diff --git a/public/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png b/public/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png
index 52ac13b0..8ea33b88 100644
Binary files a/public/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png and b/public/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png differ
diff --git a/public/docs-static/img/getting-started/add-peer.png b/public/docs-static/img/getting-started/add-peer.png
index f8e6932e..f793a558 100644
Binary files a/public/docs-static/img/getting-started/add-peer.png and b/public/docs-static/img/getting-started/add-peer.png differ
diff --git a/public/docs-static/img/getting-started/empty-peers.png b/public/docs-static/img/getting-started/empty-peers.png
index 389de4e8..94ffd0e8 100644
Binary files a/public/docs-static/img/getting-started/empty-peers.png and b/public/docs-static/img/getting-started/empty-peers.png differ
diff --git a/public/docs-static/img/getting-started/peers.png b/public/docs-static/img/getting-started/peers.png
index aeef5368..036455be 100644
Binary files a/public/docs-static/img/getting-started/peers.png and b/public/docs-static/img/getting-started/peers.png differ
diff --git a/public/docs-static/img/how-to-guides/add-new-peer-empty.png b/public/docs-static/img/how-to-guides/add-new-peer-empty.png
index f27c8cd2..94ffd0e8 100644
Binary files a/public/docs-static/img/how-to-guides/add-new-peer-empty.png and b/public/docs-static/img/how-to-guides/add-new-peer-empty.png differ
diff --git a/public/docs-static/img/how-to-guides/add-new-peer-popup.png b/public/docs-static/img/how-to-guides/add-new-peer-popup.png
index 7b3e387c..a2b1fc61 100644
Binary files a/public/docs-static/img/how-to-guides/add-new-peer-popup.png and b/public/docs-static/img/how-to-guides/add-new-peer-popup.png differ
diff --git a/public/docs-static/img/how-to-guides/add-setup-key.png b/public/docs-static/img/how-to-guides/add-setup-key.png
index 8f70a6ab..2e35be03 100644
Binary files a/public/docs-static/img/how-to-guides/add-setup-key.png and b/public/docs-static/img/how-to-guides/add-setup-key.png differ
diff --git a/public/docs-static/img/how-to-guides/create-rule.png b/public/docs-static/img/how-to-guides/create-rule.png
new file mode 100644
index 00000000..3fb57c38
Binary files /dev/null and b/public/docs-static/img/how-to-guides/create-rule.png differ
diff --git a/public/docs-static/img/how-to-guides/netbird-network-routes-add-button.png b/public/docs-static/img/how-to-guides/netbird-network-routes-add-button.png
index b2e82230..a9541085 100644
Binary files a/public/docs-static/img/how-to-guides/netbird-network-routes-add-button.png and b/public/docs-static/img/how-to-guides/netbird-network-routes-add-button.png differ
diff --git a/public/docs-static/img/how-to-guides/netbird-network-routes-create.png b/public/docs-static/img/how-to-guides/netbird-network-routes-create.png
index 41b6a6fd..75fb44d7 100644
Binary files a/public/docs-static/img/how-to-guides/netbird-network-routes-create.png and b/public/docs-static/img/how-to-guides/netbird-network-routes-create.png differ
diff --git a/public/docs-static/img/how-to-guides/netbird-network-routes-groups-create.png b/public/docs-static/img/how-to-guides/netbird-network-routes-groups-create.png
index 5b1805f4..966b2082 100644
Binary files a/public/docs-static/img/how-to-guides/netbird-network-routes-groups-create.png and b/public/docs-static/img/how-to-guides/netbird-network-routes-groups-create.png differ
diff --git a/public/docs-static/img/how-to-guides/netbird-network-routes-groups-saved-new.png b/public/docs-static/img/how-to-guides/netbird-network-routes-groups-saved-new.png
index bafcfa85..3c6e1538 100644
Binary files a/public/docs-static/img/how-to-guides/netbird-network-routes-groups-saved-new.png and b/public/docs-static/img/how-to-guides/netbird-network-routes-groups-saved-new.png differ
diff --git a/public/docs-static/img/how-to-guides/netbird-network-routes-saved-new.png b/public/docs-static/img/how-to-guides/netbird-network-routes-saved-new.png
index be56a452..3941ab6c 100644
Binary files a/public/docs-static/img/how-to-guides/netbird-network-routes-saved-new.png and b/public/docs-static/img/how-to-guides/netbird-network-routes-saved-new.png differ
diff --git a/public/docs-static/img/how-to-guides/peer-approval-settings.png b/public/docs-static/img/how-to-guides/peer-approval-settings.png
index 94de0e6f..0318da34 100644
Binary files a/public/docs-static/img/how-to-guides/peer-approval-settings.png and b/public/docs-static/img/how-to-guides/peer-approval-settings.png differ
diff --git a/public/docs-static/img/how-to-guides/peer-list.png b/public/docs-static/img/how-to-guides/peer-list.png
index cd37091d..879b1c7a 100644
Binary files a/public/docs-static/img/how-to-guides/peer-list.png and b/public/docs-static/img/how-to-guides/peer-list.png differ
diff --git a/public/docs-static/img/how-to-guides/peer-needs-approval.png b/public/docs-static/img/how-to-guides/peer-needs-approval.png
index c7730db3..b4aa939d 100644
Binary files a/public/docs-static/img/how-to-guides/peer-needs-approval.png and b/public/docs-static/img/how-to-guides/peer-needs-approval.png differ
diff --git a/public/docs-static/img/how-to-guides/setup-key-create2d.png b/public/docs-static/img/how-to-guides/setup-key-create2d.png
new file mode 100644
index 00000000..2fb16665
Binary files /dev/null and b/public/docs-static/img/how-to-guides/setup-key-create2d.png differ
diff --git a/public/docs-static/img/how-to-guides/setup-key-created.png b/public/docs-static/img/how-to-guides/setup-key-created.png
index 2fb16665..1eaf9820 100644
Binary files a/public/docs-static/img/how-to-guides/setup-key-created.png and b/public/docs-static/img/how-to-guides/setup-key-created.png differ
diff --git a/public/docs-static/img/how-to-guides/setup-keys.png b/public/docs-static/img/how-to-guides/setup-keys.png
index 5fc4eebf..39475b4b 100644
Binary files a/public/docs-static/img/how-to-guides/setup-keys.png and b/public/docs-static/img/how-to-guides/setup-keys.png differ
diff --git a/public/docs-static/img/overview/associate-peer-groups.png b/public/docs-static/img/overview/associate-peer-groups.png
index 2e42d0cd..02191c1b 100644
Binary files a/public/docs-static/img/overview/associate-peer-groups.png and b/public/docs-static/img/overview/associate-peer-groups.png differ
diff --git a/public/docs-static/img/overview/create-rule.png b/public/docs-static/img/overview/create-rule.png
index 5f2d2387..3fb57c38 100644
Binary files a/public/docs-static/img/overview/create-rule.png and b/public/docs-static/img/overview/create-rule.png differ
diff --git a/public/docs-static/img/overview/delete-rule-menu.png b/public/docs-static/img/overview/delete-rule-menu.png
index 41751671..67d8ea40 100644
Binary files a/public/docs-static/img/overview/delete-rule-menu.png and b/public/docs-static/img/overview/delete-rule-menu.png differ
diff --git a/public/docs-static/img/overview/disable-rule.png b/public/docs-static/img/overview/disable-rule.png
new file mode 100644
index 00000000..10b75043
Binary files /dev/null and b/public/docs-static/img/overview/disable-rule.png differ
diff --git a/public/docs-static/img/overview/new-rule-list.png b/public/docs-static/img/overview/new-rule-list.png
index bc2daca5..c30db36f 100644
Binary files a/public/docs-static/img/overview/new-rule-list.png and b/public/docs-static/img/overview/new-rule-list.png differ
diff --git a/src/pages/how-to/add-machines-to-your-network.mdx b/src/pages/how-to/add-machines-to-your-network.mdx
index 9927bef5..7c60435e 100644
--- a/src/pages/how-to/add-machines-to-your-network.mdx
+++ b/src/pages/how-to/add-machines-to-your-network.mdx
@@ -1,5 +1,5 @@
-# Add machines to your NetBird network
+# Add peers to your NetBird network
Whether you have a network for personal use or manage your company's corporate network, you'd probably want to add machines
(or peers in NetBird's terms) to your network.
@@ -11,8 +11,8 @@ an Android or iOS device, a personal laptop, a single-board computer like Raspbe
## Use NetBird web UI to add new peers
To add a new peer to your network follow these steps:
-1. Sign-in you NetBird account at https://app.netbird.io/ and go to the Peers tab.
-2. Hit `Add new peer` button
+1. Sign-in to your NetBird account at https://app.netbird.io/ and go to the Peers tab.
+2. Hit `Add Peer` button
diff --git a/src/pages/how-to/approve-peers.mdx b/src/pages/how-to/approve-peers.mdx
index b203c363..d8c01158 100644
--- a/src/pages/how-to/approve-peers.mdx
+++ b/src/pages/how-to/approve-peers.mdx
@@ -19,11 +19,11 @@ To enable peer approval, navigate to [Settings » Authentication](https://a
- When disabling peer approval, all pending approval requests will be automatically approved.
+ When disabling the peer approval, all pending approval requests will automatically be approved.
## Approve peer
-To approve a peer, navigate to the [peers tab](https://app.netbird.io/peers) and click the 'needs approval' button under the peer's name.
+To approve a peer, navigate to the [peers tab](https://app.netbird.io/peers) and click the `Approve` button on the right side of the peers table.
diff --git a/src/pages/how-to/manage-network-access.mdx b/src/pages/how-to/manage-network-access.mdx
index 4b407a98..c5d04f3f 100644
--- a/src/pages/how-to/manage-network-access.mdx
+++ b/src/pages/how-to/manage-network-access.mdx
@@ -1,90 +1,79 @@
# Manage network access
-NetBird allows administrators to restrict access to resources (peers) by creating access rules and
-defining what peer groups are permitted to establish connections with one another. Rule can allow connections
-by specific protocol and ports.
+NetBird enables administrators to oversee and manage access between resources (peers) through access policies. These policies specify which peers and peer groups are permitted to connect to each other, detail the protocols and ports for these connections, and offer the option to include posture checks to apply zero trust principles, helping to adapt access control to specific contexts.
## Introduction
-A NetBird account comes with a `Default` rule that allows all peers of the account to connect to each other by all protocols,
-forming a full mesh network. In most cases, this is the desired state for a small network or network that has low-security requirements.
-When you need to restrict access to certain resources that belong to specific users or services within your organization,
-you can create rules that dictate who can access what.
+Initially, a NetBird account is configured with a `Default` policy which allows peers to connect via any protocol, resulting in the formation of a full mesh network. This setup often suits small networks or those requiring minimal security. In scenarios where higher security is needed or access to specific resources must be restricted for certain users or services, policies can be set up to determine access permissions.
-Access control rules make use of groups to control connections between peers; these groups can be added as `Source` or `Destination` of a rule and will be evaluated when the Management service distributes the list of peers across your network.
+
+
+Access control policies make use of groups to control connections between peers. These groups, which are sets of peers (meaning different machines with the NetBird client installed), can be added as Source or Destination of a policy. They are evaluated when the Management service distributes the list of peers across your network.
## Concepts
### Groups
-A NetBird group works and follows a similar concept to tags in other platforms; they are easily created and can be associated with peers and used in rules to control traffic within your network.
+A NetBird group works and follows a similar concept to tags in other platforms; they are easily created and can be associated with peers and used in policies to control traffic within your network.
-Some characteristics of groups:
-- They are unique.
-- One group can have multiple peers.
-- Peers can belong to multiple groups.
-- Rules can have multiple groups in their `Source` and `Destination` lists.
-- They are created in the `Access Control` or `Peers` tabs.
-- They can only be deleted via API.
-- There is a default group called `All`.
+Here are some key attributes of groups:
+- Each group is unique.
+- A single group can have multiple peers.
+- Peers can be part of multiple groups simultaneously.
+- Groups can be included in the 'Source' and 'Destination' lists of policies.
+- Groups are generated within the 'Access Control' or 'Peers' tabs.
+- Groups can be deleted only via the API.
+- There exists a default group called 'All'.
You can assign groups automatically with the [peer auto-grouping feature](/how-to/register-machines-using-setup-keys#peer-auto-grouping).
### The All Group
-The `All` group is a default group to which every peer in your network is automatically added to. This group cannot be modified or deleted.
+The 'All' group serves as a default group that automatically includes every peer in your network. This group cannot be modified or removed.
-### Rules
-Rules are defined as sets of Source and Destination peer groups, which specify the allowable communication between them.
-Depending on the rule configuration, this communication can be either bidirectional or unidirectional.
-Rules are processed when the Management service distributes a network map to all peers of your account. Because you can only create ALLOW rules, there is no processing
-order or priority, so the decision to distribute peer information is based on its association with a group belonging to an existing rule.
+### Policies
+Policies act as rules governing how different resources (peers) can communicate and connect. They specify the source and destination of communication and can allow bidirectional or unidirectional connections.
-Currently, the communication between lists of groups in source and destination lists of a rule for ALL and ICMP protocols,
-and for TCP and UDP when you don't define limitation by port, it is bidirectional, meaning that destinations can also
-initiate connections to a group of peers listed in the source field of the rule.
+Policies are processed when the Management service shares a network map with all peers of your account. Because you can only create ALLOW policies, there is no processing order or priority. So, the decision to distribute peer information is based on its association with a group belonging to an existing policy.
-The behavior of a network without any rules is to deny traffic. No peers will be able to communicate with each other.
+For ICMP and ALL protocols, as well as for TCP and UDP protocols **without** specific port restrictions, communication between groups listed in the source and destination fields is bidirectional. This means that both source and destination groups can initiate connections with each other. To establish one-way connections, you must specify a protocol (UDP or TCP), along with a port.
- If you need to allow peers from the same group to communicate with each other, just add the same group to the `Source` and `Destination` lists.
+If you need to allow peers from the same group to communicate with each other, you can do so by adding the same group to the `Source` and `Destination` lists.
-### The Default Rule
-The `Default` rule is created when you first create your account. This rule is very permissive because it allows communication between all peers in your network.
-It uses the [`All`](#the-all-group) group as a source and destination. If you want to have better
-control over your network, it is recommended that you delete this rule and create more restricted rules with custom groups.
+Without policies, a network operates by denying traffic, meaning peers cannot communicate with each other. That's why the default policy is automatically created upon account creation.
+
+
+### The Default policy
+The `Default` policy is created when you first create your account. This policy is very permissive because it allows communication between all peers in your network, utilizing the [`All`](#the-all-group) group as both the source and destination. It's worth noting that the [`All`](#the-all-group) group is also automatically present when the account is being created. If you want to have better control over your network, it is recommended that you delete this policy and create more restricted policies with custom groups.
- If you need to restrict communication within your network, you can create new rules and use different groups, and then remove the default rule to achieve the desired behavior.
+ If you need to restrict communication within your network, you can create new policies and use different groups. Then, you can remove the default policy to achieve the desired behavior.
### Multiple Mesh Networks
-As mentioned above, rules by default are bidirectional which is basically the control of how your network will behave as a mesh network.
-But for TCP and UDP protocols, if you define ports in the rule, rule can be unidirectional.
+As mentioned above, policies are bidirectional by default, essentially controlling how your network behaves as a mesh network. However, for TCP and UDP protocols, if you specify ports in the policy, it can become unidirectional.
-There is a `Default` rule, which configures a Default mesh connection between all peers of your network. With rules,
-you can define smaller mesh networks by grouping peers and adding these groups to `Source` and `Destination` lists.
-Also you can create unidierectional rules to restrict traffic between groups for TCP and UDP protocols if you define ports.
+There is a `Default` policy, which configures a default mesh connection between all peers of your network. With policies, you can define smaller mesh networks by grouping peers and adding these groups to `Source` and `Destination` lists. Additionally, you can create unidirectional policies to restrict traffic between groups for TCP and UDP protocols if you define ports.
-## Managing Rules
+## Managing Policies
-### Creating Rules
-After accessing the `Access Control` tab, you can click the `Add Rule` button to create a new rule.
-In the popup, specify a name for the rule, and define source and destination groups.
-You can set traffic direction only when you choose TCP or UDP protocols.
+### Creating Policies
+After accessing the `Access Control` > `Policies` tab, click on the `Add policy` button to create a new policy. In the popup, specify source and destination groups, and add Posture Checks if needed. Make sure to set traffic direction only when TCP or UDP protocols are selected. Finally, provide a name and description for your policy.
-If required, you can create new groups by entering new names in the input box for either source or destination lists.
-Once you are done configuring the rule, click the `Create` button to save it. You will then see your new rule in the table.
+If necessary, you can create new groups simply by entering new names in the input box for either the source or destination lists.
+
+Once you have finished configuring the policy, click `Add Policy` to save it. You will then see your new policy in the table.
- Because of its permissiveness, new rules will take effect once you remove the `Default` rule.
+ Because of its permissiveness, new policies will take effect once you remove the `Default` policy.
@@ -92,8 +81,8 @@ Protocol type All or ICMP must be bi-directional. Also unidirectional traffic fo
### Adding peers to groups
-If you create a new group when defining a rule, you will need to add a peer to the group for the rule to take effect.
-You can do it by accessing the `Peers` tab and clicking the `Groups` column of any peer you want to associate with the new group.
+If you create a new group when defining a policy, you will need to add a peer to the group for the policy to take effect.
+You can assign a peer to a group by accessing the `Peers` section. Then, choose the specific peer you want to assign to a group. Click on the `Assigned Groups` select box and select the group(s) you wish to assign to this peer.
@@ -103,16 +92,18 @@ You can do it by accessing the `Peers` tab and clicking the `Groups` column of a
You can assign groups automatically with the [peer auto-grouping feature](/how-to/register-machines-using-setup-keys#peer-auto-grouping).
-### Updating Rules
-To update a rule, you can click on the rule's `Name` or on either `Sources` and `Destinations` columns. You could also click the menu
-button of a rule and select `View`. This will open the same screen where you can update rule groups, description, and status or change allowed
-traffic direction and protocols with ports.
+### Updating Policies
-### Disabling Rules
-To disable a rule, use the switch in the `Enabled` column of the table.
+To update a policy, just click on its name and customize it according to your requirements. This action will open the same screen where you can update policy groups, descriptions, and status, or modify allowed traffic direction, protocols with ports, and posture checks, similar to the information described in the "Creating Policies" section above.
-### Deleting Rules
-To delete a rule, click `Delete` in the table. A confirmation window will pop up.
+### Disabling Policies
+To disable a policy, use the switch in the `Active` column of the table.
+
+ 
+
+
+### Deleting Policies
+To delete a policy, click on `Delete` in the table, and confirm the message that appears.
diff --git a/src/pages/how-to/register-machines-using-setup-keys.mdx b/src/pages/how-to/register-machines-using-setup-keys.mdx
index 77389066..c8c5c52f 100644
--- a/src/pages/how-to/register-machines-using-setup-keys.mdx
+++ b/src/pages/how-to/register-machines-using-setup-keys.mdx
@@ -11,7 +11,7 @@ This makes it possible to run automated deployments with infrastructure-as-code
sudo netbird up --setup-key
```
-## Types of setup seys
+## Types of setup keys
There are 2 types of setup keys:
* **One-off key**. This type of key can be used only once to authenticate a machine.
@@ -46,9 +46,6 @@ We recommend limiting the number of times the key can be used, e.g., set it to 3
## Peer Auto-grouping
-
- 
-
NetBird offers a powerful [access control feature](/how-to/manage-network-access) that allows easy access management of your resources.
In a basic scenario, you would create multiple groups of peers and create access rules to define what groups can access each other.
@@ -71,7 +68,7 @@ Then use this key to enroll new machine.
## Create setup key
-Click the `Add Key` button in the `Setup Keys'.
+Go to the `Setup Keys` tab and click the `Create Setup Key` button
In the opened popup, give your new key an easily identifiable name, choose type, set usage limit, and assign auto groups.
The defaults should be suitable for most of the cases. We recommend using one-off keys for security reasons.
diff --git a/src/pages/how-to/routing-traffic-to-private-networks.mdx b/src/pages/how-to/routing-traffic-to-private-networks.mdx
index 6399ae93..5f24ad00 100644
--- a/src/pages/how-to/routing-traffic-to-private-networks.mdx
+++ b/src/pages/how-to/routing-traffic-to-private-networks.mdx
@@ -74,14 +74,14 @@ In the example below, we are creating a route with the following information:
- Network identifier: `aws-eu-central-1-vpc`
- Description: `Production VPC in Frankfurt`
- Network range: `172.31.0.0/16`
-- Routing peer: `aws-nb-europe-router-az-a`
+- Routing peer: `ec2-demo-node`
- Distribution Groups: `All`
-Once you fill in the route information, you can click on the `Save` button to save your new route.
+Once you fill in the route information, you can click on the `Add route` button to save your new route.
@@ -95,7 +95,7 @@ If groups have more than one peer, you get the [high availability route](#high-a
-Once you fill in the route information, you can click on the `Save` button to save your new route.
+Once you fill in the route information, you can click on the `Add route` button to save your new route.
