ads example for office posture check

src/pages/how-to/manage-posture-checks.mdx

@@ -144,3 +144,54 @@ The `NetBird Version` check will be assigned to the policy. Click `Save Changes`
     <img src="/docs-static/img/how-to-guides/policy-posture-checks-assigned.png" alt="high-level-dia" className="imagewrapper"/>
 </p>
 
+
+### Example use case for local office network
+A common scenario our users have is to allow theirs peers to externally access their local office network subnet. Having the hability to easily connect to locally exposed services from anywhere in the world, using NetBird is a trivial task, but you don't want to route your traffic via NetBird when you are in the office. To solve this, you can create a policy that will allow connection to the routing peers group, only if they are outside the office, using **Block Peer Network Range** Posture Check.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/posture-check-new-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+<p>
+    <img src="/docs-static/img/how-to-guides/posture-check-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+After you save and give this **Posture Check** a name, you can assign it to a policy. (let's assume the name you gave was "Exclude Office subnet")
+
+In this example, our office network is on the subnet `192.168.1.0/24`. You will  need a policy that allows access to the routing peers; this can be any protocol and port, you just need to be able to connect to your routing peer in some way. Let's assume all users will be part of group `route-users` and the routing peer for our office will be inside the group `route-nodes`. 
+With this in mind, create a policy that allows access to the routing peer group, and assign the posture check `Exclude Office subnet` to it. 
+<p>
+    <img src="/docs-static/img/how-to-guides/policy-office-subnet-with-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+Now, let's create a **Network Route** that will expose local office subnet `192.168.1.0/24` which gets distributed to all peers inside the group `route-users`.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/route-office-subnet-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+In this example, our routing peer is called `router-01` and sits inside the `route-nodes` group, this way the policy we just created go into effect, and all peers inside `route-users` will be able to reach `router-01` only if they are not in the office network, due to our posture check.
+
+From inside our office:
+
+<p>
+    <img src="/docs-static/img/how-to-guides/wifi-inside-office-subnet.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+And on the command line you can observe: 
+<p>
+    <img src="/docs-static/img/how-to-guides/netbird-routes-list-local.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+<p>
+    <img src="/docs-static/img/how-to-guides/netstat-routes-grep-local.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+When we are connected somewhere outside the office, we can observe: 
+
+<p>
+    <img src="/docs-static/img/how-to-guides/netbird-routes-list-external.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+<p>
+    <img src="/docs-static/img/how-to-guides/netstat-routes-grep-external.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+This concludes this Posture Check example.