Update Network Doc (#266)

* Change networks docs

* Change networks docs

* add redirect

---------

Co-authored-by: Maycon Santos <[email protected]>

Author: braginini

next.config.mjs

@@ -24,6 +24,11 @@ const nextConfig = {
     },
     redirects: async () => {
         return [
+            {
+                source: '/how-to/networks-concept',
+                destination: '/how-to/networks',
+                permanent: true,
+            },
             {
                 source: '/docs/getting-started/installation',
                 destination: '/how-to/getting-started#installation',

public/docs-static/img/how-to-guides/networks/resource-acl-1.png

@@ -110,7 +110,7 @@ export const docsNavigation = [
               title: 'Networks (new)',
               isOpen: false,
               links: [
-                  { title: 'Concept', href: '/how-to/networks-concept' },
+                  { title: 'Concept', href: '/how-to/networks' },
                   { title: 'Routing traffic to multiple IP resources', href: '/how-to/routing-traffic-to-multiple-resources' },
                   { title: 'Accessing restricted website domain resources', href: '/how-to/accessing-restricted-websites' },
                   { title: 'Accessing entire domains within networks', href: '/how-to/accessing-entire-domains-within-networks' },

public/docs-static/img/how-to-guides/networks/resources-1.png

@@ -1,54 +1,84 @@
 # Networks
 
-With the `0.35.0` release, we are introducing a new concept in NetBird called `Networks`. This concept improves the administration of routed resources and provides greater visibility into what is shared with peers.
+NetBird provides a fast and secure peer-to-peer mesh network with end-to-end encryption, enabling devices and machines
+running the NetBird agent to connect directly. This setup allows for precise network segmentation,
+isolation of individual machines, and secure remote access without the need to open ports or expose resources to the
+internet. However, there are situations where installing the agent on every machine is not feasible or hasn't been
+completed, requiring access to entire LANs, office networks, or cloud VPCs instead.
 
-Below, we will review the essential concepts of Networks.
+Starting from version `0.35.0`, NetBird introduces Networks, a new concept that allows you to map your internal networks
+such as LANs, VPCs, or office networks, and manage access to internal resources without installing NetBird agent.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes.png" alt="high-level-dia" className="imagewrapper-big"/>
+</p>
+
+<Note>
+    Networks replace the old [Network Routes](/how-to/routing-traffic-to-private-networks) concept, which is now deprecated.
+    Existing Network routes will continue to work as before, but we recommend migrating to Networks for better access
+    management to your resources.
+</Note>
 
 ## Concepts
-#### Networks
-Networks are configuration containers that map your on-premise or cloud networks in a logical set of configurations, making it easier to manage and share routes with your peers based on your infrastructure.
+### Networks
+Networks are configuration containers that map your on-premise or cloud networks in a logical set of configurations,
+making it easier to visualise and manage access to your internal resources. You can create multiple networks to represent your
+different environments, such as office networks, cloud VPCs, or on-premise LANs.
 
-#### Routing peers
-One or more peers selected to route traffic from your NetBird peers to your Network resources. You can add as many routing peers as you need using single peers or groups to ensure high availability and load balancing.
+<p>
+    <img src="/docs-static/img/how-to-guides/networks/new-network-2.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
+### Routing peers
+To access your internal resources, you need to route traffic from your NetBird peers to your internal networks.
+Routing peers are Linux machines that connect your NetBird peers and your internal networks.
+You can add as many routing peers as you need using single peers or groups to ensure high availability and load balancing.
 You can define masquerading and priority for each routing peer.
 
+<p>
+    <img src="/docs-static/img/how-to-guides/networks/add-routing-peer-1.png" alt="high-level-dia" className="imagewrapper"/>
+</p>
+
 <Note>
     Only Linux OS machines can be assigned as routing peers.
 </Note>
 
-#### Resources
-Remote network resources that are routed via routing peers. They can be configured as single IP addresses, IP ranges, domain names, or wildcard domains (e.g., *.netbird.io) when enabling [DNS wildcard routing](#enable-dns-wildcard-routing).
+### Resources
+Resources are individual machines, services, or subnets within your internal network. You can define resources as single
+IP addresses, IP ranges, domain names, or wildcard domains (e.g., *.company.internal) when enabling [DNS wildcard routing](#enable-dns-wildcard-routing).
 
-See examples of resources below:
 <p>
     <img src="/docs-static/img/how-to-guides/networks/resources-1.png" alt="resources" className="imagewrapper-big"/>
 </p>
 <Note>
-  Support to exit nodes and site-2-site VPNs may become available in future releases. In the meantime you can use [Network routes](/how-to/routing-traffic-to-private-networks) add your exit-node routes and site2site routes.
+  Support to exit nodes and site-2-site VPNs may become available in future releases. In the meantime you can use [Network routes](/how-to/routing-traffic-to-private-networks) add your exit-node routes and site-2-site routes.
 </Note>
 
-You can assign a Group to a resource that allows you to manage access control policies for the resources. See the image below with an example of the resource *.netbird.io:
+
+## Manage access to resources
+
+To manage access to resources, you can assign them to groups and create [access control policies](/how-to/manage-network-access#creating-policies) to define which peers can access them.
+See the image below with an example resource `CRM`:
 <p>
     <img src="/docs-static/img/how-to-guides/networks/resources-2.png" alt="resource-group" className="imagewrapper"/>
 </p>
-#### Access control policies
+
 Access control policies are rules that define which peers can access the resources in your network. You can create policies based on the source and destination groups, and the type of traffic allowed (e.g., TCP, UDP, ICMP).
 The groups assigned to resources should always be placed in the destination input field of the policy.
 The peers belonging to the source groups will receive the resources linked to the policy and the firewall rules will be applied according to what is defined.
-See the example below with a policy that allows the group `berlin-office` to access the resource `*.netbird.io`:
+See the example below with a policy that allows the group `Berlin Office` to access the internal CRM system:
 
 <p>
     <img src="/docs-static/img/how-to-guides/networks/resource-acl-1.png" alt="resource-acl" className="imagewrapper-big"/>
 </p>
 
 <Note>
-    Policies that for `domains` or `wildcard domains` that are applied to the peers of `IP ranges` might influence the access control for those peers since they have as destination ranges any IPs.
-    Due to this, we recommend to create networks with routing peers dedicated to domain and wildcard domains to prevent unwanted access to take place. In the coming releases, we will provide a fix for that behavior.
+    Policies for domains or wildcard domains applied to peers with IP ranges might influence access control for those peers, as their destination ranges include any IPs. Therefore, we recommend creating networks with routing peers dedicated to domain and wildcard domains to prevent unwanted access. In upcoming releases, we will provide a fix for this behavior.
 </Note>
 
-#### Enable DNS wildcard routing
+## Enable DNS wildcard routing
 When you configure wildcard domains as resources, you need to enable DNS wildcard routing. Which has an additional effect in comparison to the previous DNS routes behavior from Network routes; it switches the DNS resolution to the routing peer instead of the local client system.
-This is also useful for regular DNS routes when you want to resolve the domain names using the routing peer's IP infrastructure, which will allow for more restricted access control rules in newer versions of the clients(**1**) and for the traffic to go to a near routing peer service.
+This is also useful for regular DNS routes when you want to resolve the domain names using the routing peer's IP infrastructure, which will allow for more restricted access control rules in newer versions of the clients (**1**) and for the traffic to go to a near routing peer service.
 <Note>
  (1) Support for more restricted rules will be available in future releases.
 </Note>