[LB] Updates magic wan docs (cloudflare#22849)

* Updates magic wan docs

* Corrects typo

* Apply suggestions from code review

Co-authored-by: Jun Lee <[email protected]>

---------

Co-authored-by: Jun Lee <[email protected]>

Author: 2 people

src/content/docs/load-balancing/private-network/magic-wan.mdx

@@ -6,54 +6,51 @@ sidebar:
 
 ---
 
-Consider the following steps to learn how to configure Private Network Load Balancing solution, using [Magic WAN](/magic-wan/) as the on-ramp and off-ramp to securely connect to your private or internal services. This is currently an API only feature.
+Consider the following steps to learn how to configure Private Network Load Balancing solution, using [Magic WAN](/magic-wan/) as the on-ramp and off-ramp to securely connect to your private or internal services.
 
-## 1. Configure a virtual network for Magic WAN
+One of the pre-requisites to using Private Network Load Balancing (PNLB) with Magic WAN is having Magic WAN set up in your account and having completed onboarding. You can connect with a Magic WAN Connector, or your own hardware via an IPsec or GRE tunnel. Check out the [Magic WAN documentation](/magic-wan/get-started/) for more details or to get started.
 
-1. Create and [configure virtual networks](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/#create-a-virtual-network) using either the Cloudflare UI or the Cloudflare API.
+## 1. Create Load Balancer Pools
 
-2. Set your virtual network as the default. Your load balancer will use the `default` virtual network. In the [API](/api/resources/zero_trust/subresources/networks/subresources/virtual_networks/methods/create/), specify the default virtual network by setting `is_default_network = true`.
+Load Balancer Pools are logical groupings of endpoints — typically organized by physical datacenter or geographic region. The endpoints in the pool are the destinations where traffic is ultimately routed.
 
-3. Retrieve the ID of the virtual network you created. To get the VNET ID, send a `GET` request to the following API endpoint:
+:::note
+Endpoints accessed via Magic WAN  must be accessible in and assigned to the default VNET.
+:::
 
-```txt
-https://api.cloudflare.com/client/v4/accounts/{account_id}/teamnet/virtual_networks?is_default=true
-```
+:::caution
+The IP destination addresses must also be routable in your Magic WAN configuration. Please contact your Cloudflare account team to confirm that the addresses are available in your configuration.
+:::
 
-The VNET ID value will be used to ensure that your load balancer is properly integrated with the specified virtual network.
+Pools can be created using either the Cloudflare dashboard or the API. Refer to the [Create a pool](/load-balancing/pools/create-pool/#create-a-pool) documentation section for more information.
 
-## 2. Configure an Account Load Balancer
+## 2. Create an Account Load Balancer with a Private IP
 
-1. Once you have your [VNets configured](/load-balancing/private-network/magic-wan/#1-configure-a-virtual-network-for-magic-wan), you need to make sure that the [pools](/load-balancing/pools/create-pool/) you will be using with your load balancer are configured with the default VNet value in the **Virtual Network** field.
+1. Go to **Load Balancing** at the account level and select **Create a Load Balancer**.
+2. Select **Private Load Balancer**.
+3. On the next step you can choose to associate this load balancer with either:
+ - A CGNAT IP from the Cloudflare range or
+ - A custom [RFC1918 address](https://datatracker.ietf.org/doc/html/rfc1918).
+4. Add a descriptive name to identify your Load Balancer.
+5. Proceed through the setup.
 
-2. Next, create an Account Load Balancer by sending a `POST` request to the following API endpoint. The request body should be structured similarly to a Zone Load Balancer. Refer to the [Cloudflare API documentation](/api/resources/load_balancers/methods/create/) for details on the required fields and their formats. Make sure that the pools you are using in your load balancer have the default VNET configured (previous step).
+After selecting an IP address and completing the setup, you will be redirected to the Load Balancing dashboard. You can locate your load balancer using the search bar or by filtering for **Private** load balancers. Be sure to note the assigned IP address, as it will be required in the following steps.
 
-```txt
-https://api.cloudflare.com/client/v4/accounts/{account_id}/load_balancers
-```
+:::note
+Traffic from your load balancer will appear to originate from one of Cloudflare’s IP addresses. These IP addresses must be whitelisted to ensure proper traffic flow. Ensure your routing is properly configured to return traffic to your Magic WAN tunnels and not the public Internet. Private Load Balancers created with a Cloudflare private IP address will receive an address in the CGNAT range 100.112.64.0/16
+:::
 
-To retrieve a list of all created Account Load Balancers, send a `GET` request to the same endpoint.
+## 3. FQDN override (optional)
 
-3. The `tunnel_id` parameter of the created Load Balancer is necessary for subsequent requests, so make sure to save the `tunnel_id` when you receive it in the response of the `POST` request. You can also retrieve the `tunnel_id` from the `GET` request if you need it for future operations.
+If you want your load balancer and its endpoints to be transparently accessible to users via a hostname, you can create a DNS record in your internal DNS system or create an override in Cloudflare that maps the hostname to the Load Balancer's IP address. This ensures that traffic destined for the hostname resolves to the correct IP.
 
-## 3. Deploy route to access LB
+To create the override, follow these steps:
 
-To access the new load balancer, you need to create a tunnel route. This will be done automatically for you, but in case you would need to create one yourself or add an additional one, you need to:
+1. In **Gateway**, select **Firewall policies**.
+2. In the **DNS** tab, create an override where:
+   - The **Selector** equals `Host`
+   - The **Operator** equals `is`
+   - The **Value** is the hostname you wish to associate with your load balancer.
+3. Set the **Action** to _Override_, and in **Override Hostname**, enter the IP address of your Private Load Balancer. 
 
-1. Use the `tunnel_id` of the Account Load Balancer, retrieved in the previous step. By using the `tunnel_id` of the Account Load Balancer and assigning a private network IP we are making the Load Balancer available at that IP address on the associated virtual network.
-
-2. To create a route for your Load Balancer, send a [`POST`](/api/resources/zero_trust/subresources/networks/subresources/routes/methods/create/) request to following endpoint with this sample body:
-
-```bash
-curl https://api.cloudflare.com/client/v4/accounts/{account_id}/teamnet/routes \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-"comment": "Example comment - account load balancing",
-  "network": "<PRIVATE_IP/CIDR_MASK>,
-  "tunnel_id": "<TUNNEL_ID>"
-}'
-```
-
-After completing these steps, the load balancer should be deployed with the selected private IP address and available to traffic on the same virtual network.
+Requests to the hostname will now resolve to your private load balancer.