diff --git a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/dns.mdx b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/dns.mdx
index 940e9ffea38df15..e6ed33199473623 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/dns.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/dns.mdx
@@ -25,7 +25,7 @@ To filter DNS requests from an individual device such as a laptop or phone:
1. [Install the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) on your device.
2. In the WARP client Settings, log in to your organization's Zero Trust instance.
-3. (Optional) If you want to display a [custom block page](/cloudflare-one/policies/gateway/block-page/), [install the Cloudflare root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on your device.
+3. (Optional) If you want to display a [custom block page](/cloudflare-one/policies/gateway/block-page/), [install a Cloudflare root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on your device.
### Connect DNS locations
@@ -44,20 +44,16 @@ Gateway identifies locations differently depending on the DNS query protocol:
## 2. Verify device connectivity
+To verify your device is connected to Zero Trust:
+
-## 3. Add recommended policies
-
-To create a new DNS policy, go to **Gateway** > **Firewall policies** > **DNS** in Zero Trust. We recommend adding the following policy:
-
-### Block all security categories
-
-Block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence.
+## 3. Create your first DNS policy
-
+
## 4. Add optional policies
diff --git a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
index 2741e8dceaf771d..461e7ef78ac9805 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
@@ -30,27 +30,16 @@ To filter HTTP requests from a device:
## 2. Verify device connectivity
+To verify your device is connected to Zero Trust:
+
-## 3. Add recommended policies
-
-To create a new HTTP policy, go to **Gateway** > **Firewall policies** > **HTTP** in Zero Trust.
-We recommend adding the following policies:
-
-### Bypass inspection for incompatible applications
-
-Bypass HTTP inspection for applications which use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations). This will help avoid any incompatibilities that may arise from an initial rollout. By the _Do Not Inspect_ app type, Gateway will filter any new applications when they are added to the group.
-
-
-
-### Block all security categories
-
-Block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence.
+## 3. Create your first HTTP policy
-
+
## 4. Add optional policies
diff --git a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/network.mdx b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/network.mdx
index c6c0a0478545c3d..a4dc0147d74ef8b 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/initial-setup/network.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/initial-setup/network.mdx
@@ -8,7 +8,7 @@ head:
content: Set up network filtering
---
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
Secure Web Gateway allows you to apply policies at the network level (Layers 3 and 4) to control which websites and non-HTTP applications users can access.
@@ -34,6 +34,8 @@ To filter traffic from private networks, refer to the [Cloudflare Tunnel guide](
## 2. Verify device connectivity
+To verify your device is connected to Zero Trust:
+
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**.
2. Under **Gateway logging**, enable activity logging for all Network logs.
3. On your WARP-enabled device, open a browser and visit any website.
@@ -43,6 +45,10 @@ To filter traffic from private networks, refer to the [Cloudflare Tunnel guide](
3. Note the **Public IP**.
5. In Zero Trust, go to **Logs** > **Gateway** > **Network**. Before building Network policies, make sure you see Network logs from the Source IP assigned to your device.
-## 3. Add policies
+## 3. Create your first network policy
+
+
+
+## 4. Add optional policies
-To create a new network policy, go to **Gateway** > **Firewall policies** > **Network** in Zero Trust. Refer to our list of [common network policies](/cloudflare-one/policies/gateway/network-policies/common-policies) for policies you may want to create.
+Refer to our list of [common network policies](/cloudflare-one/policies/gateway/network-policies/common-policies) for policies you may want to create.
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-policy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-policy.mdx
index 93d8565fead5904..984d2120868d741 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-policy.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-policy.mdx
@@ -11,17 +11,4 @@ DNS policies determine how Gateway should handle a DNS request. When a user send
You can filter DNS traffic based on query or response parameters (such as domain, source IP, or geolocation). You can also filter by user identity if you connect your devices to Gateway with the [WARP client or Cloudflare One Agent](/learning-paths/secure-internet-traffic/connect-devices-networks/install-agent/).
-To create a new DNS policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-2. In the **DNS** tab, select **Add a policy**.
-3. Name the policy.
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression. For example, we recommend adding a policy to block all [security categories](/cloudflare-one/policies/gateway/domain-categories/#security-categories):
-
-6. Select **Create policy**.
-
-For more information, refer to [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
+
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
index 2b566ef29b4e199..43d81c2b197e158 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/create-policy.mdx
@@ -13,26 +13,10 @@ Now that you have considered which devices and applications TLS inspection shoul
Use a standard naming convention when building all policies. Policy names should be unique across the Cloudflare account, follow the same structure, and be as descriptive as possible.
-To create a new HTTP policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-
-2. In the **HTTP** tab, select **Add a policy**.
-
-3. Name the policy.
-
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-
-5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
-
-
-
-6. Select **Create policy**.
-
-For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
+
## Order your policies
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
index f851a8d4abf54b2..b16bee0681ae60f 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
@@ -9,17 +9,7 @@ import { Render } from "~/components";
You can control network-level traffic by filtering requests by selectors such as IP addresses and ports. You can also integrate network policies with an [identity provider](/cloudflare-one/identity/idp-integration/) to apply identity-based filtering.
-To create a new network policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-2. In the **Network** tab, select **Add a policy**.
-3. Name the policy.
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression.
-
-6. Select **Create policy**.
-
-For more information, refer to [network policies](/cloudflare-one/policies/gateway/network-policies/).
+
diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx
new file mode 100644
index 000000000000000..d64fbee19051925
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx
@@ -0,0 +1,20 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new DNS policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **DNS** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, we recommend adding a policy to block all [security categories](/cloudflare-one/policies/gateway/domain-categories/#security-categories):
+
+6. Select **Create policy**.
+
+For more information, refer to [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx
new file mode 100644
index 000000000000000..d146717bc39f976
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/get-started/create-http-policy.mdx
@@ -0,0 +1,29 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new HTTP policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **HTTP** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
+
+
+
+ Cloudflare also recommends adding a policy to block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence:
+
+
+
+6. Select **Create policy**.
+
+For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx
new file mode 100644
index 000000000000000..93e7cd9acb26c15
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/get-started/create-network-policy.mdx
@@ -0,0 +1,20 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new network policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **Network** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression.
+
+6. Select **Create policy**.
+
+For more information, refer to [network policies](/cloudflare-one/policies/gateway/network-policies/).