "roleTextImportTitle": "Импорт из файла",
+    "roleTextImportDescription": "Импортирую {fileName} в {fieldLabel}.",
+    "roleTextImportSkipHeader": "Пропустить первую строку (заголовок)",
+    "roleTextImportOverride": "Заменить существующее",
+    "roleTextImportAppend": "Добавить к существующему",
+    "roleTextImportMode": "Режим импорта",
+    "roleTextImportPreview": "Предпросмотр",
+    "roleTextImportItemCount": "{count, plural, =0 {Нет элементов для импорта} one {# элемент для импорта} few {# элемента для импорта} many {# элементов для импорта} other {# элементов для импорта}}",
+    "roleTextImportTotalCount": "{existing} существующих + {imported} импортированных = {total} всего",
+    "roleTextImportConfirm": "Импортировать",
+    "roleTextImportInvalidFile": "Неподдерживаемый тип файла",
+    "roleTextImportInvalidFileDescription": "Поддерживаются только файлы .txt и .csv.",
+    "roleTextImportEmpty": "Элементы в файле не найдены",
+    "roleTextImportEmptyDescription": "Файл не содержит элементов, которые можно импортировать.",
    "retryAttempts": "Количество попыток повторного запроса",
    "expectedResponseCodes": "Ожидаемые коды ответов",
    "expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Включить Прокси Протокол",
    "proxyProtocolInfo": "Сохранять IP-адреса клиента для backend'ов TCP",
    "proxyProtocolVersion": "Версия протокола прокси",
-    "version1": " Версия 1 (рекомендуется)",
+    "version1": "Версия 1 (рекомендуется)",
    "version2": "Версия 2",
-    "versionDescription": "Версия 1 основана на тексте и широко поддерживается. Версия 2 является бинарной и более эффективной, но менее совместимой.",
+    "version1Description": "Основано на тексте и широко поддерживается. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
+    "version2Description": "Бинарная и более эффективная, но менее совместимая. Убедитесь, что транспорт сервера добавлен в динамическую конфигурацию.",
    "warning": "Предупреждение",
    "proxyProtocolWarning": "Бэкэнд приложение должно быть настроено на принятие соединений прокси-протокола. Если ваш бэкэнд не поддерживает Прокси-протокол, то включение этой опции прервет все подключения, поэтому включите это только если вы знаете, что вы делаете. Обязательно настройте вашего бэкэнда на доверие заголовкам Proxy Protocol от Traefik.",
    "restarting": "Перезапуск...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Введите подтверждение",
    "blueprintViewDetails": "Подробности",
    "defaultIdentityProvider": "Поставщик удостоверений по умолчанию",
-    "defaultIdentityProviderDescription": "Когда выбран поставщик идентификации по умолчанию, пользователь будет автоматически перенаправлен на провайдер для аутентификации.",
+    "defaultIdentityProviderDescription": "Пользователь будет автоматически перенаправлен к этому поставщику удостоверений для аутентификации.",
    "editInternalResourceDialogNetworkSettings": "Настройки сети",
    "editInternalResourceDialogAccessPolicy": "Политика доступа",
    "editInternalResourceDialogAddRoles": "Добавить роли",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Тип режима обслуживания",
    "showMaintenancePage": "Показать страницу обслуживания посетителям",
    "enableMaintenanceMode": "Включить режим обслуживания",
+    "enableMaintenanceModeDescription": "Когда включено, посетители увидят страницу обслуживания вместо вашего ресурса.",
    "automatic": "Автоматический",
    "automaticModeDescription": "Показывать страницу обслуживания только когда все цели бэкэнда недоступны или неисправны. Ваш ресурс продолжит работать нормально, пока хотя бы одна цель здорова.",
    "forced": "Принудительно",
@@ -3082,6 +3182,8 @@
    "warning:": "Предупреждение:",
    "forcedeModeWarning": "Весь трафик будет направлен на страницу обслуживания. Ваши бекэнд ресурсы не будут получать никакие запросы.",
    "pageTitle": "Заголовок страницы",
+    "maintenancePageContentSubsection": "Содержимое страницы",
+    "maintenancePageContentSubsectionDescription": "Настройте содержимое, отображаемое на странице обслуживания",
    "pageTitleDescription": "Основной заголовок, отображаемый на странице обслуживания",
    "maintenancePageMessage": "Сообщение об обслуживании",
    "maintenancePageMessagePlaceholder": "Мы скоро вернемся! Наш сайт в настоящее время проходит плановое техническое обслуживание.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Вы уверены, что хотите рассоединить этого поставщика удостоверений с этой организацией?",
    "idpUnassociateDescription": "Все пользователи, связанные с этим поставщиком удостоверений, будут удалены из этой организации, но поставщик удостоверений будет продолжать существовать для других связанных организаций.",
    "idpUnassociateConfirm": "Подтвердите рассоединение поставщика удостоверений",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "УДАЛИТЬ И ИЗВЛЕЧЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
+    "idpUnassociateAndRemoveMeFromOrg": "РАЗОРВАТЬ СВЯЗЬ И УДАЛИТЬ МЕНЯ ИЗ ОРГАНИЗАЦИИ",
    "idpUnassociateWarning": "Это не может быть отменено для этой организации.",
    "idpUnassociatedDescription": "Поставщик удостоверений успешно рассоединен с этой организацией",
    "idpUnassociateMenu": "Рассоединить",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Подключение…",
    "sshInitializing": "Инициализация…",
    "sshSignInTitle": "Вход в SSH",
-    "sshSignInDescription": "Введите свои учетные данные SSH",
+    "sshSignInDescription": "Введите свои учетные данные SSH для подключения",
    "sshPasswordTab": "Пароль",
    "sshPrivateKeyTab": "Закрытый ключ",
    "sshPrivateKeyField": "Закрытый ключ",
    "sshPrivateKeyDisclaimer": "Ваш закрытый ключ не хранится и не виден для Pangolin. Вместо этого вы можете использовать краткосрочные сертификаты для бесшовной аутентификации с использованием вашей текущей идентификации Pangolin.",
    "sshLearnMore": "Узнать больше",
    "sshPrivateKeyFile": "Файл закрытого ключа",
-    "sshAuthenticate": "Аутентификация",
+    "sshAuthenticate": "Подключиться",
    "sshTerminate": "Завершить",
    "sshPoweredBy": "Разработано",
    "sshErrorNoTarget": "Цель не указана",
    "sshErrorWebSocket": "Подключение WebSocket не удалось",
    "sshErrorAuthFailed": "Ошибка аутентификации",
-    "sshErrorConnectionClosed": "Подключение закрыто до завершения аутентификации"
+    "sshErrorConnectionClosed": "Подключение закрыто до завершения аутентификации",
+    "sitePangolinSshDescription": "Разрешить доступ по SSH к ресурсам на этом сайте. Это можно изменить позже.",
+    "browserGatewayNoResourceForDomain": "Ресурс для этого домена не найден",
+    "browserGatewayNoTarget": "Нет цели",
+    "browserGatewayConnect": "Подключиться",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "Не удалось подписать ключ SSH для аутентификации через PAM push. Проверьте, вошли ли вы как пользователь?",
+    "sshTerminalError": "Ошибка: {error}",
+    "sshConnectionClosedCode": "Соединение закрыто (код {code})",
+    "sshPrivateKeyPlaceholder": "-----НАЧАЛО ЛИЧНОГО КЛЮЧА OPENSSH-----",
+    "sshPrivateKeyRequired": "Требуется личный ключ",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Введите пароль VNC для подключения",
+    "vncPasswordOptional": "Пароль (необязательно)",
+    "vncNoResourceTarget": "Отсутствует целевой ресурс",
+    "vncFailedToLoadNovnc": "Не удалось загрузить noVNC",
+    "vncAuthFailedStatus": "Статус {status}",
+    "vncPasteClipboard": "Вставить из буфера обмена",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Вход в удаленный рабочий стол",
+    "rdpSignInDescription": "Введите учетные данные Windows для подключения",
+    "rdpLoadingModule": "Загрузка модуля...",
+    "rdpFailedToLoadModule": "Не удалось загрузить модуль RDP",
+    "rdpNotReady": "Не готово",
+    "rdpModuleInitializing": "Модуль RDP все еще инициализируется",
+    "rdpDownloadingFiles": "Загрузка {count} файлов с удалённого сервера…",
+    "rdpDownloadFailed": "Ошибка загрузки: {fileName}",
+    "rdpUploaded": "Загружено: {fileName}",
+    "rdpNoConnectionTarget": "Доступная цель подключения отсутствует",
+    "rdpConnectionFailed": "Ошибка соединения",
+    "rdpFit": "Подгонка",
+    "rdpFull": "Полный",
+    "rdpReal": "Настоящий",
+    "rdpMeta": "Метаданные",
+    "rdpUploadFiles": "Загрузить файлы",
+    "rdpFilesReadyToPaste": "Файлы готовы к вставке",
+    "rdpFilesReadyToPasteDescription": "{count, plural, one {# файл скопирован в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} few {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} many {# файлов скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.} other {# файла скопированы в удалённый буфер обмена — нажмите Ctrl+V на удалённом рабочем столе, чтобы вставить.}}",
+    "rdpUploadFailed": "Ошибка загрузки",
+    "rdpUnicodeKeyboardMode": "Режим клавиатуры Unicode",
+    "sessionToolbarShow": "Показать панель инструментов",
+    "sessionToolbarHide": "Скрыть панель инструментов"
 }
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "Özel Kaynakları Görüntüle",
    "siteInstallNewt": "Newt Yükle",
    "siteInstallNewtDescription": "Newt'i sisteminizde çalıştırma",
+    "siteInstallKubernetesDocsDescription": "Daha fazla ve güncel Kubernetes kurulum bilgileri için <docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink> adresini inceleyin.",
+    "siteInstallAdvantechDocsDescription": "Advantech modem kurulum talimatları için <docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink> adresini inceleyin.",
    "WgConfiguration": "WireGuard Yapılandırması",
    "WgConfigurationDescription": "Ağınıza bağlanmak için aşağıdaki yapılandırmayı kullanın",
    "operatingSystem": "İşletim Sistemi",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "Yalnızca bir kez görebileceksiniz. Güvenli bir yere kopyaladığınızdan emin olun.",
    "siteInfo": "Site Bilgilendirmesi",
    "status": "Durum",
-    "shareTitle": "Paylaşım Bağlantılarını Yönet",
+    "shareTitle": "Paylaşılabilir Bağlantıları Yönet",
    "shareDescription": "Kaynaklarınıza geçici veya kalıcı erişim sağlamak için paylaşılabilir bağlantılar oluşturun",
-    "shareSearch": "Paylaşım bağlantılarını ara...",
-    "shareCreate": "Paylaşım Bağlantısı Oluştur",
+    "shareSearch": "Paylaşılabilir bağlantıları ara...",
+    "shareCreate": "Paylaşılabilir Bağlantı Oluştur",
    "shareErrorDelete": "Bağlantı silinirken hata oluştu",
    "shareErrorDeleteMessage": "Bağlantı silinirken bir hata oluştu",
    "shareDeleted": "Bağlantı silindi",
    "shareDeletedDescription": "Bağlantı silindi",
-    "shareDelete": "Paylaşım Bağlantısını Sil",
-    "shareDeleteConfirm": "Paylaşım Bağlantısının Silinmesini Onayla",
+    "shareDelete": "Paylaşılabilir Bağlantıyı Sil",
+    "shareDeleteConfirm": "Paylaşılabilir Bağlantıyı Silmeyi Onayla",
    "shareQuestionRemove": "Bu paylaşım bağlantısını silmek istediğinizden emin misiniz?",
    "shareMessageRemove": "Silindikten sonra, bağlantı artık çalışmayacak ve kullanan herkes kaynağa erişimini kaybedecek.",
    "shareTokenDescription": "Erişim jetonunuz iki şekilde iletilebilir: sorgu parametresi olarak veya istek başlıklarında. Kimlik doğrulanmış erişim için her istekten müşteri tarafından iletilmelidir.",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "Bu bağlantıya sahip olan herkes kaynağa erişebilir",
    "shareTitleOptional": "Başlık (isteğe bağlı)",
    "sharePathOptional": "Yol (isteğe bağlı)",
+    "sharePathDescription": "Bağlantıdan sonra kullanıcıları bu yola yönlendirecek bağlantıyı tanımlayın.",
    "expireIn": "Süresi Dolacak",
    "neverExpire": "Hiçbir Zaman Sona Ermez",
    "shareExpireDescription": "Son kullanma süresi, bağlantının kullanılabilir ve kaynağa erişim sağlayacak süresidir. Bu süreden sonra bağlantı çalışmayı durduracak ve bu bağlantıyı kullanan kullanıcılar kaynağa erişimini kaybedecektir.",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "Lütfen bir kaynak seçin",
    "proxyResourceTitle": "Herkese Açık Kaynakları Yönet",
    "proxyResourceDescription": "Bir web tarayıcısı aracılığıyla kamuya açık kaynaklar oluşturun ve yönetin",
-    "publicResourcesBannerTitle": "Web Tabanlı Genel Erişim",
-    "publicResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla herkesin internette erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine, istemci tarafı yazılıma ihtiyaç duymazlar ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
+    "publicResourcesBannerTitle": "Web tabanlı Açık Erişim",
+    "publicResourcesBannerDescription": "Genel kaynaklar, web tarayıcısı aracılığıyla internette herkesin erişebileceği HTTPS veya TCP/UDP proxy'leridir. Özel kaynakların aksine istemci tarafı yazılım gerektirmezler ve kimlik ve bağlam farkındalığı erişim politikalarını içerebilirler.",
    "clientResourceTitle": "Özel Kaynakları Yönet",
    "clientResourceDescription": "Sadece bağlı bir istemci aracılığıyla erişilebilen kaynakları oluşturun ve yönetin",
    "privateResourcesBannerTitle": "Sıfır Güven Özel Erişim",
@@ -209,15 +212,19 @@
    "resourcesSearch": "Kaynakları ara...",
    "resourceAdd": "Kaynak Ekle",
    "resourceErrorDelte": "Kaynak silinirken hata",
-    "resourcePoliciesTitle": "Kaynak Politikalarını Yönet",
-    "resourcePoliciesAttachedResourcesColumnTitle": "Ekteki kaynaklar",
+    "resourcePoliciesBannerTitle": "Kimlik Doğrulama ve Erişim Kurallarını Yeniden Kullan",
+    "resourcePoliciesBannerDescription": "Paylaşılan kaynak politikaları, kimlik doğrulama yöntemlerini ve erişim kurallarını bir kez tanımlamanıza ve ardından bunları birden fazla genel kaynağa bağlamanıza olanak tanır. Bir politikayı güncellediğinizde, bağlı her kaynak değişikliği otomatik olarak devralır.",
+    "resourcePoliciesBannerButtonText": "Daha fazla bilgi",
+    "resourcePoliciesTitle": "Herkese Açık Kaynak Politikalarını Yönetin",
+    "resourcePoliciesAttachedResourcesColumnTitle": "Kaynaklar",
    "resourcePoliciesAttachedResources": "{count} kaynak",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, one {# kaynak} other {# kaynaklar}}",
    "resourcePoliciesAttachedResourcesEmpty": "hiçbir kaynak",
-    "resourcePoliciesDescription": "Kaynaklarınıza erişimi kontrol etmek için kimlik doğrulama politikaları oluşturun ve yönetin",
+    "resourcePoliciesDescription": "Genel kaynaklarınıza erişimi kontrol etmek için kimlik doğrulama politikalarını oluşturun ve yönetin",
    "resourcePoliciesSearch": "Politikaları ara...",
    "resourcePoliciesAdd": "Politika Ekle",
    "resourcePoliciesDefaultBadgeText": "Varsayılan politika",
-    "resourcePoliciesCreate": "Kaynak Politikası Oluştur",
+    "resourcePoliciesCreate": "Genel Kaynak Politikası Oluştur",
    "resourcePoliciesCreateDescription": "Yeni bir politika oluşturmak için aşağıdaki adımları izleyin",
    "resourcePolicyName": "Politika Adı",
    "resourcePolicyNameDescription": "Bu politikaya kaynaklarınız arasında kolayca tanımlayabilmek için bir ad verin",
@@ -274,7 +281,7 @@
    "back": "Geri",
    "cancel": "İptal",
    "resourceConfig": "Yapılandırma Parçaları",
-    "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın",
+    "resourceConfigDescription": "TCP/UDP kaynağınızı kurmak için bu yapılandırma parçalarını kopyalayıp yapıştırın.",
    "resourceAddEntrypoints": "Traefik: Başlangıç Noktaları Ekleyin",
    "resourceExposePorts": "Gerbil: Docker Compose'da Portları Açın",
    "resourceLearnRaw": "TCP/UDP kaynaklarını nasıl yapılandıracağınızı öğrenin",
@@ -287,6 +294,8 @@
    "labelDelete": "Etiketi Sil",
    "labelAdd": "Etiket Ekle",
    "labelCreateSuccessMessage": "Etiket Başarıyla Oluşturuldu",
+    "labelDuplicateError": "Yinelenen Etiket",
+    "labelDuplicateErrorDescription": "Bu isimle bir etiket zaten var.",
    "labelEditSuccessMessage": "Etiket Başarıyla Değiştirildi",
    "labelNameField": "Etiket Adı",
    "labelColorField": "Etiket Rengi",
@@ -311,7 +320,7 @@
    "rules": "Kurallar",
    "resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın",
    "resourceSetting": "{resourceName} Ayarları",
-    "resourcePolicySettingDescription": "Kaynak politikası üzerindeki ayarları yapılandır",
+    "resourcePolicySettingDescription": "Bu açık kaynak politikasının ayarlarını yapılandırın",
    "resourcePolicySetting": "{policyName} Ayarları",
    "alwaysAllow": "Kimlik Doğrulamayı Atla",
    "alwaysDeny": "Erişimi Engelle",
@@ -719,7 +728,7 @@
    "targetSubmit": "Hedef Ekle",
    "targetNoOne": "Bu kaynağın hedefleri yok. Arka uca gönderilecek istekleri yapılandırmak için bir hedef ekleyin.",
    "targetNoOneDescription": "Yukarıdaki birden fazla hedef ekleyerek yük dengeleme etkinleştirilecektir.",
-    "targetsSubmit": "Hedefleri Kaydet",
+    "targetsSubmit": "Ayarları Kaydet",
    "addTarget": "Hedef Ekle",
    "proxyMultiSiteRoundRobinNodeHelp": "Round robin yönlendirme, aynı düğüme bağlı olmayan siteler arasında çalışmayacaktır, ancak failover çalışacaktır.",
    "targetErrorInvalidIp": "Geçersiz IP adresi",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "Yinelenen kural",
    "rulesErrorDuplicateDescription": "Bu ayarlara sahip bir kural zaten mevcut",
    "rulesErrorInvalidIpAddressRange": "Geçersiz CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "Lütfen geçerli bir CIDR değeri girin",
-    "rulesErrorInvalidUrl": "Geçersiz URL yolu",
-    "rulesErrorInvalidUrlDescription": "Lütfen geçerli bir URL yolu değeri girin",
-    "rulesErrorInvalidIpAddress": "Geçersiz IP",
-    "rulesErrorInvalidIpAddressDescription": "Lütfen geçerli bir IP adresi girin",
+    "rulesErrorInvalidIpAddressRangeDescription": "Geçerli bir CIDR aralığı girin (örneğin, 10.0.0.0/8).",
+    "rulesErrorInvalidUrl": "Geçersiz yol",
+    "rulesErrorInvalidUrlDescription": "Geçerli bir URL yolu veya deseni girin (örneğin, /api/*).",
+    "rulesErrorInvalidIpAddress": "Geçersiz IP adresi",
+    "rulesErrorInvalidIpAddressDescription": "Geçerli bir IPv4 veya IPv6 adresi girin.",
    "rulesErrorUpdate": "Kurallar güncellenemedi",
    "rulesErrorUpdateDescription": "Kurallar güncellenirken bir hata oluştu",
    "rulesUpdated": "Kuralları Etkinleştir",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "CIDR formatında bir adres girin (örneğin, 103.21.244.0/22)",
    "rulesMatchIpAddress": "Bir IP adresi girin (örneğin, 103.21.244.12)",
    "rulesMatchUrl": "Bir URL yolu veya deseni girin (örneğin, /api/v1/todos veya /api/v1/*)",
-    "rulesErrorInvalidPriority": "Geçersiz Öncelik",
-    "rulesErrorInvalidPriorityDescription": "Lütfen geçerli bir öncelik girin",
-    "rulesErrorDuplicatePriority": "Yinelenen Öncelikler",
-    "rulesErrorDuplicatePriorityDescription": "Lütfen benzersiz öncelikler girin",
+    "rulesErrorInvalidPriority": "Geçersiz öncelik",
+    "rulesErrorInvalidPriorityDescription": "1 veya daha büyük bir tamsayı girin.",
+    "rulesErrorDuplicatePriority": "Yinelenen öncelikler",
+    "rulesErrorDuplicatePriorityDescription": "Her kuralın benzersiz bir öncelik numarası olmalıdır.",
+    "rulesErrorValidation": "Geçersiz kurallar",
+    "rulesErrorValidationRuleDescription": "Kural {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "Geçerli bir eşleşme türünü seçin (yol, IP, CIDR, ülke, bölge veya ASN).",
+    "rulesErrorValueRequired": "Bu kural için bir değer girin.",
+    "rulesErrorInvalidCountry": "Geçersiz ülke",
+    "rulesErrorInvalidCountryDescription": "Geçerli bir ülke seçin.",
+    "rulesErrorInvalidAsn": "Geçersiz ASN",
+    "rulesErrorInvalidAsnDescription": "Geçerli bir ASN girin (örneğin, AS15169).",
    "ruleUpdated": "Kurallar güncellendi",
    "ruleUpdatedDescription": "Kurallar başarıyla güncellendi",
    "ruleErrorUpdate": "Operasyon başarısız oldu",
    "ruleErrorUpdateDescription": "Kaydetme operasyonu sırasında bir hata oluştu",
    "rulesPriority": "Öncelik",
+    "rulesReorderDragHandle": "Kural önceliğini yeniden sıralamak için sürükleyin",
    "rulesAction": "Aksiyon",
    "rulesMatchType": "Eşleşme Türü",
    "value": "Değer",
@@ -792,7 +810,7 @@
    "rulesResource": "Kaynak Kuralları Yapılandırması",
    "rulesResourceDescription": "Kaynağa erişimi kontrol etmek için kuralları yapılandırın",
    "ruleSubmit": "Kural Ekle",
-    "rulesNoOne": "Kural yok. Formu kullanarak bir kural ekleyin.",
+    "rulesNoOne": "Henüz kural yok.",
    "rulesOrder": "Kurallar, artan öncelik sırasına göre değerlendirilir.",
    "rulesSubmit": "Kuralları Kaydet",
    "policyErrorCreate": "Politika oluşturulurken hata oluştu",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "Beklenmeyen bir hata oluştu",
    "policyCreatedSuccess": "Kaynak politikası başarıyla oluşturuldu",
    "policyUpdatedSuccess": "Kaynak politikası başarıyla güncellendi",
-    "authMethodsSave": "Kimlik doğrulama yöntemlerini kaydet",
+    "authMethodsSave": "Ayarları Kaydet",
+    "policyAuthStackTitle": "Kimlik Doğrulama",
+    "policyAuthStackDescription": "Bu kaynağa erişim için hangi kimlik doğrulama yöntemlerinin gerekli olduğuna karar verin",
+    "policyAuthOrLogicTitle": "Birden fazla kimlik doğrulama yöntemi etkin",
+    "policyAuthOrLogicBanner": "Ziyaretçiler aşağıdaki etkin yöntemlerden herhangi birini kullanarak kimlik doğrulaması yapabilirler. Hepsini tamamlamaları gerekmez.",
+    "policyAuthMethodActive": "Etkin",
+    "policyAuthMethodOff": "Kapalı",
+    "policyAuthSsoTitle": "Platform SSO",
+    "policyAuthSsoDescription": "Organizasyonunuzun kimlik sağlayıcısı üzerinden oturum açmayı zorunlu kılın",
+    "policyAuthSsoSummary": "{idp} · {users} kullanıcısı, {roles} rolü",
+    "policyAuthSsoDefaultIdp": "Varsayılan sağlayıcı",
+    "policyAuthAddDefaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı Ekle",
+    "policyAuthOtherMethodsTitle": "Diğer Yöntemler",
+    "policyAuthOtherMethodsDescription": "Ziyaretçilerin platform SSO yerine veya yanı sıra kullanabileceği isteğe bağlı yöntemler",
+    "policyAuthPasscodeTitle": "Şifre",
+    "policyAuthPasscodeDescription": "Kaynağa erişim için paylaşılan bir alfasayısal şifre gerektir",
+    "policyAuthPasscodeSummary": "Şifre ayarlandı",
+    "policyAuthPincodeTitle": "PIN Kodu",
+    "policyAuthPincodeDescription": "Kaynağa erişim için kısa bir sayısal kod gereklidir",
+    "policyAuthPincodeSummary": "6 haneli PIN ayarlandı",
+    "policyAuthEmailTitle": "E-posta Beyaz Listesi",
+    "policyAuthEmailDescription": "Listelenen e-posta adreslerine tek kullanımlık parolalarla izin verin",
+    "policyAuthEmailSummary": "{count} adres izinli",
+    "policyAuthEmailOtpCallout": "E-posta beyaz listesinin etkinleştirilmesiyle ziyaretçinin girişinde bir kereye mahsus parola e-postasına gönderilecektir.",
+    "policyAuthHeaderAuthTitle": "Temel Başlık Kimlik Doğrulama",
+    "policyAuthHeaderAuthDescription": "Her istekte özel bir HTTP başlık adını ve değerini doğrulayın",
+    "policyAuthHeaderAuthSummary": "Başlık yapılandırıldı",
+    "policyAuthHeaderName": "Başlık adı",
+    "policyAuthHeaderValue": "Beklenen değer",
+    "policyAuthSetPasscode": "Şifreyi Ayarla",
+    "policyAuthSetPincode": "PIN Kodunu Ayarla",
+    "policyAuthSetEmailWhitelist": "E-posta Beyaz Listesini Ayarla",
+    "policyAuthSetHeaderAuth": "Temel Başlık Kimlik Doğrulamasını Ayarla",
+    "policyAccessRulesTitle": "Erişim Kuralları",
+    "policyAccessRulesEnableDescription": "Etkinleştirildiğinde, kurallar azalan sırayla değerlendirilecektir ve biri doğru olarak değerlendirildiğinde diğerine geçilecektir.",
+    "policyAccessRulesFirstMatch": "Kurallar yukarıdan aşağıya doğru değerlendirilir. İlk eşleşen kural sonucu belirler.",
+    "policyAccessRulesHowItWorks": "Kurallar, yol, IP adresi, konum veya başka kriterlere göre talepleri eşleştirir. Her kural bir eylem uygular: kimlik doğrulamayı atla, erişimi engelle veya kimlik doğrulaması için geçici olarak geç.",
+    "policyAccessRulesFallthroughOff": "Kurallar devre dışı bırakıldığında, tüm trafik kimlik doğrulamasına geçer.",
+    "policyAccessRulesFallthroughOn": "Herhangi bir kural eşleşmediğinde trafik kimlik doğrulamasına geçer.",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "Kuralları Kaydet",
    "resourceErrorCreate": "Kaynak oluşturma hatası",
    "resourceErrorCreateDescription": "Kaynak oluşturulurken bir hata oluştu",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "Kaynak güncellenirken bir hata oluştu",
    "access": "Erişim",
    "accessControl": "Erişim Kontrolü",
-    "shareLink": "{resource} Paylaşım Bağlantısı",
+    "shareLink": "{resource} Paylaşılabilir Bağlantı",
    "resourceSelect": "Kaynak seçin",
-    "shareLinks": "Paylaşım Bağlantıları",
+    "shareLinks": "Paylaşılabilir Bağlantılar",
    "share": "Paylaşılabilir Bağlantılar",
    "shareDescription2": "Kaynaklarınıza geçici veya sınırsız erişim sağlamak için paylaşılabilir bağlantılar oluşturun. Bağlantı oluştururken sona erme süresini yapılandırabilirsiniz.",
    "shareEasyCreate": "Kolayca oluştur ve paylaş",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "Yöneticiler her zaman bu kaynağa erişebilir.",
    "resourcePolicySelectTitle": "Kaynak Erişim Politikası",
    "resourcePolicySelectDescription": "Kimlik doğrulama için kaynak politika türünü seçin",
+    "resourcePolicyTypeLabel": "Politika türü",
+    "resourcePolicyLabel": "Kaynak politikası",
    "resourcePolicyInline": "Satır İçi Kaynak Politikası",
    "resourcePolicyInlineDescription": "Erişim Politikası sadece bu kaynağa yönelik",
    "resourcePolicyShared": "Paylaşılan Kaynak Politikası",
-    "resourcePolicySharedDescription": "Bu kaynak paylaşılan bir politika kullanır. Politika düzeyindeki ayarlar (kimlik doğrulama yöntemleri, e-posta beyaz listesi) kilitlidir. Aşağıda, kaynakla ilgili özel kurallar, roller ve kullanıcılar ekleyebilirsiniz.",
+    "resourcePolicySharedDescription": "Bu kaynak bir paylaşılan politika kullanıyor.",
+    "sharedPolicy": "Paylaşılan Politika",
+    "sharedPolicyNoneDescription": "Bu kaynağın kendi politikası var.",
+    "resourceSharedPolicyOwnDescription": "Bu kaynak, kendi kimlik doğrulama ve erişim kuralları denetimlerine sahiptir.",
+    "resourceSharedPolicyInheritedDescription": "Bu kaynak <policyLink>{policyName}</policyLink>'dan devralmaktadır.",
+    "resourceSharedPolicyAuthenticationNotice": "Bu kaynak bir ortak politika kullanıyor. Politikayı eklemek için kimlik doğrulama ayarlarını bu kaynakta düzenleyebilirsiniz. Altta yatan politikayı değiştirmek için <policyLink>{policyName}</policyLink> düzenlemelisiniz.",
+    "resourceSharedPolicyRulesNotice": "Bu kaynak bir paylaşılan politika kullanıyor. Bazı erişim kuralları bu kaynakta düzenlenebilir. Temel politikayı değiştirmek için, <policyLink>{policyName}</policyLink> düzenlemeniz gerekecektir.",
    "resourceUsersRoles": "Erişim Kontrolleri",
    "resourceUsersRolesDescription": "Bu kaynağı kimlerin ziyaret edebileceği kullanıcıları ve rolleri yapılandırın",
    "resourceUsersRolesSubmit": "Erişim Kontrollerini Kaydet",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "Görünürlük",
    "resourceVisibilityTitleDescription": "Kaynak görünürlüğünü tamamen etkinleştirin veya devre dışı bırakın",
    "resourceGeneral": "Genel Ayarlar",
-    "resourceGeneralDescription": "Bu kaynak için genel ayarları yapılandırın",
+    "resourceGeneralDescription": "Bu kaynak için ad, adres ve erişim politikası yapılandırın.",
+    "resourceGeneralDetailsSubsection": "Kaynak Detayları",
+    "resourceGeneralDetailsSubsectionDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve herkesin erişebileceği alan adını belirleyin.",
+    "resourceGeneralDetailsSubsectionPortDescription": "Bu kaynak için görüntülenen adı, tanıtıcıyı ve halka açık portu ayarlayın.",
+    "resourceGeneralPublicAddressSubsection": "Genel Adres",
+    "resourceGeneralPublicAddressSubsectionDescription": "Kullanıcıların bu kaynağa nasıl ulaşacağını yapılandırın.",
+    "resourceGeneralAuthenticationAccessSubsection": "Kimlik Doğrulama ve Erişim",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "Bu kaynağın kendi politikasını mı yoksa ortak bir politikadan mı devralacağını seçin.",
    "resourceEnable": "Kaynağı Etkinleştir",
    "resourceTransfer": "Kaynağı Aktar",
    "resourceTransferDescription": "Bu kaynağı farklı bir siteye aktarın",
@@ -1220,11 +1294,14 @@
    "addLabels": "Etiketler ekle",
    "siteLabelsTab": "Etiketler",
    "siteLabelsDescription": "Bu siteyle ilişkili etiketleri yönetin.",
-    "labelsNotFound": "Etiketler bulunamadı",
+    "labelsNotFound": "Etiket bulunamadı.",
+    "labelsEmptyCreateHint": "Etiket oluşturmak için yukarıdan yazmaya başlayın.",
    "labelSearch": "Etiket ara",
+    "labelSearchOrCreate": "Etiket arayın veya oluşturun",
    "accessLabelFilterCount": "{count, plural, one {# etiket} other {# etiketler}}",
    "labelOverflowCount": "+{count, plural, one {# etiket} other {# etiketler}}",
    "accessLabelFilterClear": "Etiket filtrelerini temizle",
+    "accessFilterClear": "Filtreleri temizle",
    "selectColor": "Renk seç",
    "createNewLabel": "Yeni kuruluş etiketi \"{label}\" oluştur",
    "inviteInvalidDescription": "Davet bağlantısı geçersiz.",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "Kaynaklar",
    "sidebarProxyResources": "Herkese Açık",
    "sidebarClientResources": "Özel",
-    "sidebarPolicies": "Politikalar",
-    "sidebarResourcePolicies": "Kaynaklar",
+    "sidebarPolicies": "Paylaşılan Politikalar",
+    "sidebarResourcePolicies": "Açık Kaynaklar",
    "sidebarAccessControl": "Erişim Kontrolü",
    "sidebarLogsAndAnalytics": "Kayıtlar & Analitik",
    "sidebarTeam": "Ekip",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "Yönetici",
    "sidebarInvitations": "Davetiye",
    "sidebarRoles": "Roller",
-    "sidebarShareableLinks": "Bağlantılar",
+    "sidebarShareableLinks": "Paylaşılabilir Bağlantılar",
    "sidebarApiKeys": "API Anahtarları",
    "sidebarProvisioning": "Tedarik",
    "sidebarSettings": "Ayarlar",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "Kaynak {id}",
    "blueprints": "Planlar",
    "blueprintsLog": "Şablonlar Günlüğü",
-    "blueprintsDescription": "Geçmiş şablon uygulamalarını ve sonuçlarını görüntüleyin",
+    "blueprintsDescription": "Geçmiş plan uygulamalarını ve sonuçlarını görüntüleyin veya yeni bir plan uygulayın",
    "blueprintAdd": "Plan Ekle",
    "blueprintGoBack": "Tüm Planları Gör",
    "blueprintCreate": "Plan Oluştur",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "Docker Soketini Etkinleştir",
    "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Site bağlantısına soket yolu sağlanmalıdır. Bunun nasıl çalıştığını <docsLink>belgelemede</docsLink> okuyun.",
    "newtAutoUpdate": "Site Otomatik-Güncellemesini Etkinleştir",
-    "newtAutoUpdateDescription": "Etkinleştirildiğinde, site bağdaştırıcıları yeni sürüm mevcut olduğunda otomatik olarak en son sürüme güncellenecek.",
+    "newtAutoUpdateDescription": "Etkinleştirildiğinde, site konektörleri en son versiyonu otomatik olarak indirir ve yeniden başlar. Bu, site bazında geçersiz kılınabilir.",
    "siteAutoUpdate": "Site Otomatik-Güncellemesi",
    "siteAutoUpdateLabel": "Otomatik Güncellemeyi Etkinleştir",
-    "siteAutoUpdateDescription": "Bu sitenin bağdaştırıcısının en son sürümü otomatik olarak indirip indirmeyeceğini kontrol edin.",
+    "siteAutoUpdateDescription": "Etkinleştirildiğinde, bu sitenin konektörü en son versiyonu otomatik olarak indirir ve kendini yeniden başlatır.",
    "siteAutoUpdateOrgDefault": "Kuruluş varsayılanı: {state}",
    "siteAutoUpdateOverriding": "Kuruluş ayarını geçersiz kılıyor",
    "siteAutoUpdateResetToOrg": "Kuruluş Varsayılanına Sıfırla",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "Hesap kurulumu tamamlandı! Pangolin'e hoş geldiniz!",
    "documentation": "Dokümantasyon",
    "saveAllSettings": "Tüm Ayarları Kaydet",
-    "saveResourceTargets": "Hedefleri Kaydet",
-    "saveResourceHttp": "Proxy Ayarlarını Kaydet",
-    "saveProxyProtocol": "Proxy protokol ayarlarını kaydet",
+    "saveResourceTargets": "Ayarları Kaydet",
+    "saveResourceHttp": "Ayarları Kaydet",
+    "saveProxyProtocol": "Ayarları Kaydet",
    "settingsUpdated": "Ayarlar güncellendi",
    "settingsUpdatedDescription": "Ayarlar başarıyla güncellendi",
    "settingsErrorUpdate": "Ayarlar güncellenemedi",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "Bilinmiyor",
    "healthCheck": "Sağlık Kontrolü",
    "configureHealthCheck": "Sağlık Kontrolünü Yapılandır",
-    "configureHealthCheckDescription": "{hedef} için sağlık izleme kurun",
+    "configureHealthCheckDescription": "Kaynağınızın her zaman erişilebilir olduğundan emin olmak için izleme kurun",
    "enableHealthChecks": "Sağlık Kontrollerini Etkinleştir",
    "healthCheckDisabledStateDescription": "Devre dışı bırakıldığında, site sağlık kontrolleri yapmaz ve durum bilinmeyen olarak kabul edilecektir.",
    "enableHealthChecksDescription": "Bu hedefin sağlığını izleyin. Gerekirse hedef dışındaki bir son noktayı izleyebilirsiniz.",
    "healthScheme": "Yöntem",
    "healthSelectScheme": "Yöntem Seç",
-    "healthCheckPortInvalid": "Sağlık Kontrolü portu 1 ile 65535 arasında olmalıdır",
+    "healthCheckPortInvalid": "Bağlantı noktası 1 ile 65535 arasında olmalıdır",
    "healthCheckPath": "Yol",
    "healthHostname": "IP / Hostname",
    "healthPort": "Bağlantı Noktası",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "Cihaz Onaylarını Gerektir",
    "requireDeviceApprovalDescription": "Bu role sahip kullanıcıların yeni cihazlarının bağlanabilmesi ve kaynaklara erişebilmesi için bir yönetici tarafından onaylanması gerekiyor.",
    "sshSettings": "SSH Ayarları",
+    "sshAccess": "SSH Erişimi",
    "rdpSettings": "RDP Ayarları",
    "vncSettings": "VNC Ayarları",
    "sshServer": "SSH Sunucusu",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "Bu kurulumu tamamlamadan önce hedef ana bilgisayarınızın kimlik doğrulama daemonunu çalıştıracak şekilde düzgün yapılandırıldığından emin olun, aksi takdirde sağlama başarısız olur.",
    "sshDaemonPort": "Daemon Bağlantı Noktası",
    "sshServerDestination": "Sunucu Hedefi",
-    "sshServerDestinationDescription": "SSH sunucusunun hedefini ve bağlantı noktasını yapılandırın",
+    "sshServerDestinationDescription": "SSH sunucusunun hedefini yapılandırın",
    "destination": "Hedef",
+    "destinationRequired": "Hedef gereklidir.",
+    "domainRequired": "Alan adı gereklidir.",
+    "proxyPortRequired": "Bağlantı noktası gereklidir.",
+    "invalidPathConfiguration": "Geçersiz yol yapılandırması.",
+    "invalidRewritePathConfiguration": "Geçersiz yol yeniden yazma yapılandırması.",
    "bgTargetMultiSiteDisclaimer": "Birden fazla site seçmek, yüksek erişilebilirlik için dayanıklı yönlendirme ve failover sağlar.",
    "roleAllowSsh": "SSH'a İzin Ver",
    "roleAllowSshAllow": "İzin Ver",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.",
    "sshSudo": "Sudo'ya izin ver",
    "sshSudoCommands": "Sudo Komutları",
-    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi. Mutlak yollar kullanılmalıdır.",
+    "sshSudoCommandsDescription": "Kullanıcının 'sudo' ile çalıştırmasına izin verilen komutlar listesi noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır. Mutlak yollar kullanılmalıdır.",
    "sshCreateHomeDir": "Ev Dizini Oluştur",
    "sshUnixGroups": "Unix Grupları",
-    "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.",
+    "sshUnixGroupsDescription": "Hedef ana bilgisayardaki kullanıcıya eklemek için Unix grupları, noktalı virgülle, boşluk veya yeni satırla ayrılmalıdır.",
+    "roleTextFieldPlaceholder": "Değerleri girin veya bir .txt veya .csv dosyası bırakın",
+    "roleTextImportTitle": "Dosyadan İçe Aktar",
+    "roleTextImportDescription": "{fileName} dosyası {fieldLabel} alanına içe aktarılıyor.",
+    "roleTextImportSkipHeader": "İlk Satırı Atla (Başlık)",
+    "roleTextImportOverride": "Mevcut Olanın Yerine Yaz",
+    "roleTextImportAppend": "Mevcut olana Ekle",
+    "roleTextImportMode": "İçe Aktarma Modu",
+    "roleTextImportPreview": "Seçilen Dosya",
+    "roleTextImportItemCount": "{count, plural, =0 {İçe aktarılacak öğe yok} one {İçe aktarılacak 1 öğe} other {İçe aktarılacak # öğe}}",
+    "roleTextImportTotalCount": "{existing} mevcut + {imported} ithal = {total} toplam",
+    "roleTextImportConfirm": "İçe Aktar",
+    "roleTextImportInvalidFile": "Desteklenmeyen dosya türü",
+    "roleTextImportInvalidFileDescription": "Yalnızca .txt ve .csv dosyaları desteklenir.",
+    "roleTextImportEmpty": "Dosyada öğe bulunamadı",
+    "roleTextImportEmptyDescription": "Dosya, içe aktarılabilir öğe içermiyor.",
    "retryAttempts": "Tekrar Deneme Girişimleri",
    "expectedResponseCodes": "Beklenen Yanıt Kodları",
    "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "Proxy Protokolünü Etkinleştir",
    "proxyProtocolInfo": "TCP ara yüzlerini koruyarak istemci IP adreslerini saklayın",
    "proxyProtocolVersion": "Proxy Protokol Versiyonu",
-    "version1": " Versiyon 1 (Önerilen)",
+    "version1": "Versiyon 1 (Önerilen)",
    "version2": "Versiyon 2",
-    "versionDescription": "Versiyon 1 metin tabanlı ve yaygın olarak desteklenir. Versiyon 2 ise ikili ve daha verimlidir ama daha az uyumludur.",
+    "version1Description": "Metin tabanlı ve yaygın olarak desteklenmektedir. Sunucu taşımacılığının dinamik yapılandırmaya eklenmiş olduğundan emin olun.",
+    "version2Description": "İkili ve daha verimli ama daha az uyumlu. Sunucu taşımasının dinamik yapılandırmaya eklendiğinden emin olun.",
    "warning": "Uyarı",
    "proxyProtocolWarning": "Arka uç uygulamanız, Proxy Protokol bağlantılarını kabul etmek üzere yapılandırılmalıdır. Arka ucunuz Proxy Protokolünü desteklemiyorsa, bunu etkinleştirmek tüm bağlantıları koparır. Traefik'ten gelen Proxy Protokol başlıklarına güvenecek şekilde arka ucunuzu yapılandırdığınızdan emin olun.",
    "restarting": "Yeniden Başlatılıyor...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "Onayı girin",
    "blueprintViewDetails": "Detaylar",
    "defaultIdentityProvider": "Varsayılan Kimlik Sağlayıcı",
-    "defaultIdentityProviderDescription": "Varsayılan bir kimlik sağlayıcı seçildiğinde, kullanıcı kimlik doğrulaması için otomatik olarak sağlayıcıya yönlendirilecektir.",
+    "defaultIdentityProviderDescription": "Kullanıcı, kimlik doğrulama için bu kimlik sağlayıcısına otomatik olarak yönlendirilecektir.",
    "editInternalResourceDialogNetworkSettings": "Ağ Ayarları",
    "editInternalResourceDialogAccessPolicy": "Erişim Politikası",
    "editInternalResourceDialogAddRoles": "Roller Ekle",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "Bakım Modu Türü",
    "showMaintenancePage": "Ziyaretçilere bir bakım sayfası gösterin",
    "enableMaintenanceMode": "Bakım Modunu Etkinleştir",
+    "enableMaintenanceModeDescription": "Etkinleştirildiğinde, ziyaretçiler kaynak yerine bir bakım sayfası görecekler.",
    "automatic": "Otomatik",
    "automaticModeDescription": "Tüm arka uç hedefleri kapalı veya sağlıksız olduğunda yalnızca bakım sayfasını gösterin. Sağlıklı en az bir hedef olduğu sürece kaynağınız normal şekilde çalışmaya devam eder.",
    "forced": "Zorunlu",
@@ -3082,6 +3182,8 @@
    "warning:": "Uyarı:",
    "forcedeModeWarning": "Tüm trafik bakım sayfasına yönlendirilecek. Arka plan kaynaklarınız herhangi bir isteği almayacaktır.",
    "pageTitle": "Sayfa Başlığı",
+    "maintenancePageContentSubsection": "Sayfa İçeriği",
+    "maintenancePageContentSubsectionDescription": "Bakım sayfasında gösterilen içeriği özelleştirin",
    "pageTitleDescription": "Bakım sayfasında gösterilen ana başlık",
    "maintenancePageMessage": "Bakım Mesajı",
    "maintenancePageMessagePlaceholder": "Yakında geri döneceğiz! Sitemiz şu anda planlı bakım altındadır.",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "Bu kimlik sağlayıcının bu kuruluştan ilişiğini kesmek istediğinizden emin misiniz?",
    "idpUnassociateDescription": "Bu kimlik sağlayıcı ile ilişkilendirilen tüm kullanıcılar bu kuruluştan kaldırılacaktır, ancak kimlik sağlayıcı diğer ilişkilendirilen kuruluşlar için var olmaya devam edecektir.",
    "idpUnassociateConfirm": "Kimlik Sağlayıcının İlişkisinin Kesilmesini Onayla",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "BENİ SİL VE ORGANİZASYONDAN ÇIKAR",
+    "idpUnassociateAndRemoveMeFromOrg": "BENİ İLİŞKİLENDİRMEYİ BIRAK VE ORGANİZASYONDAN ÇIKAR",
    "idpUnassociateWarning": "Bu işlem bu kuruluş için geri alınamaz.",
    "idpUnassociatedDescription": "Kimlik sağlayıcı bu kuruluştan başarıyla ayrıldı",
    "idpUnassociateMenu": "İlişkiyi Kes",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "Bağlanılıyor…",
    "sshInitializing": "Başlatılıyor…",
    "sshSignInTitle": "SSH'a Giriş Yap",
-    "sshSignInDescription": "SSH kimlik bilgilerinizi girin",
+    "sshSignInDescription": "Bağlanmak için SSH kimlik bilgilerinizi girin",
    "sshPasswordTab": "Şifre",
    "sshPrivateKeyTab": "Özel Anahtar",
    "sshPrivateKeyField": "Özel Anahtar",
    "sshPrivateKeyDisclaimer": "Özel anahtarınız Pangolin'de saklanmaz veya görünmez. Alternatif olarak, mevcut Pangolin kimliğinizle sorunsuz kimlik doğrulama için kısa ömürlü sertifikalar kullanabilirsiniz.",
    "sshLearnMore": "Daha fazla bilgi",
    "sshPrivateKeyFile": "Özel Anahtar Dosyası",
-    "sshAuthenticate": "Kimlik Doğrulama",
+    "sshAuthenticate": "Bağlan",
    "sshTerminate": "Sonlandır",
    "sshPoweredBy": "Tarafından sağlanmaktadır",
    "sshErrorNoTarget": "Belirtilen hedef yok",
    "sshErrorWebSocket": "WebSocket bağlantısı başarısız oldu",
    "sshErrorAuthFailed": "Kimlik doğrulama başarısız",
-    "sshErrorConnectionClosed": "Kimlik doğrulama tamamlanmadan bağlantı kapandı"
+    "sshErrorConnectionClosed": "Kimlik doğrulama tamamlanmadan bağlantı kapandı",
+    "sitePangolinSshDescription": "Bu site üzerindeki kaynaklara SSH erişimine izin verin. Bu ayar sonradan değiştirilebilir.",
+    "browserGatewayNoResourceForDomain": "Bu etki alanı için kaynak bulunamadı",
+    "browserGatewayNoTarget": "Hedef Yok",
+    "browserGatewayConnect": "Bağlan",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "PAM itmeli kimlik doğrulama için SSH anahtarı imzalanamadı. Kullanıcı olarak oturum açtınız mı?",
+    "sshTerminalError": "Hata: {error}",
+    "sshConnectionClosedCode": "Bağlantı kapandı (kod {code})",
+    "sshPrivateKeyPlaceholder": "-----BAŞLANGIÇ OPENSSH ÖZEL ANAHTARI-----",
+    "sshPrivateKeyRequired": "Özel anahtar gereklidir",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "Bağlanmak için VNC parolanızı girin",
+    "vncPasswordOptional": "Parola (isteğe bağlı)",
+    "vncNoResourceTarget": "Kaynak hedefi mevcut değil",
+    "vncFailedToLoadNovnc": "NoVNC yüklenemedi",
+    "vncAuthFailedStatus": "Durum {status}",
+    "vncPasteClipboard": "Panoya yapıştır",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "Uzak Masaüstü'ne Giriş Yap",
+    "rdpSignInDescription": "Bağlanmak için Windows kimlik bilgilerinizi girin",
+    "rdpLoadingModule": "Modül yükleniyor...",
+    "rdpFailedToLoadModule": "RDP modülü yüklenemedi",
+    "rdpNotReady": "Hazır değil",
+    "rdpModuleInitializing": "RDP modülü hala başlatılıyor",
+    "rdpDownloadingFiles": "Uzak {count, plural, one {dosya} other {dosya}} indiriliyor...",
+    "rdpDownloadFailed": "İndirme başarısız: {fileName}",
+    "rdpUploaded": "Yüklendi: {fileName}",
+    "rdpNoConnectionTarget": "Bağlantı hedefi yok",
+    "rdpConnectionFailed": "Bağlantı başarısız oldu",
+    "rdpFit": "Sığdır",
+    "rdpFull": "Tam",
+    "rdpReal": "Gerçek",
+    "rdpMeta": "Meta",
+    "rdpUploadFiles": "Dosya yükle",
+    "rdpFilesReadyToPaste": "Yapıştırmak üzere dosyalar hazır",
+    "rdpFilesReadyToPasteDescription": "{count} dosya uzak panoya kopyalandı — yapıştırmak için uzak masaüstünde Ctrl+V tuşlarına basın.",
+    "rdpUploadFailed": "Yükleme başarısız",
+    "rdpUnicodeKeyboardMode": "Unicode klavye modu",
+    "sessionToolbarShow": "Araç çubuğunu göster",
+    "sessionToolbarHide": "Araç çubuğunu gizle"
 }
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -101,6 +101,8 @@
    "sitesTableViewPrivateResources": "查看私有资源",
    "siteInstallNewt": "安装 Newt",
    "siteInstallNewtDescription": "在您的系统中运行 Newt",
+    "siteInstallKubernetesDocsDescription": "有关最新的 Kubernetes 安装信息，请参阅<docsLink>docs.pangolin.net/manage/sites/install-kubernetes</docsLink>。",
+    "siteInstallAdvantechDocsDescription": "有关 Advantech 调制解调器安装说明，请参阅<docsLink>docs.pangolin.net/manage/sites/install-advantech</docsLink>。",
    "WgConfiguration": "WireGuard 配置",
    "WgConfigurationDescription": "使用以下配置连接到网络",
    "operatingSystem": "操作系统",
@@ -148,16 +150,16 @@
    "siteCredentialsSaveDescription": "您只能看到一次。请确保将其复制并保存到一个安全的地方。",
    "siteInfo": "站点信息",
    "status": "状态",
-    "shareTitle": "管理共享链接",
+    "shareTitle": "管理可共享链接",
    "shareDescription": "创建可共享的链接，允许临时或永久访问代理资源",
-    "shareSearch": "搜索共享链接...",
-    "shareCreate": "创建共享链接",
+    "shareSearch": "搜索可共享链接……",
+    "shareCreate": "创建可共享链接",
    "shareErrorDelete": "删除链接失败",
    "shareErrorDeleteMessage": "删除链接时出错",
    "shareDeleted": "链接已删除",
    "shareDeletedDescription": "链接已删除",
-    "shareDelete": "删除共享链接",
-    "shareDeleteConfirm": "确认删除共享链接",
+    "shareDelete": "删除可共享链接",
+    "shareDeleteConfirm": "确认删除可共享链接",
    "shareQuestionRemove": "您确定要删除这个共享链接吗？",
    "shareMessageRemove": "删除后，该链接将不再可用，使用它的任何人将失去对资源的访问权限。",
    "shareTokenDescription": "访问令牌可以通过两种方式传递：作为查询参数或请求标题。 每次验证访问请求都必须从客户端传递。",
@@ -177,6 +179,7 @@
    "shareCreateDescription": "任何具有此链接的人都可以访问资源",
    "shareTitleOptional": "标题 (可选)",
    "sharePathOptional": "路径（可选）",
+    "sharePathDescription": "认证后，链接将把用户重定向到此路径。",
    "expireIn": "过期时间",
    "neverExpire": "永不过期",
    "shareExpireDescription": "过期时间是链接可以使用并提供对资源的访问时间。 此时间后，链接将不再工作，使用此链接的用户将失去对资源的访问。",
@@ -200,8 +203,8 @@
    "shareErrorSelectResource": "请选择一个资源",
    "proxyResourceTitle": "管理公共资源",
    "proxyResourceDescription": "创建和管理可通过 Web 浏览器公开访问的资源",
-    "publicResourcesBannerTitle": "基于Web的公共访问",
-    "publicResourcesBannerDescription": "公共资源是可以通过网络浏览器在互联网上任何人访问的HTTPS或TCP/UDP代理。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知访问策略。",
+    "publicResourcesBannerTitle": "基于 Web 的公共访问",
+    "publicResourcesBannerDescription": "公共资源是 HTTPS 代理，可以通过网络浏览器在互联网上的任何人访问。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知的访问策略。",
    "clientResourceTitle": "管理私有资源",
    "clientResourceDescription": "创建和管理只能通过连接客户端访问的资源",
    "privateResourcesBannerTitle": "零信任的私人访问",
@@ -209,15 +212,19 @@
    "resourcesSearch": "搜索资源...",
    "resourceAdd": "添加资源",
    "resourceErrorDelte": "删除资源时出错",
-    "resourcePoliciesTitle": "管理资源策略",
-    "resourcePoliciesAttachedResourcesColumnTitle": "附加资源",
+    "resourcePoliciesBannerTitle": "重用身份验证和访问规则",
+    "resourcePoliciesBannerDescription": "共享资源策略可让您定义身份验证方法和访问规则，然后将其应用到多个公共资源。当您更新策略时，每个链接的资源都会自动继承更改。",
+    "resourcePoliciesBannerButtonText": "了解更多",
+    "resourcePoliciesTitle": "管理公共资源策略",
+    "resourcePoliciesAttachedResourcesColumnTitle": "资源",
    "resourcePoliciesAttachedResources": "{count} 个资源",
+    "resourcePoliciesAttachedResourcesCount": "{count, plural, other {# 个资源}}",
    "resourcePoliciesAttachedResourcesEmpty": "没有资源",
-    "resourcePoliciesDescription": "创建和管理身份验证策略以控制对资源的访问",
+    "resourcePoliciesDescription": "创建和管理身份验证策略以控制对公共资源的访问",
    "resourcePoliciesSearch": "搜索策略……",
    "resourcePoliciesAdd": "添加策略",
    "resourcePoliciesDefaultBadgeText": "默认策略",
-    "resourcePoliciesCreate": "创建资源策略",
+    "resourcePoliciesCreate": "创建公共资源策略",
    "resourcePoliciesCreateDescription": "按照以下步骤创建新策略",
    "resourcePolicyName": "策略名称",
    "resourcePolicyNameDescription": "给此策略命名，以便在您的资源中识别它",
@@ -274,7 +281,7 @@
    "back": "后退",
    "cancel": "取消",
    "resourceConfig": "配置片段",
-    "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源",
+    "resourceConfigDescription": "复制并粘贴这些配置片段以设置 TCP/UDP 资源。",
    "resourceAddEntrypoints": "Traefik: 添加入口点",
    "resourceExposePorts": "Gerbil：在 Docker Compose 中显示端口",
    "resourceLearnRaw": "学习如何配置 TCP/UDP 资源",
@@ -287,6 +294,8 @@
    "labelDelete": "删除标签",
    "labelAdd": "添加标签",
    "labelCreateSuccessMessage": "标签创建成功",
+    "labelDuplicateError": "标签重复",
+    "labelDuplicateErrorDescription": "已存在具有该名称的标签。",
    "labelEditSuccessMessage": "标签修改成功",
    "labelNameField": "标签名称",
    "labelColorField": "标签颜色",
@@ -311,7 +320,7 @@
    "rules": "规则",
    "resourceSettingDescription": "配置资源上的设置",
    "resourceSetting": "{resourceName} 设置",
-    "resourcePolicySettingDescription": "配置资源策略上的设置",
+    "resourcePolicySettingDescription": "配置此公共资源策略上的设置",
    "resourcePolicySetting": "{policyName} 设置",
    "alwaysAllow": "旁路认证",
    "alwaysDeny": "屏蔽访问",
@@ -719,7 +728,7 @@
    "targetSubmit": "添加目标",
    "targetNoOne": "此资源没有任何目标。添加目标来配置向后端发送请求的位置。",
    "targetNoOneDescription": "在上面添加多个目标将启用负载平衡。",
-    "targetsSubmit": "保存目标",
+    "targetsSubmit": "保存设置",
    "addTarget": "添加目标",
    "proxyMultiSiteRoundRobinNodeHelp": "轮询路由在未连接到相同节点的站点之间将不起作用，但故障转移会生效。",
    "targetErrorInvalidIp": "无效的 IP 地址",
@@ -753,11 +762,11 @@
    "rulesErrorDuplicate": "复制规则",
    "rulesErrorDuplicateDescription": "带有这些设置的规则已存在",
    "rulesErrorInvalidIpAddressRange": "无效的 CIDR",
-    "rulesErrorInvalidIpAddressRangeDescription": "请输入一个有效的 CIDR 值",
-    "rulesErrorInvalidUrl": "无效的 URL 路径",
-    "rulesErrorInvalidUrlDescription": "请输入一个有效的 URL 路径值",
-    "rulesErrorInvalidIpAddress": "无效的 IP",
-    "rulesErrorInvalidIpAddressDescription": "请输入一个有效的IP地址",
+    "rulesErrorInvalidIpAddressRangeDescription": "输入有效的 CIDR 范围（例如，10.0.0.0/8）。",
+    "rulesErrorInvalidUrl": "无效路径",
+    "rulesErrorInvalidUrlDescription": "输入有效的 URL 路径或模式（例如，/api/*）。",
+    "rulesErrorInvalidIpAddress": "无效 IP 地址",
+    "rulesErrorInvalidIpAddressDescription": "输入有效的 IPv4 或 IPv6 地址。",
    "rulesErrorUpdate": "更新规则失败",
    "rulesErrorUpdateDescription": "更新规则时出错",
    "rulesUpdated": "启用规则",
@@ -765,15 +774,24 @@
    "rulesMatchIpAddressRangeDescription": "以 CIDR 格式输入地址(如：103.21.244.0/22)",
    "rulesMatchIpAddress": "输入IP地址(例如，103.21.244.12)",
    "rulesMatchUrl": "输入一个 URL 路径或模式(例如/api/v1/todos 或 /api/v1/*)",
-    "rulesErrorInvalidPriority": "无效的优先级",
-    "rulesErrorInvalidPriorityDescription": "请输入一个有效的优先级",
-    "rulesErrorDuplicatePriority": "重复的优先级",
-    "rulesErrorDuplicatePriorityDescription": "请输入唯一的优先级",
+    "rulesErrorInvalidPriority": "优先级无效",
+    "rulesErrorInvalidPriorityDescription": "输入一个大于或等于 1 的整数。",
+    "rulesErrorDuplicatePriority": "优先级重复",
+    "rulesErrorDuplicatePriorityDescription": "每条规则必须拥有唯一的优先级号。",
+    "rulesErrorValidation": "规则无效",
+    "rulesErrorValidationRuleDescription": "规则 {ruleNumber}: {message}",
+    "rulesErrorInvalidMatchTypeDescription": "选择有效的匹配类型（路径、IP、CIDR、国家、地区或 ASN）。",
+    "rulesErrorValueRequired": "为此规则输入一个值。",
+    "rulesErrorInvalidCountry": "国家无效",
+    "rulesErrorInvalidCountryDescription": "选择一个有效的国家。",
+    "rulesErrorInvalidAsn": "ASN 无效",
+    "rulesErrorInvalidAsnDescription": "输入有效的 ASN（例如，AS15169）。",
    "ruleUpdated": "规则已更新",
    "ruleUpdatedDescription": "规则更新成功",
    "ruleErrorUpdate": "操作失败",
    "ruleErrorUpdateDescription": "保存过程中发生错误",
    "rulesPriority": "优先权",
+    "rulesReorderDragHandle": "拖动以重新排序规则优先级",
    "rulesAction": "行为",
    "rulesMatchType": "匹配类型",
    "value": "值",
@@ -792,7 +810,7 @@
    "rulesResource": "资源规则配置",
    "rulesResourceDescription": "配置规则来控制对资源的访问",
    "ruleSubmit": "添加规则",
-    "rulesNoOne": "没有规则。使用表单添加规则。",
+    "rulesNoOne": "尚无规则。",
    "rulesOrder": "规则按优先顺序评定。",
    "rulesSubmit": "保存规则",
    "policyErrorCreate": "创建策略时出错",
@@ -803,7 +821,48 @@
    "policyErrorUpdateMessageDescription": "发生意外错误",
    "policyCreatedSuccess": "资源策略创建成功",
    "policyUpdatedSuccess": "资源策略更新成功",
-    "authMethodsSave": "保存身份验证方法",
+    "authMethodsSave": "保存设置",
+    "policyAuthStackTitle": "身份验证",
+    "policyAuthStackDescription": "控制哪些身份验证方法需由用户执行才能访问资源",
+    "policyAuthOrLogicTitle": "多种身份验证方法处于激活状态",
+    "policyAuthOrLogicBanner": "访问者可以使用下列任意激活的方法进行身份验证。无需完成全部过程。",
+    "policyAuthMethodActive": "激活",
+    "policyAuthMethodOff": "关闭",
+    "policyAuthSsoTitle": "平台单点登录 SSO",
+    "policyAuthSsoDescription": "要求通过您组织的身份提供商登录",
+    "policyAuthSsoSummary": "{idp} · {users} 个用户, {roles} 个角色",
+    "policyAuthSsoDefaultIdp": "默认提供商",
+    "policyAuthAddDefaultIdentityProvider": "添加默认身份提供商",
+    "policyAuthOtherMethodsTitle": "其他方法",
+    "policyAuthOtherMethodsDescription": "访问者可以使用以下备用或联合平台 SSO 的方法",
+    "policyAuthPasscodeTitle": "密码",
+    "policyAuthPasscodeDescription": "要求使用共享字母数字密码以访资源问",
+    "policyAuthPasscodeSummary": "密码已设定",
+    "policyAuthPincodeTitle": "PIN 码",
+    "policyAuthPincodeDescription": "要求使用短数字代码以访问资源",
+    "policyAuthPincodeSummary": "6 位数字 PIN 码已设定",
+    "policyAuthEmailTitle": "电子邮件白名单",
+    "policyAuthEmailDescription": "允许列出的电子邮件地址使用一次性密码",
+    "policyAuthEmailSummary": "允许 {count} 个地址",
+    "policyAuthEmailOtpCallout": "启用电子邮件白名单将在登录时向访问者的电子邮件发送一次性密码。",
+    "policyAuthHeaderAuthTitle": "基础标题认证",
+    "policyAuthHeaderAuthDescription": "在每次请求上验证自定义 HTTP 标头名称和值",
+    "policyAuthHeaderAuthSummary": "标头已配置",
+    "policyAuthHeaderName": "标头名称",
+    "policyAuthHeaderValue": "预期值",
+    "policyAuthSetPasscode": "设定密码",
+    "policyAuthSetPincode": "设置 PIN 码",
+    "policyAuthSetEmailWhitelist": "设置电子邮件白名单",
+    "policyAuthSetHeaderAuth": "设置基础标题认证",
+    "policyAccessRulesTitle": "访问规则",
+    "policyAccessRulesEnableDescription": "启用后，规则将按下降顺序进行评估，直到某条规则评估结果为真。",
+    "policyAccessRulesFirstMatch": "规则将自上而下进行评估。首次匹配的规则决定结果。",
+    "policyAccessRulesHowItWorks": "规则通过路径、IP 地址、位置或其他标准匹配请求。每个规则都会应用操作：绕过身份验证、阻止访问或通过身份验证。如果没有规则匹配，流量将继续通过身份验证。",
+    "policyAccessRulesFallthroughOff": "禁用规则后，所有流量将通过身份验证。",
+    "policyAccessRulesFallthroughOn": "没有规则匹配时，流量将通过身份验证。",
+    "rulesPlaceholderCidr": "10.0.0.0/8",
+    "rulesPlaceholderPath": "/admin/*",
+    "rulesPlaceholderGeo": "RU, KP",
    "rulesSave": "保存规则",
    "resourceErrorCreate": "创建资源时出错",
    "resourceErrorCreateDescription": "创建资源时出错",
@@ -824,9 +883,9 @@
    "resourcesErrorUpdateDescription": "更新资源时出错",
    "access": "访问权限",
    "accessControl": "访问控制",
-    "shareLink": "{resource} 的分享链接",
+    "shareLink": "{resource} 可共享链接",
    "resourceSelect": "选择资源",
-    "shareLinks": "分享链接",
+    "shareLinks": "可共享链接",
    "share": "分享链接",
    "shareDescription2": "创建资源的可共享链接。链接提供了对您资源的临时或无限制访问。 当您创建链接时，您可以配置链接的到期时间。",
    "shareEasyCreate": "轻松创建和分享",
@@ -916,10 +975,18 @@
    "resourceRoleDescription": "管理员总是可以访问此资源。",
    "resourcePolicySelectTitle": "资源访问策略",
    "resourcePolicySelectDescription": "选择用于认证的资源策略类型",
+    "resourcePolicyTypeLabel": "策略类型",
+    "resourcePolicyLabel": "资源策略",
    "resourcePolicyInline": "内联资源策略",
    "resourcePolicyInlineDescription": "仅限于此资源的访问策略",
    "resourcePolicyShared": "共享资源策略",
-    "resourcePolicySharedDescription": "此资源使用共享策略。策略级设置（身份验证方法、电子邮件白名单）被锁定。您可以在下方添加特定资源的规则、角色和用户。",
+    "resourcePolicySharedDescription": "此资源使用共享策略。",
+    "sharedPolicy": "共享策略",
+    "sharedPolicyNoneDescription": "此资源有自己的策略。",
+    "resourceSharedPolicyOwnDescription": "此资源具有自己的身份验证和访问规则控制。",
+    "resourceSharedPolicyInheritedDescription": "此资源继承自<policyLink>{policyName}</policyLink>。",
+    "resourceSharedPolicyAuthenticationNotice": "此资源使用共享策略。一些身份验证设置可以在此资源上编辑以添加到策略。要更改基础策略，您必须编辑<policyLink>{policyName}</policyLink>。",
+    "resourceSharedPolicyRulesNotice": "此资源正在使用一个共享策略。某些访问规则可以在此资源上编辑。要更改基础策略，您必须编辑<policyLink>{policyName}</policyLink>。",
    "resourceUsersRoles": "访问控制",
    "resourceUsersRolesDescription": "配置用户和角色可以访问此资源",
    "resourceUsersRolesSubmit": "保存访问控制",
@@ -944,7 +1011,14 @@
    "resourceVisibilityTitle": "可见性",
    "resourceVisibilityTitleDescription": "完全启用或禁用资源可见性",
    "resourceGeneral": "常规设置",
-    "resourceGeneralDescription": "配置此资源的常规设置",
+    "resourceGeneralDescription": "配置资源的名称、地址和访问策略。",
+    "resourceGeneralDetailsSubsection": "资源详情",
+    "resourceGeneralDetailsSubsectionDescription": "设置资源的显示名称、标识符和公共访问域名。",
+    "resourceGeneralDetailsSubsectionPortDescription": "设置资源的显示名称、标识符和公共端口。",
+    "resourceGeneralPublicAddressSubsection": "公共地址",
+    "resourceGeneralPublicAddressSubsectionDescription": "配置用户如何访问该资源。",
+    "resourceGeneralAuthenticationAccessSubsection": "身份验证与访问",
+    "resourceGeneralAuthenticationAccessSubsectionDescription": "选择该资源是使用其自己的策略还是从共享策略继承。",
    "resourceEnable": "启用资源",
    "resourceTransfer": "转移资源",
    "resourceTransferDescription": "将此资源转移到另一个站点",
@@ -1220,11 +1294,14 @@
    "addLabels": "添加标签",
    "siteLabelsTab": "标签",
    "siteLabelsDescription": "管理与此网站相关的标签。",
-    "labelsNotFound": "找不到标签",
+    "labelsNotFound": "未找到标签。",
+    "labelsEmptyCreateHint": "在上方输入以创建标签。",
    "labelSearch": "搜索标签",
+    "labelSearchOrCreate": "搜索或创建标签",
    "accessLabelFilterCount": "{count, plural, other {# 标签}}",
    "labelOverflowCount": "+{count, plural, other {# 标签}}",
    "accessLabelFilterClear": "清除标签过滤器",
+    "accessFilterClear": "清除筛选器",
    "selectColor": "选择颜色",
    "createNewLabel": "创建新的组织标签 \"{label}\"",
    "inviteInvalidDescription": "邀请链接无效。",
@@ -1461,8 +1538,8 @@
    "sidebarResources": "资源",
    "sidebarProxyResources": "公开的",
    "sidebarClientResources": "非公开的",
-    "sidebarPolicies": "策略",
-    "sidebarResourcePolicies": "资源",
+    "sidebarPolicies": "共享策略",
+    "sidebarResourcePolicies": "公共资源",
    "sidebarAccessControl": "访问控制",
    "sidebarLogsAndAnalytics": "日志与分析",
    "sidebarTeam": "团队",
@@ -1470,7 +1547,7 @@
    "sidebarAdmin": "管理员",
    "sidebarInvitations": "邀请",
    "sidebarRoles": "角色",
-    "sidebarShareableLinks": "链接",
+    "sidebarShareableLinks": "可共享链接",
    "sidebarApiKeys": "API密钥",
    "sidebarProvisioning": "置备中",
    "sidebarSettings": "设置",
@@ -1647,7 +1724,7 @@
    "standaloneHcFilterResourceIdFallback": "资源 {id}",
    "blueprints": "蓝图",
    "blueprintsLog": "蓝图日志",
-    "blueprintsDescription": "查看过去的蓝图应用及其结果",
+    "blueprintsDescription": "查看过去的蓝图应用及其结果或应用一个新的蓝图",
    "blueprintAdd": "添加蓝图",
    "blueprintGoBack": "查看所有蓝图",
    "blueprintCreate": "创建蓝图",
@@ -1667,10 +1744,10 @@
    "enableDockerSocket": "启用 Docker 蓝图",
    "enableDockerSocketDescription": "启用用于蓝图标签的 Docker 套接字标签擦除。必须为站点连接器提供套接字路径。阅读<docsLink>文档</docsLink>以了解相关工作原理。",
    "newtAutoUpdate": "启用站点自动更新",
-    "newtAutoUpdateDescription": "启用时，站点连接器将在有新版本发布时自动更新到最新版本。",
+    "newtAutoUpdateDescription": "启用后，站点连接器将自动下载最新版本并重新启动。可以针对每个站点进行覆盖。",
    "siteAutoUpdate": "站点自动更新",
    "siteAutoUpdateLabel": "启用自动更新",
-    "siteAutoUpdateDescription": "控制此站点连接器是否自动下载最新版本。",
+    "siteAutoUpdateDescription": "启用后，该站点的连接器将自动下载最新版本并重新启动。",
    "siteAutoUpdateOrgDefault": "组织默认设置：{state}",
    "siteAutoUpdateOverriding": "覆盖组织设置",
    "siteAutoUpdateResetToOrg": "重置为组织默认设置",
@@ -1768,9 +1845,9 @@
    "accountSetupSuccess": "账号设置完成！欢迎来到 Pangolin！",
    "documentation": "文档",
    "saveAllSettings": "保存所有设置",
-    "saveResourceTargets": "保存目标",
-    "saveResourceHttp": "保存代理设置",
-    "saveProxyProtocol": "保存代理协议设置",
+    "saveResourceTargets": "保存设置",
+    "saveResourceHttp": "保存设置",
+    "saveProxyProtocol": "保存设置",
    "settingsUpdated": "设置已更新",
    "settingsUpdatedDescription": "设置更新成功",
    "settingsErrorUpdate": "设置更新失败",
@@ -2027,13 +2104,13 @@
    "healthCheckUnknown": "未知",
    "healthCheck": "健康检查",
    "configureHealthCheck": "配置健康检查",
-    "configureHealthCheckDescription": "为 {target} 设置健康监控",
+    "configureHealthCheckDescription": "为您的资源设置监控以确保其始终可用",
    "enableHealthChecks": "启用健康检查",
    "healthCheckDisabledStateDescription": "禁用后，站点不会进行健康检查，状态将被视为未知。",
    "enableHealthChecksDescription": "监视此目标的健康状况。如果需要，您可以监视一个不同的终点。",
    "healthScheme": "方法",
    "healthSelectScheme": "选择方法",
-    "healthCheckPortInvalid": "健康检查端口必须介于 1 到 65535 之间",
+    "healthCheckPortInvalid": "端口必须在 1 和 65535 之间",
    "healthCheckPath": "路径",
    "healthHostname": "IP / 主机",
    "healthPort": "端口",
@@ -2046,6 +2123,7 @@
    "requireDeviceApproval": "需要设备批准",
    "requireDeviceApprovalDescription": "具有此角色的用户需要管理员批准的新设备才能连接和访问资源。",
    "sshSettings": "SSH 设置",
+    "sshAccess": "SSH 访问",
    "rdpSettings": "RDP 设置",
    "vncSettings": "VNC 设置",
    "sshServer": "SSH 服务器",
@@ -2072,8 +2150,13 @@
    "sshDaemonDisclaimer": "在完成本设置之前，请确保您的目标主机已经正确配置以运行身份验证守护程序，否则配置将失败。",
    "sshDaemonPort": "守护程序端口",
    "sshServerDestination": "服务器目标",
-    "sshServerDestinationDescription": "配置 SSH 服务器的目标和端口",
+    "sshServerDestinationDescription": "配置 SSH 服务器的目的地",
    "destination": "目标",
+    "destinationRequired": "需要目的地。",
+    "domainRequired": "需要域。",
+    "proxyPortRequired": "需要端口。",
+    "invalidPathConfiguration": "路径配置无效。",
+    "invalidRewritePathConfiguration": "重写路径配置无效。",
    "bgTargetMultiSiteDisclaimer": "选择多个站点可实现高可用性的弹性路由和故障转移。",
    "roleAllowSsh": "允许 SSH",
    "roleAllowSshAllow": "允许",
@@ -2088,10 +2171,25 @@
    "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
    "sshSudo": "允许Sudo",
    "sshSudoCommands": "Sudo 命令",
-    "sshSudoCommandsDescription": "逗号分隔的命令列表，用户可以通过sudo运行。必须使用绝对路径。",
+    "sshSudoCommandsDescription": "用户可以使用 sudo 运行的命令列表，以逗号、空格或新行分隔。必须使用绝对路径。",
    "sshCreateHomeDir": "创建主目录",
    "sshUnixGroups": "Unix 组",
-    "sshUnixGroupsDescription": "用逗号分隔了Unix组，将用户添加到目标主机上。",
+    "sshUnixGroupsDescription": "在目标主机上将用户添加到的 Unix 组，以逗号、空格或新行分隔。",
+    "roleTextFieldPlaceholder": "输入值，或放入 .txt 或 .csv 文件",
+    "roleTextImportTitle": "从文件导入",
+    "roleTextImportDescription": "将 {fileName} 导入到 {fieldLabel}。",
+    "roleTextImportSkipHeader": "跳过第一行（标题）",
+    "roleTextImportOverride": "替换现有",
+    "roleTextImportAppend": "附加到现有",
+    "roleTextImportMode": "导入模式",
+    "roleTextImportPreview": "预览",
+    "roleTextImportItemCount": "{count, plural, =0 {No items to import} one {1 item to import} other {# items to import}}",
+    "roleTextImportTotalCount": "{existing} 个现有 + {imported} 个导入 = {total} 个总计",
+    "roleTextImportConfirm": "导入",
+    "roleTextImportInvalidFile": "不支持的文件类型",
+    "roleTextImportInvalidFileDescription": "仅支持 .txt 和 .csv 文件。",
+    "roleTextImportEmpty": "文件中未找到项目",
+    "roleTextImportEmptyDescription": "文件不包含任何可导入的项目。",
    "retryAttempts": "重试次数",
    "expectedResponseCodes": "期望响应代码",
    "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",
@@ -2875,9 +2973,10 @@
    "enableProxyProtocol": "启用代理协议",
    "proxyProtocolInfo": "为TCP后端保留客户端IP地址",
    "proxyProtocolVersion": "代理协议版本",
-    "version1": " 版本 1 (推荐)",
+    "version1": "版本 1（推荐）",
    "version2": "版本 2",
-    "versionDescription": "版本 1 是基于文本和广泛支持的版本。版本 2 是二进制和更有效率但不那么兼容。",
+    "version1Description": "基于文本和广泛支持。确保服务器传输添加到动态配置。",
+    "version2Description": "二进制且更有效率但兼容性较低。确保服务器传输添加到动态配置。",
    "warning": "警告",
    "proxyProtocolWarning": "后端应用程序必须配置为接受代理协议连接。 如果您的后端不支持代理协议，启用此功能将会中断所有连接，只有当您知道自己在做什么时才能启用此功能。 请务必从Traefik配置您的后端到信任代理协议标题。",
    "restarting": "正在重启...",
@@ -3034,7 +3133,7 @@
    "enterConfirmation": "输入确认",
    "blueprintViewDetails": "详细信息",
    "defaultIdentityProvider": "默认身份提供商",
-    "defaultIdentityProviderDescription": "当选择默认身份提供商时，用户将自动重定向到提供商进行身份验证。",
+    "defaultIdentityProviderDescription": "用户将自动重定向到此身份提供者进行身份验证。",
    "editInternalResourceDialogNetworkSettings": "网络设置",
    "editInternalResourceDialogAccessPolicy": "访问策略",
    "editInternalResourceDialogAddRoles": "添加角色",
@@ -3075,6 +3174,7 @@
    "maintenanceModeType": "维护模式类型",
    "showMaintenancePage": "只在所有后端目标都故障或不健康时显示维护页面。只要至少一个目标健康，您的资源将正常工作。",
    "enableMaintenanceMode": "启用维护模式",
+    "enableMaintenanceModeDescription": "启用后，访问者将看到维护页面而不是您的资源。",
    "automatic": "自动",
    "automaticModeDescription": "如果所有后端目标都故障或不健康，则仅显示维护页面。只要至少一个目标健康，您的资源将正常工作。",
    "forced": "强制",
@@ -3082,6 +3182,8 @@
    "warning:": "警告：",
    "forcedeModeWarning": "所有流量将被引导到维护页面。您的后端资源不会收到任何请求。",
    "pageTitle": "页面标题",
+    "maintenancePageContentSubsection": "页面内容",
+    "maintenancePageContentSubsectionDescription": "自定义维护页面上显示的内容",
    "pageTitleDescription": "维护页面显示的主标题",
    "maintenancePageMessage": "维护信息",
    "maintenancePageMessagePlaceholder": "我们很快回来！ 我们的网站目前正在进行计划中的维护。",
@@ -3346,6 +3448,8 @@
    "idpUnassociateQuestion": "您确定要将此身份提供者从此组织中取消关联吗？",
    "idpUnassociateDescription": "与此身份提供者关联的所有用户将从该组织中移除，但身份提供者仍会继续存在于关联的其他组织中。",
    "idpUnassociateConfirm": "确认取消关联身份提供者",
+    "idpConfirmDeleteAndRemoveMeFromOrg": "删除并将我从组织中移除",
+    "idpUnassociateAndRemoveMeFromOrg": "解除关联并将我从组织中移除",
    "idpUnassociateWarning": "此操作无法对该组织撤销。",
    "idpUnassociatedDescription": "身份提供者已成功从该组织中取消关联",
    "idpUnassociateMenu": "取消关联",
@@ -3439,18 +3543,58 @@
    "sshConnecting": "正在连接…",
    "sshInitializing": "初始化中…",
    "sshSignInTitle": "登录 SSH",
-    "sshSignInDescription": "输入您的 SSH 凭据",
+    "sshSignInDescription": "输入您的 SSH 凭据以进行连接",
    "sshPasswordTab": "密码",
    "sshPrivateKeyTab": "私钥",
    "sshPrivateKeyField": "私钥",
    "sshPrivateKeyDisclaimer": "您的私钥不会被 Pangolin 存储或显示。或者，您可以使用短期证书，使用您现有的 Pangolin 身份无缝认证。",
    "sshLearnMore": "了解更多",
    "sshPrivateKeyFile": "私钥文件",
-    "sshAuthenticate": "验证",
+    "sshAuthenticate": "连接",
    "sshTerminate": "终止",
    "sshPoweredBy": "支持者",
    "sshErrorNoTarget": "未指定目标",
    "sshErrorWebSocket": "WebSocket 连接失败",
    "sshErrorAuthFailed": "身份验证失败",
-    "sshErrorConnectionClosed": "认证完成前连接已关闭"
+    "sshErrorConnectionClosed": "认证完成前连接已关闭",
+    "sitePangolinSshDescription": "允许对该站点的资源进行 SSH 访问。可稍后更改。",
+    "browserGatewayNoResourceForDomain": "未找到该域的资源",
+    "browserGatewayNoTarget": "没有目标",
+    "browserGatewayConnect": "连接",
+    "browserGatewayCtrlAltDel": "Ctrl+Alt+Del",
+    "sshErrorSignKeyFailed": "签署 SSH 密钥以进行 PAM 推送身份验证失败。您以用户身份登录了吗？",
+    "sshTerminalError": "错误: {error}",
+    "sshConnectionClosedCode": "连接关闭 (代码 {code})",
+    "sshPrivateKeyPlaceholder": "-----BEGIN OPENSSH PRIVATE KEY-----",
+    "sshPrivateKeyRequired": "需要私钥",
+    "vncTitle": "VNC",
+    "vncSignInDescription": "输入您的 VNC 密码以连接",
+    "vncPasswordOptional": "密码 (可选)",
+    "vncNoResourceTarget": "没有可用的资源目标",
+    "vncFailedToLoadNovnc": "加载 noVNC 失败",
+    "vncAuthFailedStatus": "状态 {status}",
+    "vncPasteClipboard": "粘贴剪贴板",
+    "rdpTitle": "RDP",
+    "rdpSignInTitle": "登录到远程桌面",
+    "rdpSignInDescription": "输入 Windows 凭据以连接",
+    "rdpLoadingModule": "加载模块中……",
+    "rdpFailedToLoadModule": "加载 RDP 模块失败",
+    "rdpNotReady": "未准备好",
+    "rdpModuleInitializing": "RDP 模块仍在初始化中",
+    "rdpDownloadingFiles": "正在从远程下载 {count} 个文件...",
+    "rdpDownloadFailed": "下载失败: {fileName}",
+    "rdpUploaded": "已上传: {fileName}",
+    "rdpNoConnectionTarget": "没有可用的连接目标",
+    "rdpConnectionFailed": "连接失败",
+    "rdpFit": "适合",
+    "rdpFull": "完整",
+    "rdpReal": "真实",
+    "rdpMeta": "元数据",
+    "rdpUploadFiles": "上传文件",
+    "rdpFilesReadyToPaste": "文件准备好粘贴",
+    "rdpFilesReadyToPasteDescription": "已将 {count} 个文件复制到远程剪贴板——在远程桌面上按 Ctrl+V 进行粘贴",
+    "rdpUploadFailed": "上传失败",
+    "rdpUnicodeKeyboardMode": "Unicode 键盘模式",
+    "sessionToolbarShow": "显示工具栏",
+    "sessionToolbarHide": "隐藏工具栏"
 }
--- a/server/auth/canUserAccessResource.ts
+++ b/server/auth/canUserAccessResource.ts
@@ -1,6 +1,12 @@
 import { db } from "@server/db";
-import { and, eq, inArray } from "drizzle-orm";
-import { roleResources, userResources } from "@server/db";
+import { and, eq, inArray, isNull, or } from "drizzle-orm";
+import {
+    rolePolicies,
+    roleResources,
+    resources,
+    userPolicies,
+    userResources
+} from "@server/db";

 export async function canUserAccessResource({
    userId,
@@ -11,9 +17,14 @@ export async function canUserAccessResource({
    resourceId: number;
    roleIds: number[];
 }): Promise<boolean> {
-    const roleResourceAccess =
+    const [
+        roleResourceAccess,
+        rolePolicyAccess,
+        userResourceAccess,
+        userPolicyAccess
+    ] = await Promise.all([
        roleIds.length > 0
-            ? await db
+            ? db
                  .select()
                  .from(roleResources)
                  .where(
@@ -23,26 +34,87 @@ export async function canUserAccessResource({
                      )
                  )
                  .limit(1)
-            : [];
-
-    if (roleResourceAccess.length > 0) {
-        return true;
-    }
-
-    const userResourceAccess = await db
-        .select()
-        .from(userResources)
-        .where(
-            and(
-                eq(userResources.userId, userId),
-                eq(userResources.resourceId, resourceId)
+            : [],
+        roleIds.length > 0
+            ? db
+                  .select({
+                      roleId: rolePolicies.roleId,
+                      resourcePolicyId: rolePolicies.resourcePolicyId
+                  })
+                  .from(rolePolicies)
+                  .innerJoin(
+                      resources,
+                      // Shared policy wins; only use default policy when no shared
+                      // policy is assigned to the resource.
+                      or(
+                          eq(
+                              resources.resourcePolicyId,
+                              rolePolicies.resourcePolicyId
+                          ),
+                          and(
+                              isNull(resources.resourcePolicyId),
+                              eq(
+                                  resources.defaultResourcePolicyId,
+                                  rolePolicies.resourcePolicyId
+                              )
+                          )
+                      )
+                  )
+                  .where(
+                      and(
+                          eq(resources.resourceId, resourceId),
+                          inArray(rolePolicies.roleId, roleIds)
+                      )
+                  )
+                  .limit(1)
+            : [],
+        db
+            .select()
+            .from(userResources)
+            .where(
+                and(
+                    eq(userResources.userId, userId),
+                    eq(userResources.resourceId, resourceId)
+                )
            )
-        )
-        .limit(1);
+            .limit(1),
+        db
+            .select({
+                userId: userPolicies.userId,
+                resourcePolicyId: userPolicies.resourcePolicyId
+            })
+            .from(userPolicies)
+            .innerJoin(
+                resources,
+                // Shared policy wins; only use default policy when no shared
+                // policy is assigned to the resource.
+                or(
+                    eq(
+                        resources.resourcePolicyId,
+                        userPolicies.resourcePolicyId
+                    ),
+                    and(
+                        isNull(resources.resourcePolicyId),
+                        eq(
+                            resources.defaultResourcePolicyId,
+                            userPolicies.resourcePolicyId
+                        )
+                    )
+                )
+            )
+            .where(
+                and(
+                    eq(resources.resourceId, resourceId),
+                    eq(userPolicies.userId, userId)
+                )
+            )
+            .limit(1)
+    ]);

-    if (userResourceAccess.length > 0) {
-        return true;
-    }
-
-    return false;
+    return (
+        roleResourceAccess.length > 0 ||
+        rolePolicyAccess.length > 0 ||
+        userResourceAccess.length > 0 ||
+        userPolicyAccess.length > 0
+    );
 }
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -87,7 +87,7 @@ function createDb() {

 export const db = createDb();
 export default db;
-export const primaryDb = db.$primary as typeof db; // is this typeof a problem - techincally they are different types
+export const primaryDb = db.$primary as typeof db; // is this typeof a problem - technically they are different types
 export type Transaction = Parameters<
    Parameters<(typeof db)["transaction"]>[0]
 >[0];
--- a/server/db/pg/logsDriver.ts
+++ b/server/db/pg/logsDriver.ts
@@ -2,7 +2,7 @@ import { drizzle as DrizzlePostgres } from "drizzle-orm/node-postgres";
 import { readConfigFile } from "@server/lib/readConfigFile";
 import { withReplicas } from "drizzle-orm/pg-core";
 import { build } from "@server/build";
-import { db as mainDb, primaryDb as mainPrimaryDb } from "./driver";
+import { db as mainDb } from "./driver";
 import { createPool } from "./poolConfig";

 function createLogsDb() {
@@ -63,8 +63,7 @@ function createLogsDb() {
            })
        );
    } else {
-        const maxReplicaConnections =
-            poolConfig?.max_replica_connections || 20;
+        const maxReplicaConnections = poolConfig?.max_replica_connections || 20;
        for (const conn of replicaConnections) {
            const replicaPool = createPool(
                conn.connection_string,
@@ -91,4 +90,4 @@ function createLogsDb() {

 export const logsDb = createLogsDb();
 export default logsDb;
-export const primaryLogsDb = logsDb.$primary;
+export const primaryLogsDb = logsDb.$primary;
--- a/server/db/pg/poolConfig.ts
+++ b/server/db/pg/poolConfig.ts
@@ -1,5 +1,4 @@
 import { Pool, PoolConfig } from "pg";
-import logger from "@server/logger";

 export function createPoolConfig(
    connectionString: string,
@@ -27,7 +26,7 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
    pool.on("error", (err) => {
        // This catches errors on idle clients in the pool. Without this
        // handler an unexpected disconnect would crash the process.
-        logger.error(
+        console.error(
            `Unexpected error on idle ${label} database client: ${err.message}`
        );
    });
@@ -36,7 +35,7 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
        // Set a statement timeout on every new connection so a single slow
        // query can't block the pool forever
        client.query("SET statement_timeout = '30s'").catch((err: Error) => {
-            logger.warn(
+            console.warn(
                `Failed to set statement_timeout on ${label} client: ${err.message}`
            );
        });
@@ -60,4 +59,4 @@ export function createPool(
    );
    attachPoolErrorHandlers(pool, label);
    return pool;
-}
+}
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -147,12 +147,10 @@ export const resources = pgTable("resources", {
    }),
    ssl: boolean("ssl").notNull().default(false),
    blockAccess: boolean("blockAccess").notNull().default(false),
-    sso: boolean("sso").notNull().default(true),
    proxyPort: integer("proxyPort"),
-    emailWhitelistEnabled: boolean("emailWhitelistEnabled")
-        .notNull()
-        .default(false),
-    applyRules: boolean("applyRules").notNull().default(false),
+    sso: boolean("sso"),
+    emailWhitelistEnabled: boolean("emailWhitelistEnabled"),
+    applyRules: boolean("applyRules"),
    enabled: boolean("enabled").notNull().default(true),
    stickySession: boolean("stickySession").notNull().default(false),
    tlsServerName: varchar("tlsServerName"),
--- a/server/db/queries/verifySessionQueries.ts
+++ b/server/db/queries/verifySessionQueries.ts
@@ -45,9 +45,9 @@ export type ResourceWithAuth = {
    password: ResourcePassword | ResourcePolicyPassword | null;
    headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
    headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
-    applyRules: boolean;
-    sso: boolean;
-    emailWhitelistEnabled: boolean;
+    applyRules: boolean | null;
+    sso: boolean | null;
+    emailWhitelistEnabled: boolean | null;
    org: Org;
 };

--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -165,14 +165,12 @@ export const resources = sqliteTable("resources", {
    blockAccess: integer("blockAccess", { mode: "boolean" })
        .notNull()
        .default(false),
-    sso: integer("sso", { mode: "boolean" }).notNull().default(true),
    proxyPort: integer("proxyPort"),
-    emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
-        .notNull()
-        .default(false),
-    applyRules: integer("applyRules", { mode: "boolean" })
-        .notNull()
-        .default(false),
+    sso: integer("sso", { mode: "boolean" }),
+    emailWhitelistEnabled: integer("emailWhitelistEnabled", {
+        mode: "boolean"
+    }),
+    applyRules: integer("applyRules", { mode: "boolean" }),
    enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
    stickySession: integer("stickySession", { mode: "boolean" })
        .notNull()
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -157,7 +157,9 @@ function getOpenApiDocumentation() {
                        content: {
                            "application/json": {
                                schema: z.object({
-                                    data: z.unknown().nullable(),
+                                    data: z
+                                        .record(z.string(), z.any())
+                                        .nullable(),
                                    success: z.boolean(),
                                    error: z.boolean(),
                                    message: z.string(),
--- a/server/lib/billing/tierMatrix.ts
+++ b/server/lib/billing/tierMatrix.ts
@@ -31,7 +31,7 @@ export enum TierFeature {
 }

 export const tierMatrix: Record<TierFeature, Tier[]> = {
-    [TierFeature.Labels]: ["tier2", "tier3", "enterprise"],
+    [TierFeature.Labels]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.OrgOidc]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.LoginPageDomain]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.DeviceApprovals]: ["tier1", "tier3", "enterprise"],
@@ -71,16 +71,6 @@ export const tierMatrix: Record<TierFeature, Tier[]> = {
    [TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.NewtAutoUpdate]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.ResourcePolicies]: ["tier3", "enterprise"],
-    [TierFeature.AdvancedPublicResources]: [
-        "tier1",
-        "tier2",
-        "tier3",
-        "enterprise"
-    ],
-    [TierFeature.AdvancedPrivateResources]: [
-        "tier1",
-        "tier2",
-        "tier3",
-        "enterprise"
-    ]
+    [TierFeature.AdvancedPublicResources]: ["tier3", "enterprise"],
+    [TierFeature.AdvancedPrivateResources]: ["tier3", "enterprise"]
 };
--- a/server/lib/blueprints/applyNewtDockerBlueprint.ts
+++ b/server/lib/blueprints/applyNewtDockerBlueprint.ts
@@ -71,7 +71,10 @@ export async function applyNewtDockerBlueprint(
    let skippedKeys: string[] = [];

    try {
-        const blueprint = processContainerLabels(containers);
+        // Some Newt clients can report null/undefined containers when Docker
+        // labels are unavailable. Treat that as an empty blueprint payload.
+        const safeContainers = Array.isArray(containers) ? containers : [];
+        const blueprint = processContainerLabels(safeContainers);

        logger.debug(
            `Received Docker blueprint with ${Object.keys(blueprint["proxy-resources"]).length} proxy, ${Object.keys(blueprint["client-resources"]).length} client resource(s)`
--- a/server/lib/blueprints/privateResources.ts
+++ b/server/lib/blueprints/privateResources.ts
@@ -415,7 +415,11 @@ export async function updatePrivateResources(
        } else {
            let aliasAddress: string | null = null;
            let releaseAliasLock: (() => Promise<void>) | null = null;
-            if (resourceData.mode === "host" || resourceData.mode === "http") {
+            if (
+                resourceData.mode === "host" ||
+                resourceData.mode === "http" ||
+                resourceData.mode === "ssh"
+            ) {
                const { value, release } = await getNextAvailableAliasAddress(
                    orgId,
                    trx
--- a/server/lib/blueprints/publicResources.ts
+++ b/server/lib/blueprints/publicResources.ts
@@ -945,7 +945,45 @@ export async function updatePublicResources(
                }
            } else {
                // INLINE POLICY MODE: sync rules into policy-level table
-                const inlinePolicyId = resource!.defaultResourcePolicyId!;
+                let inlinePolicyId = resource!.defaultResourcePolicyId;
+
+                // Targets-only updates skip the auth/policy update branch above,
+                // so pre-1.19 resources can still have no inline policy linked.
+                if (!inlinePolicyId) {
+                    const [adminRole] = await trx
+                        .select()
+                        .from(roles)
+                        .where(
+                            and(eq(roles.isAdmin, true), eq(roles.orgId, orgId))
+                        )
+                        .limit(1);
+
+                    if (!adminRole) {
+                        throw new Error(`Admin role not found`);
+                    }
+
+                    inlinePolicyId = await ensureInlinePolicy(
+                        existingResource.defaultResourcePolicyId,
+                        orgId,
+                        resourceNiceId,
+                        adminRole.roleId,
+                        trx
+                    );
+
+                    [resource] = await trx
+                        .update(resources)
+                        .set({
+                            resourcePolicyId: null,
+                            defaultResourcePolicyId: inlinePolicyId
+                        })
+                        .where(
+                            eq(
+                                resources.resourceId,
+                                existingResource.resourceId
+                            )
+                        )
+                        .returning();
+                }

                // Clear the old resource-level rules table
                await trx
@@ -1467,17 +1505,6 @@ async function syncWhitelistUsers(
        .where(eq(resourceWhitelist.resourceId, resourceId));

    for (const email of whitelistUsers) {
-        const [user] = await trx
-            .select()
-            .from(users)
-            .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
-            .where(and(eq(users.email, email), eq(userOrgs.orgId, orgId)))
-            .limit(1);
-
-        if (!user) {
-            throw new Error(`User not found: ${email} in org ${orgId}`);
-        }
-
        const existingWhitelistEntry = existingWhitelist.find(
            (w) => w.email === email
        );
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -1,8 +1,23 @@
 import { z } from "zod";
+import { existsSync } from "node:fs";
 import { portRangeStringSchema } from "@server/lib/ip";
 import { MaintenanceSchema } from "#dynamic/lib/blueprints/MaintenanceSchema";
 import { isValidRegionId } from "@server/db/regions";
 import { wildcardSubdomainSchema } from "@server/lib/schemas";
+import config from "@server/lib/config";
+
+const maxmindDbPath = config.getRawConfig().server.maxmind_db_path;
+const maxmindAsnPath = config.getRawConfig().server.maxmind_asn_path;
+
+const hasMaxmindCountryDb =
+    typeof maxmindDbPath === "string" &&
+    maxmindDbPath.length > 0 &&
+    existsSync(maxmindDbPath);
+
+const hasMaxmindAsnDb =
+    typeof maxmindAsnPath === "string" &&
+    maxmindAsnPath.length > 0 &&
+    existsSync(maxmindAsnPath);

 export const SiteSchema = z.object({
    name: z.string().min(1).max(100),
@@ -117,6 +132,9 @@ export const RuleSchema = z
    .refine(
        (rule) => {
            if (rule.match === "country") {
+                if (!hasMaxmindCountryDb) {
+                    return false;
+                }
                // Check if it's a valid 2-letter country code or "ALL"
                return /^[A-Z]{2}$/.test(rule.value) || rule.value === "ALL";
            }
@@ -125,12 +143,15 @@ export const RuleSchema = z
        {
            path: ["value"],
            message:
-                "Value must be a 2-letter country code or 'ALL' when match is 'country'"
+                "Country rules require a valid existing server.maxmind_db_path and value must be a 2-letter country code or 'ALL'"
        }
    )
    .refine(
        (rule) => {
            if (rule.match === "asn") {
+                if (!hasMaxmindCountryDb || !hasMaxmindAsnDb) {
+                    return false;
+                }
                // Check if it's either AS<number> format or "ALL"
                const asNumberPattern = /^AS\d+$/i;
                return asNumberPattern.test(rule.value) || rule.value === "ALL";
@@ -140,7 +161,7 @@ export const RuleSchema = z
        {
            path: ["value"],
            message:
-                "Value must be 'AS<number>' format or 'ALL' when match is 'asn'"
+                "ASN rules require valid existing server.maxmind_db_path and server.maxmind_asn_path, and value must be 'AS<number>' format or 'ALL'"
        }
    )
    .refine(
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -504,7 +504,7 @@ export function generateRemoteSubnets(
                const parseResult = cidrSchema.safeParse(sr.destination);
                return parseResult.success;
            }
-            if (sr.mode === "host") {
+            if (sr.mode === "host" || sr.mode === "ssh") {
                // check if its a valid IP using zod
                const ipSchema = z.union([z.ipv4(), z.ipv6()]);
                const parseResult = ipSchema.safeParse(sr.destination);
@@ -514,7 +514,7 @@ export function generateRemoteSubnets(
        })
        .map((sr) => {
            if (sr.mode === "cidr") return sr.destination;
-            if (sr.mode === "host") {
+            if (sr.mode === "host" || sr.mode === "ssh") {
                return `${sr.destination}/32`;
            }
            return ""; // This should never be reached due to filtering, but satisfies TypeScript
@@ -531,7 +531,7 @@ export function generateAliasConfig(allSiteResources: SiteResource[]): Alias[] {
        .filter(
            (sr) =>
                sr.aliasAddress &&
-                ((sr.alias && sr.mode == "host") ||
+                ((sr.alias && (sr.mode == "host" || sr.mode == "ssh")) ||
                    (sr.fullDomain && sr.mode == "http"))
        )
        .map((sr) => ({
@@ -577,6 +577,10 @@ export function generateSubnetProxyTargets(
            continue;
        }

+        if (!siteResource.destination) {
+            continue;
+        }
+
        const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`;
        const portRange = [
            ...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"),
@@ -584,7 +588,7 @@ export function generateSubnetProxyTargets(
        ];
        const disableIcmp = siteResource.disableIcmp ?? false;

-        if (siteResource.mode == "host") {
+        if (siteResource.mode == "host" || siteResource.mode == "ssh") {
            let destination = siteResource.destination;
            // check if this is a valid ip
            const ipSchema = z.union([z.ipv4(), z.ipv6()]);
@@ -665,6 +669,11 @@ export async function generateSubnetProxyTargetV2(
        return;
    }

+    if (!siteResource.destination) {
+        // ssh can have no destination
+        return;
+    }
+
    const targets: SubnetProxyTargetV2[] = [];

    const portRange = [
@@ -673,7 +682,7 @@ export async function generateSubnetProxyTargetV2(
    ];
    const disableIcmp = siteResource.disableIcmp ?? false;

-    if (siteResource.mode == "host") {
+    if (siteResource.mode == "host" || siteResource.mode == "ssh") {
        let destination = siteResource.destination;
        // check if this is a valid ip
        const ipSchema = z.union([z.ipv4(), z.ipv6()]);
--- a/server/lib/telemetry.ts
+++ b/server/lib/telemetry.ts
@@ -181,6 +181,7 @@ class TelemetryClient {
            let numPrivResourceHosts = 0;
            let numPrivResourceCidr = 0;
            let numPrivResourceHttp = 0;
+            let numPrivResourceSsh = 0;
            for (const res of allPrivateResources) {
                if (res.mode === "host") {
                    numPrivResourceHosts += 1;
@@ -188,6 +189,8 @@ class TelemetryClient {
                    numPrivResourceCidr += 1;
                } else if (res.mode === "http") {
                    numPrivResourceHttp += 1;
+                } else if (res.mode === "ssh") {
+                    numPrivResourceSsh += 1;
                }

                if (res.alias) {
@@ -207,6 +210,7 @@ class TelemetryClient {
                numPrivateResourceHosts: numPrivResourceHosts,
                numPrivateResourceCidr: numPrivResourceCidr,
                numPrivateResourceHttp: numPrivResourceHttp,
+                numPrivateResourceSsh: numPrivResourceSsh,
                numAlertRules: numAlertRules.count,
                numUserDevices: userDevicesCount.count,
                numMachineClients: machineClients.count,
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -1,5 +1,7 @@
 import z from "zod";
 import ipaddr from "ipaddr.js";
+import { COUNTRIES } from "@server/db/countries";
+import { isValidRegionId } from "@server/db/regions";

 export function isValidCIDR(cidr: string): boolean {
    return (
@@ -67,6 +69,45 @@ export function isValidUrlGlobPattern(pattern: string): boolean {
    return true;
 }

+export const RESOURCE_RULE_MATCH_TYPES = [
+    "CIDR",
+    "IP",
+    "PATH",
+    "COUNTRY",
+    "ASN",
+    "REGION"
+] as const;
+
+export type ResourceRuleMatchType = (typeof RESOURCE_RULE_MATCH_TYPES)[number];
+
+export function getResourceRuleValueValidationError(
+    match: ResourceRuleMatchType,
+    value: string
+): string | null {
+    switch (match) {
+        case "CIDR":
+            return isValidCIDR(value) ? null : "Invalid CIDR provided";
+        case "IP":
+            return isValidIP(value) ? null : "Invalid IP provided";
+        case "PATH":
+            return isValidUrlGlobPattern(value)
+                ? null
+                : "Invalid URL glob pattern provided";
+        case "REGION":
+            return isValidRegionId(value) ? null : "Invalid region ID provided";
+        case "COUNTRY":
+            return COUNTRIES.some((country) => country.code === value)
+                ? null
+                : "Invalid country code provided";
+        case "ASN":
+            return /^AS\d+$/i.test(value.trim())
+                ? null
+                : "Invalid ASN provided";
+        default:
+            return "Invalid rule match type provided";
+    }
+}
+
 export function isUrlValid(url: string | undefined) {
    if (!url) return true; // the link is optional in the schema so if it's empty it's valid
    var pattern = new RegExp(
--- a/server/middlewares/verifyResourceAccess.ts
+++ b/server/middlewares/verifyResourceAccess.ts
@@ -1,11 +1,15 @@
 import { Request, Response, NextFunction } from "express";
 import { db, Resource } from "@server/db";
-import { resources, userOrgs, userResources, roleResources } from "@server/db";
-import { and, eq, inArray } from "drizzle-orm";
+import { resources, userOrgs } from "@server/db";
+import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
+import {
+    getRoleResourceAccess,
+    getUserResourceAccess
+} from "@server/db/queries/verifySessionQueries";

 export async function verifyResourceAccess(
    req: Request,
@@ -116,37 +120,22 @@ export async function verifyResourceAccess(

        const roleResourceAccess =
            (req.userOrgRoleIds?.length ?? 0) > 0
-                ? await db
-                      .select()
-                      .from(roleResources)
-                      .where(
-                          and(
-                              eq(roleResources.resourceId, resource.resourceId),
-                              inArray(
-                                  roleResources.roleId,
-                                  req.userOrgRoleIds!
-                              )
-                          )
-                      )
-                      .limit(1)
-                : [];
+                ? await getRoleResourceAccess(
+                      resource.resourceId,
+                      req.userOrgRoleIds!
+                  )
+                : null;

-        if (roleResourceAccess.length > 0) {
+        if (roleResourceAccess) {
            return next();
        }

-        const userResourceAccess = await db
-            .select()
-            .from(userResources)
-            .where(
-                and(
-                    eq(userResources.userId, userId),
-                    eq(userResources.resourceId, resource.resourceId)
-                )
-            )
-            .limit(1);
+        const userResourceAccess = await getUserResourceAccess(
+            userId,
+            resource.resourceId
+        );

-        if (userResourceAccess.length > 0) {
+        if (userResourceAccess) {
            return next();
        }

--- a/server/private/routers/alertRule/createAlertRule.ts
+++ b/server/private/routers/alertRule/createAlertRule.ts
@@ -208,7 +208,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/alertRule/deleteAlertRule.ts
+++ b/server/private/routers/alertRule/deleteAlertRule.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -112,4 +112,4 @@ export async function deleteAlertRule(
            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
        );
    }
-}
+}
--- a/server/private/routers/alertRule/getAlertRule.ts
+++ b/server/private/routers/alertRule/getAlertRule.ts
@@ -32,7 +32,10 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { and, eq } from "drizzle-orm";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
-import { GetAlertRuleResponse, WebhookAlertConfig } from "@server/routers/alertRule/types";
+import {
+    GetAlertRuleResponse,
+    WebhookAlertConfig
+} from "@server/routers/alertRule/types";

 const paramsSchema = z
    .object({
@@ -55,7 +58,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/alertRule/listAlertRules.ts
+++ b/server/private/routers/alertRule/listAlertRules.ts
@@ -101,7 +101,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auditLogs/exportConnectionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportConnectionAuditLog.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -72,7 +72,9 @@ export async function exportConnectionAuditLogs(
            );
        }

-        const parsedParams = queryConnectionAuditLogsParams.safeParse(req.params);
+        const parsedParams = queryConnectionAuditLogsParams.safeParse(
+            req.params
+        );
        if (!parsedParams.success) {
            return next(
                createHttpError(
@@ -112,4 +114,4 @@ export async function exportConnectionAuditLogs(
            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
        );
    }
-}
+}
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -11,7 +11,14 @@
 * This file is not licensed under the AGPLv3.
 */

-import { accessAuditLog, logsDb, resources, siteResources, db, primaryDb } from "@server/db";
+import {
+    accessAuditLog,
+    logsDb,
+    resources,
+    siteResources,
+    db,
+    primaryDb
+} from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
@@ -150,21 +157,30 @@ export function queryAccess(data: Q) {
        .orderBy(desc(accessAuditLog.timestamp), desc(accessAuditLog.id));
 }

-async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryAccess>>) {
+async function enrichWithResourceDetails(
+    logs: Awaited<ReturnType<typeof queryAccess>>
+) {
    const resourceIds = logs
-        .map(log => log.resourceId)
+        .map((log) => log.resourceId)
        .filter((id): id is number => id !== null && id !== undefined);

    const siteResourceIds = logs
-        .filter(log => log.resourceId == null && log.siteResourceId != null)
-        .map(log => log.siteResourceId)
+        .filter((log) => log.resourceId == null && log.siteResourceId != null)
+        .map((log) => log.siteResourceId)
        .filter((id): id is number => id !== null && id !== undefined);

    if (resourceIds.length === 0 && siteResourceIds.length === 0) {
-        return logs.map(log => ({ ...log, resourceName: null, resourceNiceId: null }));
+        return logs.map((log) => ({
+            ...log,
+            resourceName: null,
+            resourceNiceId: null
+        }));
    }

-    const resourceMap = new Map<number, { name: string | null; niceId: string | null }>();
+    const resourceMap = new Map<
+        number,
+        { name: string | null; niceId: string | null }
+    >();

    if (resourceIds.length > 0) {
        const resourceDetails = await primaryDb
@@ -181,7 +197,10 @@ async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryAc
        }
    }

-    const siteResourceMap = new Map<number, { name: string | null; niceId: string | null }>();
+    const siteResourceMap = new Map<
+        number,
+        { name: string | null; niceId: string | null }
+    >();

    if (siteResourceIds.length > 0) {
        const siteResourceDetails = await primaryDb
@@ -194,12 +213,15 @@ async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryAc
            .where(inArray(siteResources.siteResourceId, siteResourceIds));

        for (const r of siteResourceDetails) {
-            siteResourceMap.set(r.siteResourceId, { name: r.name, niceId: r.niceId });
+            siteResourceMap.set(r.siteResourceId, {
+                name: r.name,
+                niceId: r.niceId
+            });
        }
    }

    // Enrich logs with resource details
-    return logs.map(log => {
+    return logs.map((log) => {
        if (log.resourceId != null) {
            const details = resourceMap.get(log.resourceId);
            return {
@@ -273,11 +295,11 @@ async function queryUniqueFilterAttributes(

    // Fetch resource names from main database for the unique resource IDs
    const resourceIds = uniqueResources
-        .map(row => row.id)
+        .map((row) => row.id)
        .filter((id): id is number => id !== null);

    const siteResourceIds = uniqueSiteResources
-        .map(row => row.id)
+        .map((row) => row.id)
        .filter((id): id is number => id !== null);

    let resourcesWithNames: Array<{ id: number; name: string | null }> = [];
@@ -293,7 +315,7 @@ async function queryUniqueFilterAttributes(

        resourcesWithNames = [
            ...resourcesWithNames,
-            ...resourceDetails.map(r => ({
+            ...resourceDetails.map((r) => ({
                id: r.resourceId,
                name: r.name
            }))
@@ -311,7 +333,7 @@ async function queryUniqueFilterAttributes(

        resourcesWithNames = [
            ...resourcesWithNames,
-            ...siteResourceDetails.map(r => ({
+            ...siteResourceDetails.map((r) => ({
                id: r.siteResourceId,
                name: r.name
            }))
@@ -344,7 +366,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -171,7 +171,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auditLogs/queryConnectionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryConnectionAuditLog.ts
@@ -459,7 +459,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/auth/transferSession.ts
+++ b/server/private/routers/auth/transferSession.ts
@@ -17,8 +17,7 @@ import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
-import { sessions, sessionTransferToken } from "@server/db";
-import { db } from "@server/db";
+import { db, safeRead, sessions, sessionTransferToken } from "@server/db";
 import { eq } from "drizzle-orm";
 import { response } from "@server/lib/response";
 import { encodeHexLowerCase } from "@oslojs/encoding";
@@ -57,15 +56,19 @@ export async function transferSession(
            sha256(new TextEncoder().encode(token))
        );

-        const [existing] = await db
-            .select()
-            .from(sessionTransferToken)
-            .where(eq(sessionTransferToken.token, tokenRaw))
-            .innerJoin(
-                sessions,
-                eq(sessions.sessionId, sessionTransferToken.sessionId)
-            )
-            .limit(1);
+        const result = await safeRead((db) =>
+            db
+                .select()
+                .from(sessionTransferToken)
+                .where(eq(sessionTransferToken.token, tokenRaw))
+                .innerJoin(
+                    sessions,
+                    eq(sessions.sessionId, sessionTransferToken.sessionId)
+                )
+                .limit(1)
+        );
+
+        const [existing] = result;

        if (!existing) {
            return next(
--- a/server/private/routers/billing/getOrgUsage.ts
+++ b/server/private/routers/billing/getOrgUsage.ts
@@ -45,7 +45,7 @@ const getOrgSchema = z.strictObject({
 // content: {
 // "application/json": {
 // schema: z.object({
-// data: z.unknown().nullable(),
+// data: z.record(z.string(), z.any()).nullable(),
 // success: z.boolean(),
 // error: z.boolean(),
 // message: z.string(),
--- a/server/private/routers/certificates/getCertificate.ts
+++ b/server/private/routers/certificates/getCertificate.ts
@@ -121,7 +121,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/certificates/restartCertificate.ts
+++ b/server/private/routers/certificates/restartCertificate.ts
@@ -46,7 +46,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/domain/checkDomainNamespaceAvailability.ts
+++ b/server/private/routers/domain/checkDomainNamespaceAvailability.ts
@@ -29,7 +29,7 @@ import { tierMatrix } from "@server/lib/billing/tierMatrix";
 const paramsSchema = z.strictObject({});

 const querySchema = z.strictObject({
-    subdomain: z.string(),
+    subdomain: z.string()
    // orgId: build === "saas" ? z.string() : z.string().optional() // Required for saas, optional otherwise
 });

@@ -48,7 +48,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/eventStreamingDestination/deleteEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/deleteEventStreamingDestination.ts
@@ -33,7 +33,8 @@ const paramsSchema = z
 registry.registerPath({
    method: "delete",
    path: "/org/{orgId}/event-streaming-destination/{destinationId}",
-    description: "Delete an event streaming destination for a specific organization.",
+    description:
+        "Delete an event streaming destination for a specific organization.",
    tags: [OpenAPITags.Org],
    request: {
        params: paramsSchema
@@ -44,7 +45,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -115,4 +116,4 @@ export async function deleteEventStreamingDestination(
            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
        );
    }
-}
+}
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -612,7 +612,7 @@ authenticated.post(
    verifyValidSubscription(tierMatrix.advancedPrivateResources),
    verifyOrgAccess,
    verifyLimits,
-    verifyUserHasAction(ActionsEnum.signSshKey),
+    // verifyUserHasAction(ActionsEnum.signSshKey), // this check happens inside of the function now
    // logActionAudit(ActionsEnum.signSshKey), // it is handled inside of the function below so we can include more metadata
    ssh.signSshKey
 );
--- a/server/private/routers/healthChecks/deleteHealthCheck.ts
+++ b/server/private/routers/healthChecks/deleteHealthCheck.ts
@@ -47,7 +47,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/healthChecks/listHealthChecks.ts
+++ b/server/private/routers/healthChecks/listHealthChecks.ts
@@ -74,7 +74,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -79,7 +79,10 @@ import logger from "@server/logger";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 import { exchangeSession } from "@server/routers/badger";
-import { validateResourceSessionToken } from "@server/auth/sessions/resource";
+import {
+    ResourceSessionValidationResult,
+    validateResourceSessionToken
+} from "@server/auth/sessions/resource";
 import { checkExitNodeOrg, resolveExitNodes } from "#private/lib/exitNodes";
 import { maxmindLookup } from "@server/db/maxmind";
 import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
@@ -216,9 +219,9 @@ export type ResourceWithAuth = {
    password: ResourcePassword | ResourcePolicyPassword | null;
    headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
    headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
-    applyRules: boolean;
-    sso: boolean;
-    emailWhitelistEnabled: boolean;
+    applyRules: boolean | null;
+    sso: boolean | null;
+    emailWhitelistEnabled: boolean | null;
    org: Org;
 };

@@ -1754,11 +1757,34 @@ hybridRouter.post(
                resourceId
            );

+            // this is for backward compatibility with nodes that did not have the policy id checking
+            const modifiedResult: ResourceSessionValidationResult = {
+                ...result,
+                resourceSession: result.resourceSession
+                    ? {
+                          ...result.resourceSession,
+                          // Prefer policy IDs, but keep legacy IDs populated for older nodes.
+                          pincodeId:
+                              result.resourceSession.policyPincodeId ??
+                              result.resourceSession.pincodeId ??
+                              null,
+                          passwordId:
+                              result.resourceSession.policyPasswordId ??
+                              result.resourceSession.passwordId ??
+                              null,
+                          whitelistId:
+                              result.resourceSession.policyWhitelistId ??
+                              result.resourceSession.whitelistId ??
+                              null
+                      }
+                    : null
+            };
+
            return response(res, {
-                data: result,
+                data: modifiedResult,
                success: true,
                error: false,
-                message: result.resourceSession
+                message: modifiedResult.resourceSession
                    ? "Resource session token is valid"
                    : "Resource session token is invalid or expired",
                status: HttpCode.OK
--- a/server/private/routers/labels/createOrgLabel.ts
+++ b/server/private/routers/labels/createOrgLabel.ts
@@ -22,7 +22,7 @@ import response from "@server/lib/response";
 import logger from "@server/logger";
 import type { CreateOrEditLabelResponse } from "@server/routers/labels/types";
 import HttpCode from "@server/types/HttpCode";
-import { and, eq } from "drizzle-orm";
+import { and, eq, sql } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
@@ -107,6 +107,26 @@ export async function createOrgLabel(
            }
        }

+        const [existingLabel] = await db
+            .select({ labelId: labels.labelId })
+            .from(labels)
+            .where(
+                and(
+                    eq(labels.orgId, orgId),
+                    sql`LOWER(${labels.name}) = ${name.toLowerCase()}`
+                )
+            )
+            .limit(1);
+
+        if (existingLabel) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "A label with this name already exists"
+                )
+            );
+        }
+
        const label = await db.transaction(async (tx) => {
            const [label] = await tx
                .insert(labels)
--- a/server/private/routers/labels/updateOrgLabel.ts
+++ b/server/private/routers/labels/updateOrgLabel.ts
@@ -16,7 +16,7 @@ import response from "@server/lib/response";
 import logger from "@server/logger";
 import type { CreateOrEditLabelResponse } from "@server/routers/labels/types";
 import HttpCode from "@server/types/HttpCode";
-import { and, eq } from "drizzle-orm";
+import { and, eq, ne, sql } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
@@ -74,6 +74,29 @@ export async function updateOrgLabel(

        const { name, color } = parsedBody.data;

+        if (name && name.toLowerCase() !== existing.name.toLowerCase()) {
+            const [duplicateLabel] = await db
+                .select({ labelId: labels.labelId })
+                .from(labels)
+                .where(
+                    and(
+                        eq(labels.orgId, orgId),
+                        ne(labels.labelId, labelId),
+                        sql`LOWER(${labels.name}) = ${name.toLowerCase()}`
+                    )
+                )
+                .limit(1);
+
+            if (duplicateLabel) {
+                return next(
+                    createHttpError(
+                        HttpCode.CONFLICT,
+                        "A label with this name already exists"
+                    )
+                );
+            }
+        }
+
        const [label] = await db
            .update(labels)
            .set({
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -69,7 +69,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -127,7 +127,8 @@ export async function createOrgOidcIdp(

        let { autoProvision } = parsedBody.data;

-        if (build == "saas") { // this is not paywalled with a ee license because this whole endpoint is restricted
+        if (build == "saas") {
+            // this is not paywalled with a ee license because this whole endpoint is restricted
            const subscribed = await isSubscribed(
                orgId,
                tierMatrix.deviceApprovals
--- a/server/private/routers/orgIdp/deleteOrgIdp.ts
+++ b/server/private/routers/orgIdp/deleteOrgIdp.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/orgIdp/getOrgIdp.ts
+++ b/server/private/routers/orgIdp/getOrgIdp.ts
@@ -62,7 +62,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/orgIdp/listOrgIdps.ts
+++ b/server/private/routers/orgIdp/listOrgIdps.ts
@@ -78,7 +78,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/policy/createResourcePolicy.ts
+++ b/server/private/routers/policy/createResourcePolicy.ts
@@ -33,9 +33,8 @@ import {
 import { getUniqueResourcePolicyName } from "@server/db/names";
 import response from "@server/lib/response";
 import {
-    isValidCIDR,
-    isValidIP,
-    isValidUrlGlobPattern
+    getResourceRuleValueValidationError,
+    RESOURCE_RULE_MATCH_TYPES
 } from "@server/lib/validators";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -56,9 +55,9 @@ const ruleSchema = z.strictObject({
        enum: ["ACCEPT", "DROP", "PASS"],
        description: "rule action"
    }),
-    match: z.enum(["CIDR", "IP", "PATH"]).openapi({
+    match: z.enum(RESOURCE_RULE_MATCH_TYPES).openapi({
        type: "string",
-        enum: ["CIDR", "IP", "PATH"],
+        enum: [...RESOURCE_RULE_MATCH_TYPES],
        description: "rule match"
    }),
    value: z.string().min(1),
@@ -261,26 +260,13 @@ export async function createResourcePolicy(
        const niceId = await getUniqueResourcePolicyName(orgId);

        for (const rule of rules) {
-            if (rule.match === "CIDR" && !isValidCIDR(rule.value)) {
+            const validationError = getResourceRuleValueValidationError(
+                rule.match,
+                rule.value
+            );
+            if (validationError) {
                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Invalid CIDR provided"
-                    )
-                );
-            } else if (rule.match === "IP" && !isValidIP(rule.value)) {
-                return next(
-                    createHttpError(HttpCode.BAD_REQUEST, "Invalid IP provided")
-                );
-            } else if (
-                rule.match === "PATH" &&
-                !isValidUrlGlobPattern(rule.value)
-            ) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        "Invalid URL glob pattern provided"
-                    )
+                    createHttpError(HttpCode.BAD_REQUEST, validationError)
                );
            }
        }
--- a/server/private/routers/remoteExitNode/exitNodeReconnectScheduler.ts
+++ b/server/private/routers/remoteExitNode/exitNodeReconnectScheduler.ts
@@ -0,0 +1,202 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import axios from "axios";
+import { db, exitNodes, newts, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import logger from "@server/logger";
+import redisManager from "#private/lib/redis";
+import { sendToClient } from "#private/routers/ws";
+
+const INITIAL_DELAY_MS = 15 * 1000; // 15 seconds before first check
+const CHECK_INTERVAL_MS = 10 * 1000; // Check every 10 seconds
+const MAX_DURATION_MS = 5 * 60 * 1000; // Give up after 5 minutes
+const REDIS_PENDING_SET = "exit-node-reconnect-pending";
+const REDIS_HASH_PREFIX = "exit-node-reconnect:";
+
+interface PendingReconnect {
+    startTime: number;
+    reachableAt: string;
+}
+
+// In-memory tracking for this node
+const pendingReconnects = new Map<number, PendingReconnect>();
+
+let schedulerInterval: NodeJS.Timeout | null = null;
+
+/**
+ * Schedules a reconnect check for newts connected to the given exit node.
+ * Called when an exit node transitions from offline to online.
+ */
+export async function scheduleExitNodeReconnect(
+    exitNodeId: number,
+    reachableAt: string
+): Promise<void> {
+    logger.info(
+        `Scheduling newt reconnect for exit node ${exitNodeId} (reachableAt: ${reachableAt})`
+    );
+
+    const entry: PendingReconnect = {
+        startTime: Date.now(),
+        reachableAt
+    };
+
+    pendingReconnects.set(exitNodeId, entry);
+
+    // Store in Redis if available for cross-node coordination
+    if (redisManager.isRedisEnabled()) {
+        await redisManager.sadd(REDIS_PENDING_SET, exitNodeId.toString());
+        await redisManager.hset(
+            `${REDIS_HASH_PREFIX}${exitNodeId}`,
+            "startTime",
+            entry.startTime.toString()
+        );
+        await redisManager.hset(
+            `${REDIS_HASH_PREFIX}${exitNodeId}`,
+            "reachableAt",
+            reachableAt
+        );
+    }
+}
+
+/**
+ * Starts the background interval that checks pending exit node reconnects.
+ */
+export function startExitNodeReconnectScheduler(): void {
+    if (schedulerInterval) {
+        return;
+    }
+
+    schedulerInterval = setInterval(async () => {
+        try {
+            await processPendingReconnects();
+        } catch (error) {
+            logger.error("Error in exit node reconnect scheduler", { error });
+        }
+    }, CHECK_INTERVAL_MS);
+
+    logger.debug("Started exit node reconnect scheduler");
+}
+
+async function processPendingReconnects(): Promise<void> {
+    // Merge in-memory and Redis-tracked pending reconnects
+    const toProcess = new Map(pendingReconnects);
+
+    if (redisManager.isRedisEnabled()) {
+        const redisIds = await redisManager.smembers(REDIS_PENDING_SET);
+        for (const idStr of redisIds) {
+            const id = parseInt(idStr, 10);
+            if (!toProcess.has(id)) {
+                const startTimeStr = await redisManager.hget(
+                    `${REDIS_HASH_PREFIX}${id}`,
+                    "startTime"
+                );
+                const reachableAt = await redisManager.hget(
+                    `${REDIS_HASH_PREFIX}${id}`,
+                    "reachableAt"
+                );
+                if (startTimeStr && reachableAt) {
+                    toProcess.set(id, {
+                        startTime: parseInt(startTimeStr, 10),
+                        reachableAt
+                    });
+                }
+            }
+        }
+    }
+
+    const now = Date.now();
+
+    for (const [exitNodeId, entry] of toProcess) {
+        const elapsed = now - entry.startTime;
+
+        // Give up after max duration
+        if (elapsed >= MAX_DURATION_MS) {
+            logger.warn(
+                `Exit node reconnect check timed out for exit node ${exitNodeId} after 5 minutes`
+            );
+            await removePending(exitNodeId);
+            continue;
+        }
+
+        // Respect initial delay
+        if (elapsed < INITIAL_DELAY_MS) {
+            continue;
+        }
+
+        // Check if the exit node HTTP endpoint is reachable
+        const pingUrl = `${entry.reachableAt}/ping`;
+        try {
+            await axios.get(pingUrl, { timeout: 5000 });
+        } catch {
+            logger.debug(
+                `Exit node ${exitNodeId} not yet reachable at ${pingUrl}`
+            );
+            continue;
+        }
+
+        // Node is reachable — send reconnect to all connected newts
+        logger.info(
+            `Exit node ${exitNodeId} is reachable. Sending newt/wg/reconnect to connected newts.`
+        );
+
+        await sendReconnectToNewts(exitNodeId);
+        await removePending(exitNodeId);
+    }
+}
+
+async function sendReconnectToNewts(exitNodeId: number): Promise<void> {
+    try {
+        const connectedNewts = await db
+            .select({ newtId: newts.newtId })
+            .from(newts)
+            .innerJoin(sites, eq(newts.siteId, sites.siteId))
+            .where(eq(sites.exitNodeId, exitNodeId));
+
+        if (connectedNewts.length === 0) {
+            logger.debug(
+                `No newts found for exit node ${exitNodeId}, nothing to reconnect`
+            );
+            return;
+        }
+
+        logger.info(
+            `Sending newt/wg/reconnect to ${connectedNewts.length} newt(s) for exit node ${exitNodeId}`
+        );
+
+        const reconnectMessage = {
+            type: "newt/wg/reconnect",
+            data: {}
+        };
+
+        await Promise.allSettled(
+            connectedNewts.map(({ newtId }) =>
+                sendToClient(newtId, reconnectMessage)
+            )
+        );
+    } catch (error) {
+        logger.error(
+            `Failed to send reconnect messages for exit node ${exitNodeId}`,
+            { error }
+        );
+    }
+}
+
+async function removePending(exitNodeId: number): Promise<void> {
+    pendingReconnects.delete(exitNodeId);
+
+    if (redisManager.isRedisEnabled()) {
+        await redisManager.srem(REDIS_PENDING_SET, exitNodeId.toString());
+        await redisManager.del(`${REDIS_HASH_PREFIX}${exitNodeId}`);
+    }
+}
--- a/server/private/routers/remoteExitNode/handleRemoteExitNodePingMessage.ts
+++ b/server/private/routers/remoteExitNode/handleRemoteExitNodePingMessage.ts
@@ -16,6 +16,7 @@ import { MessageHandler } from "@server/routers/ws";
 import { RemoteExitNode } from "@server/db";
 import { eq } from "drizzle-orm";
 import logger from "@server/logger";
+import { scheduleExitNodeReconnect } from "./exitNodeReconnectScheduler";

 /**
 * Handles ping messages from clients and responds with pong
@@ -37,6 +38,13 @@ export const handleRemoteExitNodePingMessage: MessageHandler = async (
    }

    try {
+        // Fetch the current state before updating so we can detect the offline→online transition
+        const [currentExitNode] = await db
+            .select({ online: exitNodes.online, reachableAt: exitNodes.reachableAt })
+            .from(exitNodes)
+            .where(eq(exitNodes.exitNodeId, remoteExitNode.exitNodeId))
+            .limit(1);
+
        // Update the exit node's last ping timestamp
        await db
            .update(exitNodes)
@@ -45,6 +53,16 @@ export const handleRemoteExitNodePingMessage: MessageHandler = async (
                online: true
            })
            .where(eq(exitNodes.exitNodeId, remoteExitNode.exitNodeId));
+
+        // If the exit node was offline and is now coming online, schedule newt reconnects
+        if (currentExitNode && !currentExitNode.online && currentExitNode.reachableAt) {
+            scheduleExitNodeReconnect(
+                remoteExitNode.exitNodeId,
+                currentExitNode.reachableAt
+            ).catch((error) => {
+                logger.error("Failed to schedule exit node reconnect", { error });
+            });
+        }
    } catch (error) {
        logger.error("Error handling ping message", { error });
    }
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -22,3 +22,4 @@ export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
 export * from "./offlineChecker";
+export * from "./exitNodeReconnectScheduler";
--- a/server/private/routers/ssh/signSshKey.ts
+++ b/server/private/routers/ssh/signSshKey.ts
@@ -20,6 +20,8 @@ import {
    logsDb,
    newts,
    roles,
+    roleActions,
+    rolePolicies,
    roleResources,
    roleSiteResources,
    resources,
@@ -40,7 +42,7 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
-import { and, eq, inArray, or } from "drizzle-orm";
+import { and, eq, inArray, isNull, or } from "drizzle-orm";
 import { canUserAccessResource } from "@server/auth/canUserAccessResource";
 import { canUserAccessSiteResource } from "@server/auth/canUserAccessSiteResource";
 import { signPublicKey, getOrgCAKeys } from "@server/lib/sshCA";
@@ -140,6 +142,27 @@ export async function signSshKey(
            );
        }

+        const roleActionPermission = await db
+            .select({ roleId: roleActions.roleId })
+            .from(roleActions)
+            .where(
+                and(
+                    eq(roleActions.actionId, ActionsEnum.signSshKey),
+                    inArray(roleActions.roleId, roleIds),
+                    eq(roleActions.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        if (roleActionPermission.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have permission perform this action"
+                )
+            );
+        }
+
        const isLicensed = await isLicensedOrSubscribed(
            orgId,
            tierMatrix.advancedPrivateResources
@@ -435,50 +458,106 @@ export async function signSshKey(
                usernameToUse = userOrg.pamUsername;
            }

-            const roleRows =
-                type === "private"
-                    ? await db
-                          .select({
-                              sshSudoCommands: roles.sshSudoCommands,
-                              sshUnixGroups: roles.sshUnixGroups,
-                              sshCreateHomeDir: roles.sshCreateHomeDir,
-                              sshSudoMode: roles.sshSudoMode
-                          })
-                          .from(roles)
-                          .innerJoin(
-                              roleSiteResources,
-                              eq(roleSiteResources.roleId, roles.roleId)
-                          )
-                          .where(
-                              and(
-                                  inArray(roles.roleId, roleIds),
-                                  eq(
-                                      roleSiteResources.siteResourceId,
-                                      (resource as SiteResource).siteResourceId
-                                  )
-                              )
-                          )
-                    : await db
-                          .select({
-                              sshSudoCommands: roles.sshSudoCommands,
-                              sshUnixGroups: roles.sshUnixGroups,
-                              sshCreateHomeDir: roles.sshCreateHomeDir,
-                              sshSudoMode: roles.sshSudoMode
-                          })
-                          .from(roles)
-                          .innerJoin(
-                              roleResources,
-                              eq(roleResources.roleId, roles.roleId)
-                          )
-                          .where(
-                              and(
-                                  inArray(roles.roleId, roleIds),
-                                  eq(
-                                      roleResources.resourceId,
-                                      (resource as Resource).resourceId
-                                  )
-                              )
-                          );
+            type RoleSshMeta = {
+                roleId: number;
+                sshSudoCommands: string | null;
+                sshUnixGroups: string | null;
+                sshCreateHomeDir: boolean | null;
+                sshSudoMode: string | null;
+            };
+
+            let roleRows: RoleSshMeta[] = [];
+
+            if (type === "private") {
+                roleRows = await db
+                    .select({
+                        roleId: roles.roleId,
+                        sshSudoCommands: roles.sshSudoCommands,
+                        sshUnixGroups: roles.sshUnixGroups,
+                        sshCreateHomeDir: roles.sshCreateHomeDir,
+                        sshSudoMode: roles.sshSudoMode
+                    })
+                    .from(roles)
+                    .innerJoin(
+                        roleSiteResources,
+                        eq(roleSiteResources.roleId, roles.roleId)
+                    )
+                    .where(
+                        and(
+                            inArray(roles.roleId, roleIds),
+                            eq(
+                                roleSiteResources.siteResourceId,
+                                (resource as SiteResource).siteResourceId
+                            )
+                        )
+                    );
+            } else {
+                const publicResourceId = (resource as Resource).resourceId;
+                const [directRoleRows, policyRoleRows] = await Promise.all([
+                    db
+                        .select({
+                            roleId: roles.roleId,
+                            sshSudoCommands: roles.sshSudoCommands,
+                            sshUnixGroups: roles.sshUnixGroups,
+                            sshCreateHomeDir: roles.sshCreateHomeDir,
+                            sshSudoMode: roles.sshSudoMode
+                        })
+                        .from(roles)
+                        .innerJoin(
+                            roleResources,
+                            eq(roleResources.roleId, roles.roleId)
+                        )
+                        .where(
+                            and(
+                                inArray(roles.roleId, roleIds),
+                                eq(roleResources.resourceId, publicResourceId)
+                            )
+                        ),
+                    db
+                        .select({
+                            roleId: roles.roleId,
+                            sshSudoCommands: roles.sshSudoCommands,
+                            sshUnixGroups: roles.sshUnixGroups,
+                            sshCreateHomeDir: roles.sshCreateHomeDir,
+                            sshSudoMode: roles.sshSudoMode
+                        })
+                        .from(roles)
+                        .innerJoin(
+                            rolePolicies,
+                            eq(rolePolicies.roleId, roles.roleId)
+                        )
+                        .innerJoin(
+                            resources,
+                            or(
+                                eq(
+                                    resources.resourcePolicyId,
+                                    rolePolicies.resourcePolicyId
+                                ),
+                                and(
+                                    isNull(resources.resourcePolicyId),
+                                    eq(
+                                        resources.defaultResourcePolicyId,
+                                        rolePolicies.resourcePolicyId
+                                    )
+                                )
+                            )
+                        )
+                        .where(
+                            and(
+                                inArray(roles.roleId, roleIds),
+                                eq(resources.resourceId, publicResourceId)
+                            )
+                        )
+                ]);
+
+                const uniqueByRoleId = new Map<number, RoleSshMeta>();
+                for (const row of [...directRoleRows, ...policyRoleRows]) {
+                    if (!uniqueByRoleId.has(row.roleId)) {
+                        uniqueByRoleId.set(row.roleId, row);
+                    }
+                }
+                roleRows = Array.from(uniqueByRoleId.values());
+            }

            const parsedSudoCommands: string[] = [];
            const parsedGroupsSet = new Set<string>();
@@ -565,14 +644,6 @@ export async function signSshKey(
                messageIds.push(message.messageId);

                const agentHost = siteAgentHostMap.get(siteId);
-                if (!agentHost) {
-                    return next(
-                        createHttpError(
-                            HttpCode.INTERNAL_SERVER_ERROR,
-                            `Unable to determine agent host for site ${siteId}`
-                        )
-                    );
-                }

                await sendToClient(newt.newtId, {
                    type: `newt/pam/connection`,
--- a/server/private/routers/user/addUserRole.ts
+++ b/server/private/routers/user/addUserRole.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/user/removeUserRole.ts
+++ b/server/private/routers/user/removeUserRole.ts
@@ -45,7 +45,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/private/routers/ws/messageHandlers.ts
+++ b/server/private/routers/ws/messageHandlers.ts
@@ -14,7 +14,8 @@
 import {
    handleRemoteExitNodeRegisterMessage,
    handleRemoteExitNodePingMessage,
-    startRemoteExitNodeOfflineChecker
+    startRemoteExitNodeOfflineChecker,
+    startExitNodeReconnectScheduler
 } from "#private/routers/remoteExitNode";
 import { MessageHandler } from "@server/routers/ws";
 import { build } from "@server/build";
@@ -29,4 +30,5 @@ export const messageHandlers: Record<string, MessageHandler> = {

 if (build != "saas") {
    startRemoteExitNodeOfflineChecker(); // this is to handle the offline check for remote exit nodes
+    startExitNodeReconnectScheduler(); // check pending exit node reconnects and notify newts
 }
--- a/server/routers/accessToken/deleteAccessToken.ts
+++ b/server/routers/accessToken/deleteAccessToken.ts
@@ -28,7 +28,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -61,7 +61,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -135,7 +135,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -164,7 +164,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/apiKeys/deleteApiKey.ts
+++ b/server/routers/apiKeys/deleteApiKey.ts
@@ -28,7 +28,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -42,7 +42,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/auditLogs/exportRequestAuditLog.ts
+++ b/server/routers/auditLogs/exportRequestAuditLog.ts
@@ -35,7 +35,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/auditLogs/queryRequestAnalytics.ts
+++ b/server/routers/auditLogs/queryRequestAnalytics.ts
@@ -162,7 +162,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/auditLogs/queryRequestAuditLog.ts
+++ b/server/routers/auditLogs/queryRequestAuditLog.ts
@@ -1,4 +1,11 @@
-import { logsDb, requestAuditLog, resources, siteResources, db, primaryDb } from "@server/db";
+import {
+    logsDb,
+    requestAuditLog,
+    resources,
+    siteResources,
+    db,
+    primaryDb
+} from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
@@ -127,16 +134,16 @@ export function queryRequest(data: Q) {
    return logsDb
        .select({
            id: requestAuditLog.id,
-                timestamp: requestAuditLog.timestamp,
-                orgId: requestAuditLog.orgId,
-                action: requestAuditLog.action,
-                reason: requestAuditLog.reason,
-                actorType: requestAuditLog.actorType,
-                actor: requestAuditLog.actor,
-                actorId: requestAuditLog.actorId,
-                resourceId: requestAuditLog.resourceId,
-                siteResourceId: requestAuditLog.siteResourceId,
-                ip: requestAuditLog.ip,
+            timestamp: requestAuditLog.timestamp,
+            orgId: requestAuditLog.orgId,
+            action: requestAuditLog.action,
+            reason: requestAuditLog.reason,
+            actorType: requestAuditLog.actorType,
+            actor: requestAuditLog.actor,
+            actorId: requestAuditLog.actorId,
+            resourceId: requestAuditLog.resourceId,
+            siteResourceId: requestAuditLog.siteResourceId,
+            ip: requestAuditLog.ip,
            location: requestAuditLog.location,
            userAgent: requestAuditLog.userAgent,
            metadata: requestAuditLog.metadata,
@@ -154,21 +161,30 @@ export function queryRequest(data: Q) {
        .orderBy(desc(requestAuditLog.timestamp));
 }

-async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryRequest>>) {
+async function enrichWithResourceDetails(
+    logs: Awaited<ReturnType<typeof queryRequest>>
+) {
    const resourceIds = logs
-        .map(log => log.resourceId)
+        .map((log) => log.resourceId)
        .filter((id): id is number => id !== null && id !== undefined);

    const siteResourceIds = logs
-        .filter(log => log.resourceId == null && log.siteResourceId != null)
-        .map(log => log.siteResourceId)
+        .filter((log) => log.resourceId == null && log.siteResourceId != null)
+        .map((log) => log.siteResourceId)
        .filter((id): id is number => id !== null && id !== undefined);

    if (resourceIds.length === 0 && siteResourceIds.length === 0) {
-        return logs.map(log => ({ ...log, resourceName: null, resourceNiceId: null }));
+        return logs.map((log) => ({
+            ...log,
+            resourceName: null,
+            resourceNiceId: null
+        }));
    }

-    const resourceMap = new Map<number, { name: string | null; niceId: string | null }>();
+    const resourceMap = new Map<
+        number,
+        { name: string | null; niceId: string | null }
+    >();

    if (resourceIds.length > 0) {
        const resourceDetails = await primaryDb
@@ -185,7 +201,10 @@ async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryRe
        }
    }

-    const siteResourceMap = new Map<number, { name: string | null; niceId: string | null }>();
+    const siteResourceMap = new Map<
+        number,
+        { name: string | null; niceId: string | null }
+    >();

    if (siteResourceIds.length > 0) {
        const siteResourceDetails = await primaryDb
@@ -198,12 +217,15 @@ async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryRe
            .where(inArray(siteResources.siteResourceId, siteResourceIds));

        for (const r of siteResourceDetails) {
-            siteResourceMap.set(r.siteResourceId, { name: r.name, niceId: r.niceId });
+            siteResourceMap.set(r.siteResourceId, {
+                name: r.name,
+                niceId: r.niceId
+            });
        }
    }

    // Enrich logs with resource details
-    return logs.map(log => {
+    return logs.map((log) => {
        if (log.resourceId != null) {
            const details = resourceMap.get(log.resourceId);
            return {
@@ -247,7 +269,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -333,11 +355,11 @@ async function queryUniqueFilterAttributes(

    // Fetch resource names from main database for the unique resource IDs
    const resourceIds = uniqueResources
-        .map(row => row.id)
+        .map((row) => row.id)
        .filter((id): id is number => id !== null);

    const siteResourceIds = uniqueSiteResources
-        .map(row => row.id)
+        .map((row) => row.id)
        .filter((id): id is number => id !== null);

    let resourcesWithNames: Array<{ id: number; name: string | null }> = [];
@@ -353,7 +375,7 @@ async function queryUniqueFilterAttributes(

        resourcesWithNames = [
            ...resourcesWithNames,
-            ...resourceDetails.map(r => ({
+            ...resourceDetails.map((r) => ({
                id: r.resourceId,
                name: r.name
            }))
@@ -371,7 +393,7 @@ async function queryUniqueFilterAttributes(

        resourcesWithNames = [
            ...resourcesWithNames,
-            ...siteResourceDetails.map(r => ({
+            ...siteResourceDetails.map((r) => ({
                id: r.siteResourceId,
                name: r.name
            }))
--- a/server/routers/auth/lookupUser.ts
+++ b/server/routers/auth/lookupUser.ts
@@ -1,14 +1,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
-import {
-    users,
-    userOrgs,
-    orgs,
-    idpOrg,
-    idp,
-    idpOidcConfig
-} from "@server/db";
+import { users, userOrgs, orgs, idpOrg, idp, idpOidcConfig } from "@server/db";
 import { eq, or, sql, and, isNotNull, inArray } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -57,7 +50,7 @@ export type LookupUserResponse = {
 // content: {
 // "application/json": {
 // schema: z.object({
-// data: z.unknown().nullable(),
+// data: z.record(z.string(), z.any()).nullable(),
 // success: z.boolean(),
 // error: z.boolean(),
 // message: z.string(),
@@ -169,46 +162,54 @@ export async function lookupUser(
            );

            // Deduplicate orgs (user might have multiple memberships in same org)
-            const uniqueOrgs = new Map<string, typeof userOrgMemberships[0]>();
+            const uniqueOrgs = new Map<
+                string,
+                (typeof userOrgMemberships)[0]
+            >();
            for (const membership of userOrgMemberships) {
                if (!uniqueOrgs.has(membership.orgId)) {
                    uniqueOrgs.set(membership.orgId, membership);
                }
            }

-            const orgsData = Array.from(uniqueOrgs.values()).map((membership) => {
-                // Get IdPs for this org where the user (with the exact identifier) is authenticated via that IdP
-                // Only show IdPs where the user's idpId matches
-                // Internal users don't have an idpId, so they won't see any IdPs
-                const orgIdpsList = orgIdps
-                    .filter((idp) => {
-                        if (idp.orgId !== membership.orgId) {
+            const orgsData = Array.from(uniqueOrgs.values()).map(
+                (membership) => {
+                    // Get IdPs for this org where the user (with the exact identifier) is authenticated via that IdP
+                    // Only show IdPs where the user's idpId matches
+                    // Internal users don't have an idpId, so they won't see any IdPs
+                    const orgIdpsList = orgIdps
+                        .filter((idp) => {
+                            if (idp.orgId !== membership.orgId) {
+                                return false;
+                            }
+                            // Only show IdPs where the user (with exact identifier) is authenticated via that IdP
+                            // This means user.idpId must match idp.idpId
+                            if (
+                                user.idpId !== null &&
+                                user.idpId === idp.idpId
+                            ) {
+                                return true;
+                            }
                            return false;
-                        }
-                        // Only show IdPs where the user (with exact identifier) is authenticated via that IdP
-                        // This means user.idpId must match idp.idpId
-                        if (user.idpId !== null && user.idpId === idp.idpId) {
-                            return true;
-                        }
-                        return false;
-                    })
-                    .map((idp) => ({
-                        idpId: idp.idpId,
-                        name: idp.idpName,
-                        variant: idp.variant
-                    }));
+                        })
+                        .map((idp) => ({
+                            idpId: idp.idpId,
+                            name: idp.idpName,
+                            variant: idp.variant
+                        }));

-                // Check if user has internal auth for this org
-                // User has internal auth if they have an internal account type
-                const orgHasInternalAuth = hasInternalAuth;
+                    // Check if user has internal auth for this org
+                    // User has internal auth if they have an internal account type
+                    const orgHasInternalAuth = hasInternalAuth;

-                return {
-                    orgId: membership.orgId,
-                    orgName: membership.orgName,
-                    idps: orgIdpsList,
-                    hasInternalAuth: orgHasInternalAuth
-                };
-            });
+                    return {
+                        orgId: membership.orgId,
+                        orgName: membership.orgName,
+                        idps: orgIdpsList,
+                        hasInternalAuth: orgHasInternalAuth
+                    };
+                }
+            );

            accounts.push({
                userId: user.userId,
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -20,7 +20,8 @@ import {
    ResourcePolicyPincode,
    ResourcePolicyPassword,
    ResourcePolicyHeaderAuth,
-    ResourceRule
+    ResourceRule,
+    ResourceSession
 } from "@server/db";
 import config from "@server/lib/config";
 import { isIpInCidr, stripPortFromHost } from "@server/lib/ip";
@@ -144,9 +145,9 @@ export async function verifyResourceSession(
                      | ResourcePolicyHeaderAuth
                      | null;
                  headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
-                  applyRules: boolean;
-                  sso: boolean;
-                  emailWhitelistEnabled: boolean;
+                  applyRules: boolean | null;
+                  sso: boolean | null;
+                  emailWhitelistEnabled: boolean | null;
                  org: Org;
              }
            | undefined = localCache.get(resourceCacheKey);
@@ -536,7 +537,8 @@ export async function verifyResourceSession(

        if (resourceSessionToken) {
            const sessionCacheKey = `session:${resourceSessionToken}`;
-            let resourceSession: any = localCache.get(sessionCacheKey);
+            let resourceSession: ResourceSession | null | undefined =
+                localCache.get(sessionCacheKey);

            if (!resourceSession) {
                const result = await validateResourceSessionToken(
@@ -671,7 +673,7 @@ export async function verifyResourceSession(
                            orgId: resource.orgId,
                            location: ipCC,
                            apiKey: {
-                                name: resourceSession.accessTokenTitle,
+                                name: null,
                                apiKeyId: resourceSession.accessTokenId
                            }
                        },
@@ -717,7 +719,7 @@ export async function verifyResourceSession(
                                location: ipCC,
                                user: {
                                    username: allowedUserData.username,
-                                    userId: resourceSession.userId
+                                    userId: allowedUserData.userId
                                }
                            },
                            parsedBody.data
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -37,7 +37,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/blueprints/applyYAMLBlueprint.ts
+++ b/server/routers/blueprints/applyYAMLBlueprint.ts
@@ -60,7 +60,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -62,7 +62,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -80,7 +80,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -28,7 +28,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/blockClient.ts
+++ b/server/routers/client/blockClient.ts
@@ -30,7 +30,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -94,7 +94,11 @@ export async function blockClient(

            // Send terminate signal if there's an associated OLM and it's connected
            if (client.olmId && client.online) {
-                await sendTerminateClient(client.clientId, OlmErrorCodes.TERMINATED_BLOCKED, client.olmId);
+                await sendTerminateClient(
+                    client.clientId,
+                    OlmErrorCodes.TERMINATED_BLOCKED,
+                    client.olmId
+                );
            }
        });

--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -65,7 +65,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/createUserClient.ts
+++ b/server/routers/client/createUserClient.ts
@@ -66,7 +66,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/deleteClient.ts
+++ b/server/routers/client/deleteClient.ts
@@ -31,7 +31,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -259,7 +259,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -287,7 +287,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
@@ -340,18 +340,18 @@ export async function getClient(
        // Build fingerprint data if available
        const fingerprintData = client.currentFingerprint
            ? {
-                username: client.currentFingerprint.username || null,
-                hostname: client.currentFingerprint.hostname || null,
-                platform: client.currentFingerprint.platform || null,
-                osVersion: client.currentFingerprint.osVersion || null,
-                kernelVersion:
-                    client.currentFingerprint.kernelVersion || null,
-                arch: client.currentFingerprint.arch || null,
-                deviceModel: client.currentFingerprint.deviceModel || null,
-                serialNumber: client.currentFingerprint.serialNumber || null,
-                firstSeen: client.currentFingerprint.firstSeen || null,
-                lastSeen: client.currentFingerprint.lastSeen || null
-            }
+                  username: client.currentFingerprint.username || null,
+                  hostname: client.currentFingerprint.hostname || null,
+                  platform: client.currentFingerprint.platform || null,
+                  osVersion: client.currentFingerprint.osVersion || null,
+                  kernelVersion:
+                      client.currentFingerprint.kernelVersion || null,
+                  arch: client.currentFingerprint.arch || null,
+                  deviceModel: client.currentFingerprint.deviceModel || null,
+                  serialNumber: client.currentFingerprint.serialNumber || null,
+                  firstSeen: client.currentFingerprint.firstSeen || null,
+                  lastSeen: client.currentFingerprint.lastSeen || null
+              }
            : null;

        // Build posture data if available (platform-specific)
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -218,7 +218,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/listUserDevices.ts
+++ b/server/routers/client/listUserDevices.ts
@@ -219,7 +219,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/targets.ts
+++ b/server/routers/client/targets.ts
@@ -13,7 +13,7 @@ import semver from "semver";

 const NEWT_V2_TARGETS_VERSION = ">=1.10.3";

-export async function convertTargetsIfNessicary(
+export async function convertTargetsIfNecessary(
    newtId: string,
    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[]
 ) {
@@ -47,7 +47,7 @@ export async function addTargets(
    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[],
    version?: string | null
 ) {
-    targets = await convertTargetsIfNessicary(newtId, targets);
+    targets = await convertTargetsIfNecessary(newtId, targets);

    await sendToClient(
        newtId,
@@ -64,7 +64,7 @@ export async function removeTargets(
    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[],
    version?: string | null
 ) {
-    targets = await convertTargetsIfNessicary(newtId, targets);
+    targets = await convertTargetsIfNecessary(newtId, targets);

    await sendToClient(
        newtId,
--- a/server/routers/client/unarchiveClient.ts
+++ b/server/routers/client/unarchiveClient.ts
@@ -28,7 +28,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/unblockClient.ts
+++ b/server/routers/client/unblockClient.ts
@@ -28,7 +28,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -42,7 +42,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/domain/getDNSRecords.ts
+++ b/server/routers/domain/getDNSRecords.ts
@@ -43,7 +43,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/domain/getDomain.ts
+++ b/server/routers/domain/getDomain.ts
@@ -44,7 +44,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -666,6 +666,13 @@ authenticated.get(
    resource.getResourcePolicies
 );

+authenticated.get(
+    "/resource-policy/:resourcePolicyId",
+    verifyResourcePolicyAccess,
+    verifyUserHasAction(ActionsEnum.getResourcePolicy),
+    policy.getResourcePolicy
+);
+
 authenticated.put(
    "/resource-policy/:resourcePolicyId",
    verifyResourcePolicyAccess,
--- a/server/routers/idp/deleteIdp.ts
+++ b/server/routers/idp/deleteIdp.ts
@@ -31,7 +31,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -29,7 +29,7 @@ registry.registerPath({
            content: {
                "application/json": {
                    schema: z.object({
-                        data: z.unknown().nullable(),
+                        data: z.record(z.string(), z.any()).nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Owen Schwartz	b9db0a4490	Merge pull request #3261 from fosrl/dev 1.19.2	2026-06-12 15:02:58 -07:00
Owen	39f40e5160	Allow missing agent host	2026-06-12 15:01:09 -07:00
Owen	3fd5c98def	Fix #3252	2026-06-12 14:44:45 -07:00
Owen	5a8a48f9bf	Enforce the action inside of the function	2026-06-12 14:22:17 -07:00
Owen	471ae98204	Pull roles from resource policies Fixes #3256	2026-06-12 14:12:01 -07:00
Owen Schwartz	d985bfd3a6	Merge pull request #3260 from fosrl/crowdin_dev New Crowdin updates	2026-06-12 13:58:34 -07:00
Owen Schwartz	aab51a999c	New translations en-us.json (Norwegian Bokmal) [ci skip]	2026-06-12 13:53:58 -07:00
Owen Schwartz	ae4f5aa58d	New translations en-us.json (Chinese Simplified) [ci skip]	2026-06-12 13:53:57 -07:00
Owen Schwartz	70d5f55437	New translations en-us.json (Turkish) [ci skip]	2026-06-12 13:53:55 -07:00
Owen Schwartz	08df4b93aa	New translations en-us.json (Russian) [ci skip]	2026-06-12 13:53:54 -07:00
Owen Schwartz	61f0bc95c7	New translations en-us.json (Portuguese) [ci skip]	2026-06-12 13:53:52 -07:00
Owen Schwartz	5b0f79a8bc	New translations en-us.json (Polish) [ci skip]	2026-06-12 13:53:50 -07:00
Owen Schwartz	86ff272095	New translations en-us.json (Dutch) [ci skip]	2026-06-12 13:53:49 -07:00
Owen Schwartz	ef0575cc36	New translations en-us.json (Korean) [ci skip]	2026-06-12 13:53:48 -07:00
Owen Schwartz	30a6889ba8	New translations en-us.json (Italian) [ci skip]	2026-06-12 13:53:46 -07:00
Owen Schwartz	ce43e717d5	New translations en-us.json (German) [ci skip]	2026-06-12 13:53:44 -07:00
Owen Schwartz	1f0361e687	New translations en-us.json (Czech) [ci skip]	2026-06-12 13:53:43 -07:00
Owen Schwartz	07ae57ea72	New translations en-us.json (Bulgarian) [ci skip]	2026-06-12 13:53:41 -07:00
Owen Schwartz	fc982232d6	New translations en-us.json (Spanish) [ci skip]	2026-06-12 13:53:40 -07:00
Owen Schwartz	afaf5f976e	New translations en-us.json (French) [ci skip]	2026-06-12 13:53:38 -07:00
Owen	a8ca28acb2	Add default for target type Fixes #3247	2026-06-12 11:29:16 -07:00
Owen Schwartz	d9952b0762	Merge pull request #3250 from fosrl/dev 1.19.1	2026-06-11 22:05:24 -07:00
Owen	935593885a	Adjust 1.19 and add 1.19.1 to ensure sso not null	2026-06-11 22:01:20 -07:00
miloschwartz	3fcfd3304f	fix address input width	2026-06-11 18:34:22 -07:00
Owen Schwartz	6e271028f3	Merge pull request #3245 from fosrl/dev Bugfixes	2026-06-11 16:17:41 -07:00
Owen	820f66e58f	Properly hide things with disable enterprise flag	2026-06-11 16:10:29 -07:00
Owen	b0fdc10e06	Properly hide things with disable enterprise flag	2026-06-11 16:01:32 -07:00
miloschwartz	b82b41ed26	fix migration	2026-06-11 15:02:29 -07:00
miloschwartz	3e977ba00d	make paid alert position more consistent on resource	2026-06-11 12:38:08 -07:00
Owen Schwartz	a724b07846	Merge pull request #3244 from fosrl/dev fix paywalling	2026-06-11 12:27:49 -07:00
Owen	5f0bc71bcd	Merge branch 'main' into dev	2026-06-11 12:26:31 -07:00
miloschwartz	aea7827c1a	fix paywalling	2026-06-11 12:26:01 -07:00
Owen Schwartz	d865c4c55b	Merge pull request #3242 from fosrl/dev Use ssh like mode host	2026-06-11 11:29:45 -07:00
Owen	5baf0c3c09	Use ssh like mode host	2026-06-11 11:11:50 -07:00
Owen Schwartz	cfe33eb974	Merge pull request #3241 from fosrl/dev dev	2026-06-10 21:47:44 -07:00
Owen	71273e1b1c	Try to fix large query problem	2026-06-10 21:41:34 -07:00
Owen	02f6e2a8c3	Add ; fix lint	2026-06-10 20:56:26 -07:00
Owen Schwartz	3cc244a1d3	Merge pull request #3240 from fosrl/dev Fix small bugs with paid features, ui, docs	2026-06-10 20:49:59 -07:00
Owen	1d9c4dd9e2	Fix padding	2026-06-10 20:46:53 -07:00
Owen	b9dd0c8e43	Add advantech install link	2026-06-10 20:46:43 -07:00
Owen	cd052976eb	Properly paywall the edit policy screen	2026-06-10 20:38:59 -07:00
Owen	cc498f0e33	Properly paywall ui for labels	2026-06-10 20:32:07 -07:00
Owen	1a942937e6	Remove precheck on websocket for now	2026-06-10 20:24:41 -07:00
Owen	d81d1a6b7f	Merge branch 'dev' of github.com:fosrl/pangolin into dev	2026-06-10 20:24:22 -07:00
Owen	f64d04e827	Add loading back to create resource	2026-06-10 18:23:01 -07:00
miloschwartz	540aee3fe2	update docs links	2026-06-10 17:52:42 -07:00
Owen Schwartz	10542d7282	Merge pull request #3239 from fosrl/dev 1.19.0	2026-06-10 16:50:32 -07:00
Owen	b1d52ad1a3	Update tiers	2026-06-10 16:27:25 -07:00
Owen	ce2fbef805	Filter only newt sites in the browser gateway	2026-06-10 16:16:42 -07:00
Owen	e312b31e02	Merge branch 'dev' of github.com:fosrl/pangolin into dev	2026-06-10 15:50:52 -07:00
Owen	bc156c715d	24 hour requirement for updates	2026-06-10 15:50:43 -07:00
miloschwartz	9a4c1f23c6	support remove server admin	2026-06-10 15:10:58 -07:00
miloschwartz	6921447fab	fix typo	2026-06-10 11:55:20 -07:00
Owen	d47449b082	Add notes about inline policy to api endpoints	2026-06-10 10:24:31 -07:00
Owen	665806dfe8	Add some documentation; pull the override values	2026-06-10 10:03:16 -07:00
Owen	e248571268	Merge branch 'dev' of github.com:fosrl/pangolin into dev	2026-06-09 22:02:24 -07:00
miloschwartz	fcf03854ff	fix tag input wrapping	2026-06-09 22:01:13 -07:00
Owen	dd1fba4e45	Also clear the roles and users	2026-06-09 21:59:30 -07:00
miloschwartz	a1ab8d8f35	standardize client titles	2026-06-09 21:47:15 -07:00
miloschwartz	c789e967db	standardize client titles	2026-06-09 21:36:54 -07:00
Owen	d870b9ff49	Drop the not null on resource columns	2026-06-09 21:36:27 -07:00
miloschwartz	9c09019ddb	add protocol filter	2026-06-09 21:33:56 -07:00
Owen	9d88683fc5	Reset resource info when on inline policy	2026-06-09 21:28:25 -07:00
miloschwartz	dd2c9f2a02	check resource policy in verifyResourceAccess middleware	2026-06-09 17:52:31 -07:00
miloschwartz	bdb38db5bc	fix form responsiveness	2026-06-09 16:52:18 -07:00
Owen	96a54fc9cc	Fix import issue in migrations	2026-06-09 16:51:55 -07:00
Owen	3a485f74f1	Move session migration out of the loop	2026-06-09 16:16:14 -07:00
Owen	92b0340324	Merge branch 'dev' of github.com:fosrl/pangolin into dev	2026-06-09 16:10:35 -07:00
miloschwartz	9257ac01c7	add learn more links to auto update	2026-06-09 16:08:07 -07:00
Owen	4d1d0d9fcb	Add warning if we cant reach the vnc server	2026-06-09 16:02:52 -07:00
Owen	f186e7e99e	Dont allow asn or country without having maxmind	2026-06-09 16:02:52 -07:00
miloschwartz	1aa6e3511f	dont show policy on tcp/udp resources	2026-06-09 15:56:24 -07:00
miloschwartz	fb6f5b3953	form layout improvements	2026-06-09 15:42:28 -07:00
Owen	c85a7f6ac5	Migrate unkown openapi response from string to {}	2026-06-09 15:35:08 -07:00
Owen	dd54be523f	Dont need to check user exists for the whitelist	2026-06-09 15:26:35 -07:00
Owen	d57f064d4c	Fix spelling	2026-06-09 15:26:35 -07:00
miloschwartz	34799b7de2	move maintenance page config to tab	2026-06-09 15:07:55 -07:00
miloschwartz	20a66bba6f	fix resource context updating problem	2026-06-09 14:49:57 -07:00
miloschwartz	cdb43d9658	dont set whitelist until click set button in dialog	2026-06-09 14:36:50 -07:00
miloschwartz	6581ccafa3	fix toggle on pin or passcode not working on policy form	2026-06-09 14:34:58 -07:00
miloschwartz	a3a45b4239	add safe read	2026-06-09 14:09:36 -07:00
Owen	d6634b6e8a	Add types	2026-06-09 12:16:00 -07:00
Owen	1089cfbacc	Update query to be more efficient	2026-06-09 11:54:46 -07:00
Owen	1907a3c93b	Link to primary org only when you can see billing	2026-06-09 10:33:42 -07:00
miloschwartz	407ba567a0	various visual changes	2026-06-08 22:07:53 -07:00
Owen	f28571629f	Make sure the pamMode is push for host resources	2026-06-08 21:54:06 -07:00
Owen	5a575c916b	Handle backward compatability	2026-06-08 21:11:57 -07:00
Owen	9a7e534b10	Ssh session closed card	2026-06-08 17:44:48 -07:00
Owen	42974d1739	Make sure the skip to idp is pulled	2026-06-08 17:41:59 -07:00
Owen	780e8babe4	Perfect toolbar	2026-06-08 17:39:07 -07:00
Owen	2c7b8006cf	Add gray bar	2026-06-08 16:07:36 -07:00
Owen	35066c1388	Add pulldown toolbar	2026-06-08 16:00:38 -07:00
miloschwartz	135a5d38af	make form grids more consistent	2026-06-08 16:00:30 -07:00
Owen	1b7c1ffa70	Set the target port from the resource	2026-06-08 15:39:26 -07:00
Owen	641f643d2d	Prefil the port with the best guess port	2026-06-08 15:39:26 -07:00
Owen	b4ecfceb5e	Show more information about error	2026-06-08 15:39:25 -07:00
Owen	08a84d4bb1	Add some connection feedback	2026-06-08 15:39:25 -07:00
Owen	4dbad7ab24	Close the tab when exiting	2026-06-08 15:39:25 -07:00
miloschwartz	859c0c9477	add description text to share link path input	2026-06-08 15:33:12 -07:00
miloschwartz	d294bf8534	support uploading csv or txt to sudo commands and groups	2026-06-08 15:30:03 -07:00
miloschwartz	3c8fea382f	improve unix group and sudo commands inputs	2026-06-08 14:36:10 -07:00
Owen	b81bfcfcee	Fix type error	2026-06-08 12:21:43 -07:00
Milo Schwartz	56c415ca05	Merge pull request #3219 from Fredkiss3/refactor/standardize-clear-buttons feat: make clear filter buttons more consistent accross tables	2026-06-08 12:07:55 -07:00
Owen	74fdcceace	Reconnect newts when a exit node comes back online	2026-06-08 12:02:12 -07:00
Owen	7dec8ba998	Add exit node if the sites dont have one	2026-06-08 12:02:12 -07:00
miloschwartz	c9dc6affe7	Merge branch 'dev' into resource-policies-restyle	2026-06-08 12:00:08 -07:00
miloschwartz	8fe45ba78c	prevent duplicate label names	2026-06-08 11:59:15 -07:00
Fred KISSIE	934886caea	Merge branch 'dev' into refactor/standardize-clear-buttons	2026-06-08 20:42:11 +02:00
miloschwartz	fae258b145	add labels to user-resources query	2026-06-08 10:55:24 -07:00
miloschwartz	9f224f655f	Merge branch 'resource-policies-restyle' into dev	2026-06-08 10:38:13 -07:00
miloschwartz	aea7df7dc2	rename share links	2026-06-08 10:37:46 -07:00
miloschwartz	3b675f7de1	policies and policy on resource structure in a good place	2026-06-07 12:19:33 -07:00
miloschwartz	aa47f522ef	move toggle on general page	2026-06-06 15:34:34 -07:00
Fred KISSIE	a994f8ff07	💄 Column filter buttons for log tables	2026-06-05 21:47:08 +02:00
Fred KISSIE	95ce91d94b	Merge branch 'dev' into refactor/standardize-clear-buttons	2026-06-05 20:21:34 +02:00
Fred KISSIE	a4548fd874	💄 Break all text	2026-06-05 19:59:28 +02:00
Fred KISSIE	eb03fb7060	♻️ standardize http request log data-tables	2026-06-05 19:28:30 +02:00
Owen Schwartz	7fa1180d10	Merge pull request #3221 from fosrl/dev 1.19.0-rc.1	2026-06-04 15:45:27 -07:00
Fred KISSIE	33fdc9a94f	🚧 wip: column filter button	2026-06-04 21:04:15 +02:00
Owen Schwartz	8b50f1fb65	Merge pull request #3218 from fosrl/dev Fix installer	2026-06-04 11:21:59 -07:00
Fred KISSIE	c86026c941	♻️ refactor	2026-06-04 20:09:07 +02:00
Fred KISSIE	db014e3446	♻️ use the same `clear filter` text for clearing filters in the column filter buttons	2026-06-04 20:08:27 +02:00
Fred KISSIE	feb8045643	♻️ refactor	2026-06-04 19:54:43 +02:00
Fred KISSIE	d485a09318	♻️ use site label filter column	2026-06-04 19:45:54 +02:00
Fred KISSIE	9cff5f66b1	🚧 wip: site label column filter standardized	2026-06-04 19:40:24 +02:00
Owen Schwartz	527d4cc777	Merge pull request #3215 from fosrl/dev 1.19.0-rc.0	2026-06-04 10:34:20 -07:00