Add first policies

Author: maxvp

src/content/docs/cloudflare-one/policies/gateway/network-policies/common-policies.mdx

@@ -18,25 +18,105 @@ Refer to the [network policies page](/cloudflare-one/policies/gateway/network-po
 
 <Render file="gateway/policies/block-applications" product="cloudflare-one" />
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
 | Selector    | Operator | Value                     | Action |
 | ----------- | -------- | ------------------------- | ------ |
 | Application | in       | _Artificial Intelligence_ | Block  |
 
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Block unauthorized applications",
+  "description": "Block access to unauthorized AI applications",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "l4"
+  ],
+  "traffic": "any(app.type.ids[*] in {25})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
+
 ## Check user identity
 
 <Render file="gateway/policies/check-user-identity" />
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
 | Selector         | Operator | Value         | Logic | Action |
 | ---------------- | -------- | ------------- | ----- | ------ |
 | Application      | in       | _Salesforce_  | And   | Block  |
 | User Group Names | in       | _Contractors_ |       |        |
 
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Check user identity",
+  "description": "Block access to Salesforce by temporary employees and contractors",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "l4"
+  ],
+  "traffic": "any(app.ids[*] in {606})",
+  "identity": "any(identity.groups.name[*] in {\"Contractors\"})",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
+
 ## Enforce device posture
 
-Require devices to have certain software installed or other configuration attributes. For instructions on enabling a device posture check, refer to the [device posture section](/cloudflare-one/identity/devices/).
+Require devices to have certain software installed or other configuration attributes. For instructions on enabling a device posture check, refer to the [device posture section](/cloudflare-one/identity/devices/). For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
 <Render file="gateway/policies/enforce-device-posture" />
 
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Enforce device posture",
+  "description": "Limit access to an internal application to approved organization devices",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "l4"
+  ],
+  "traffic": "any(net.sni.domains[*] == \"example.com\")",
+  "identity": "",
+  "device_posture": "not(any(device_posture.checks.passed[*] in {\"<POSTURE-CHECK-UUID>\"}))"
+}'
+```
+
+To get the UUIDs of your device posture checks, use the [List device posture rules](/api/resources/zero_trust/subresources/devices/subresources/posture/methods/list/) endpoint.
+
+</TabItem> </Tabs>
+
 ## Enforce session duration
 
 To require users to re-authenticate after a certain amount of time has elapsed, configure [WARP sessions](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/).

src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx

@@ -12,11 +12,13 @@ To create a new network policy:
 2. In the **Network** tab, select **Add a policy**.
 3. Name the policy.
 4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
+
    <Render
    	file="gateway/policies/enforce-device-posture"
    	product="cloudflare-one"
    />
+
 6. Select **Create policy**.
 
 </TabItem>

src/content/partials/cloudflare-one/gateway/policies/enforce-device-posture.mdx

@@ -2,9 +2,7 @@
 {}
 ---
 
-For example, you can use a list of [device serial numbers](/cloudflare-one/identity/devices/warp-client-checks/corp-device/) to ensure users can only access an application if they connect with the WARP client from a company device:
-
 | Selector                     | Operator | Value                   | Logic | Action |
 | ---------------------------- | -------- | ----------------------- | ----- | ------ |
-| SNI Domain                   | is       | `internalapp.com`       | And   | Block  |
+| SNI Domain                   | is       | `example.com`           | And   | Block  |
 | Passed Device Posture Checks | not in   | _Device serial numbers_ |       |        |