diff --git a/src/content/docs/cloudflare-one/applications/non-http/index.mdx b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
index 906eb3d67199388..fefb5b7eac5809d 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 1
---
-import { Render } from "~/components";
+import { Render, Stream } from "~/components";
Cloudflare offers both client-based and clientless ways to grant secure access to non-HTTP applications.
@@ -13,6 +13,12 @@ Cloudflare offers both client-based and clientless ways to grant secure access t
Non-HTTP applications require [connecting your private network](/cloudflare-one/connections/connect-networks/private-net/) to Cloudflare. For more details, refer to our [Replace your VPN](/learning-paths/replace-vpn/connect-private-network/) implementation guide.
:::
+
+
## WARP client
Users can connect by installing the Cloudflare WARP client on their device and enrolling in your Zero Trust organization. Remote devices connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access any private route unless they are protected by an Access policy or Gateway firewall rule. To secure the application, you can [create a self-hosted application](/cloudflare-one/applications/non-http/self-hosted-private-app/) for a private IP range, port range, and/or hostname and build [Access policies](/cloudflare-one/policies/access/) that allow or block specific users.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
index 82593ff37ae029a..bc022771bd6b4d4 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
@@ -5,12 +5,18 @@ sidebar:
order: 1
---
-import { Render } from "~/components";
+import { Render, Stream } from "~/components";
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP — instead, a lightweight daemon in your infrastructure (`cloudflared`) creates [outbound-only connections](/cloudflare-one/connections/connect-networks/#outbound-only-connection) to Cloudflare's global network. Cloudflare Tunnel can connect HTTP web servers, [SSH servers](/cloudflare-one/connections/connect-networks/use-cases/ssh/), [remote desktops](/cloudflare-one/connections/connect-networks/use-cases/rdp/), and other protocols safely to Cloudflare. This way, your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare.
Refer to our [reference architecture](/reference-architecture/architectures/sase/) for details on how to implement Cloudflare Tunnel into your existing infrastructure.
+
+
## How it works
Cloudflared establishes [outbound connections](/cloudflare-one/connections/connect-networks/#outbound-only-connection) (tunnels) between your resources and Cloudflare's global network. Tunnels are persistent objects that route traffic to DNS records. Within the same tunnel, you can run as many 'cloudflared' processes (connectors) as needed. These processes will establish connections to Cloudflare and send traffic to the nearest Cloudflare data center.
diff --git a/src/content/docs/cloudflare-one/index.mdx b/src/content/docs/cloudflare-one/index.mdx
index 8cd2941cb69ed20..220f13051ffb5d8 100644
--- a/src/content/docs/cloudflare-one/index.mdx
+++ b/src/content/docs/cloudflare-one/index.mdx
@@ -20,6 +20,7 @@ import {
Plan,
RelatedProduct,
Render,
+ Stream
} from "~/components";
@@ -36,6 +37,12 @@ By progressively adopting Cloudflare One, organizations can move away from a pat
Refer to our [SASE reference architecture](/reference-architecture/architectures/sase/) to learn how to plan, deploy, and manage SASE architecture with Cloudflare.
+
+
Get started
diff --git a/src/content/docs/cloudflare-one/policies/gateway/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/index.mdx
index 250c911acc83eb6..0c468fd166ba24c 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/index.mdx
@@ -8,7 +8,7 @@ head:
content: Gateway policies
---
-import { Render } from "~/components";
+import { Render, Stream } from "~/components";
Cloudflare Gateway, our comprehensive [Secure Web Gateway](https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/), allows you to set up policies to inspect DNS, Network, HTTP, and Egress traffic.
@@ -22,6 +22,12 @@ Cloudflare Gateway, our comprehensive [Secure Web Gateway](https://www.cloudflar
When creating or editing policies, it may take up to 60 seconds for that policy to be updated across all of Cloudflare's data centers.
:::
+
+
## Best practices
For each type of policy, we recommend the following workflow:
diff --git a/src/content/docs/magic-wan/index.mdx b/src/content/docs/magic-wan/index.mdx
index d2e3a8908b6e5ba..e54440dd079a1df 100644
--- a/src/content/docs/magic-wan/index.mdx
+++ b/src/content/docs/magic-wan/index.mdx
@@ -16,6 +16,7 @@ import {
LinkTitleCard,
Plan,
RelatedProduct,
+ Stream
} from "~/components";
@@ -35,6 +36,12 @@ Refer to [On-ramps](/magic-wan/on-ramps/) for a full list of supported on-ramps.
Learn how to [get started](/magic-wan/get-started/).
+
+
---
## Features