diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/01-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/01-restricted-domain.png
new file mode 100644
index 00000000..94a0cf1d
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/01-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/02-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/02-restricted-domain.png
new file mode 100644
index 00000000..f9564963
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/02-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/03-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/03-restricted-domain.png
new file mode 100644
index 00000000..c0817e29
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/03-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/04-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/04-restricted-domain.png
new file mode 100644
index 00000000..8b9c9e78
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/04-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/05-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/05-restricted-domain.png
new file mode 100644
index 00000000..3bab7a74
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/05-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/06-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/06-restricted-domain.png
new file mode 100644
index 00000000..be79cabe
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/06-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/07-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/07-restricted-domain.png
new file mode 100644
index 00000000..fbcb726a
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/07-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/08-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/08-restricted-domain.png
new file mode 100644
index 00000000..2072e355
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/08-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/09-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/09-restricted-domain.png
new file mode 100644
index 00000000..0b80c197
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/09-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/10-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/10-restricted-domain.png
new file mode 100644
index 00000000..8ee48649
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/10-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/11-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/11-restricted-domain.png
new file mode 100644
index 00000000..9081aee7
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/11-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/12-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/12-restricted-domain.png
new file mode 100644
index 00000000..0a3aa342
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/12-restricted-domain.png differ
diff --git a/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/13-restricted-domain.png b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/13-restricted-domain.png
new file mode 100644
index 00000000..636f022f
Binary files /dev/null and b/public/docs-static/img/how-to-guides/accessing-restricted-domain-resources/13-restricted-domain.png differ
diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index d688b810..f1dd91cb 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -112,7 +112,7 @@ export const docsNavigation = [
links: [
{ title: 'Concept', href: '/how-to/networks' },
{ title: 'Routing traffic to multiple IP resources', href: '/how-to/routing-traffic-to-multiple-resources' },
- { title: 'Accessing restricted website domain resources', href: '/how-to/accessing-restricted-websites' },
+ { title: 'Accessing restricted website domain resources', href: '/how-to/accessing-restricted-domain-resources' },
{ title: 'Accessing entire domains within networks', href: '/how-to/accessing-entire-domains-within-networks' },
]
},
diff --git a/src/pages/how-to/accessing-restricted-domain-resources.mdx b/src/pages/how-to/accessing-restricted-domain-resources.mdx
new file mode 100644
index 00000000..2002a851
--- /dev/null
+++ b/src/pages/how-to/accessing-restricted-domain-resources.mdx
@@ -0,0 +1,158 @@
+# Accessing restricted website domain resources
+
+It is very common to find scenarios where you need to access restricted websites or services. This can be due to company policies, geographical restrictions, or even to avoid tracking. These resources are often located behind a cloud load balancer, which changes IP addresses frequently, making it hard to whitelist them. NetBird can help you access these resources by routing your traffic through a [routing peer](https://docs.netbird.io/how-to/routing-traffic-to-private-networks#routing-peer) configured with [Networks](https://docs.netbird.io/how-to/networks-concept) using [Domain resources](https://docs.netbird.io/how-to/networks-concept#resources).
+
+## Example Use Case Scenario
+
+Imagine a company that runs its accounting application at the subdomain `accounting.example.com`. The website is behind a load balancer and hosted on an EC2 instance within the company's AWS infrastructure in the EU Central region. To enhance security, the company decided to follow zero-trust principles by giving differentiated access to the finance and support teams tailored to their specific responsibilities and operational needs.
+
+To this end, the company deployed [NetBird clients](https://docs.netbird.io/how-to/getting-started) on the devices used by both the finance and support teams. Complementing this, [NetBird routing peers](https://docs.netbird.io/how-to/networks-concept#routing-peers) were configured within the AWS VPC using [setup keys](https://docs.netbird.io/how-to/setup-keys-add-servers-to-network). This configuration guarantees a solid foundation for streamlined and secure connectivity.
+
+More importantly, this setup allows the company to use NetBird's Networks and [Access Policies](https://docs.netbird.io/how-to/manage-network-access), to ensure that only authorized finance and support team members access the restricted website domain as follows:
+
+- **Finance Team**: HTTP and HTTPS access to the website frontend at `accounting.example.com` over ports `80` and `443`, respectively.
+- **Support Team**: SSH access to backend resources at `example.com` over port `22`, enabling server management, troubleshooting, and support tasks.
+
+This configuration adds another layer of security within the AWS environment, thus reinforcing the company network security framework and enhancing operational efficiency.
+
+## Creating a Network for the Restricted Website Domain
+
+To create a new network for the accounting website subdomain:
+
+* Go to `Networks` > `Networks` in NetBird's dashboard.
+* Click the `Add Network` button.
+* Give a memorable name to the network, such as `AWS EU Network`. Optionally, add a description.
+* Click `Add Network` to proceed.
+
+
+
+### Adding Routing Peers
+
+Continue the process by clicking `Add Routing Peer`. This step is necessary to enable the network's resources to be accessible to other peers.
+
+
+
+In the next window, you will see two tabs: `Routing Peers` and `Peer Group`.
+
+* Choose `Routing Peers` to add a single peer to the network, e.g., `aws-router`.
+* Alternatively, you can select `Peer Group` to add multiple peers simultaneously for high availability.
+* Click `Continue` once ready.
+
+
+
+In the `Advanced Settings` tab:
+
+* Set `Masquerade` if you want to access private networks without configuring local routers or other devices.
+* Set the `Metric` to prioritize routers. Lower values indicate higher priority.
+* Click `Add Routing Peer`.
+
+
+
+### Adding Network Resources
+
+Next, click `Add Resource` to add the accounting website resource.
+
+
+
+* Give the network resource an appropriate name, e.g., `Accounting restricted subdomain`
+* Enter the restricted website domain for the accounting website, in this example, `accounting.example.com`.
+* Under `Assigned Groups`, select or create a group, like `Accounting Subdomain`. This group will be used to create an access policy to allow the finance team access to the restricted subdomain.
+* Click `Add Resource` when done.
+
+
+
+### Creating Access Policies
+
+The last step consists of creating an access control policy. Click `Create Policy` to create a new policy for the finance team.
+
+
+
+Since the finance team only needs access to the web-based app at `accounting.example.com`, this policy will restrict access to ports: `TCP/80` for `HTTP` traffic and `TCP/443` for encrypted `HTTPS` traffic.
+
+* Under `Protocol`, select `TCP`.
+* Under `Source` choose the group corresponding to the finance team, e.g., `Finance`.
+* The `Destination` is automatically set to the group of the newly created resource, e.g., `Accounting Subdomain`.
+* Under `Ports`, enter `80` and `443`, the default ports for `HTTP` and `HTTPS` traffic.
+
+
+
+* Click `Continue` to move to the `Posture Checks` tab, where you can optionally create or select posture checks for this policy.
+* Click `Continue` again, and provide a descriptive name for the policy, e.g., `Accounting subdomain Policy`.
+* Click `Add Policy` to finish.
+
+
+
+### Setting Up Additional Resources and Access Policies
+
+Contrary to the finance team, the support team does not need access to the front end of the restricted accounting app but to the back end of the top-level domain: `example.com`, meaning you must add a new network resource and access policy for this team.
+
+To set up a new network resource:
+
+* In the `AWS EU Network` screen, click `Add Resource`.
+* Give the resource a descriptive name, for example, `Restricted Website TLD`.
+* Enter the domain, in our case, `example.com`.
+* Under `Assigned Groups`, select or create the appropriate group such as `Webserver`. This group will be used to create a policy allowing the support team to access the TLD `example.com`.
+
+
+
+Next, create an access policy for the support team. Usually, support teams only need SSH access to the website backend, meaning that they only need access to the `TCP/22` port:
+
+* Click `Add Policy` next to the `Restricted Website TLD` resource.
+* Under `Protocol`, select `TCP`.
+* Set `Source` to `Support` and `Destination` to `Webserver`. This allows the support team to access the restricted website backend over SSH.
+* Under `Ports`, enter `22`, the default port for SSH.
+* Click `Continue`.
+
+
+
+* Optionally, select or create posture checks for this policy. Click `Continue`.
+* Give a name to the policy on the final tab, such as `Restricted Website TLD Policy`.
+
+
+
+This completes the network setup. You have configured two network resources, their respective access policies, and routing peers.
+
+
+
+Now, you can review, select, or deselect available networks using NetBird's CLI.
+
+Here's the output of the `netbird networks list` command from a Finance team client:
+
+```bash
+$ netbird networks list
+Available Networks:
+
+ - ID: Accounting restricted subdomain
+ Domains: accounting.example.com
+ Status: Selected
+ Resolved IPs: -
+
+ - ID: Internal Web Services
+ Domains: *.company.internal
+ Status: Selected
+ Resolved IPs: -
+```
+
+As expected, finance members only have access to `accounting.example.com`.
+
+Here's the output from a support team workstation:
+
+```bash
+$ netbird networks list
+Available Networks:
+
+ - ID: Internal Web Services
+ Domains: *.company.internal
+ Status: Selected
+ Resolved IPs: -
+
+ - ID: Restricted Website TLD
+ Domains: example.com
+ Status: Selected
+ Resolved IPs:
+ [example.com]: 93.184.215.14, 2606:2800:21f:cb07:6820:80da:af6b:8b2c
+```
+
+As you can see, the support team only has access to the TLD `example.com`
+
+That's it! Using NetBird's Networks feature, you can efficiently create and manage custom network traffic routes and access policies for restricted website domain resources.
\ No newline at end of file
diff --git a/src/pages/how-to/accessing-restricted-websites.mdx b/src/pages/how-to/accessing-restricted-websites.mdx
deleted file mode 100644
index d398d16c..00000000
--- a/src/pages/how-to/accessing-restricted-websites.mdx
+++ /dev/null
@@ -1,81 +0,0 @@
-# Accessing restricted website domain resources
-It is very common to find scenarios where you need to access restricted websites or services. This can be due to company policies, geographical restrictions, or even to avoid tracking.
-Very often these resources are located behind a cloud load balancer, which changes IP addresses frequently, making it hard to whitelist them.
-NetBird can help you to access these resources by routing your traffic through a routing peer configured with [Networks](/how-to/networks-concept) using [Domain resources](/how-to/networks-concept#resources).
-
-## Example
-In the following scenario, we will configure access to an accounting website which should accessible only by users from finance team.
-The server is running in the company's AWS account in the EU Central region behind a load balancer, so we will create a new Network and add a `domain resource`
-to be routed using [Routing peers](/how-to/networks-concept#routing-peers) running in the AWS VPC.
-
-### Create a Network
-To create a Network, navigate to the `Networks` > `Networks` section in the NetBird dashboard:
-
-
-
-
-
-Click on `Add Network` to follow a Wizard that will guide you through the steps to create a network and add resources to it.
-
-First, we fill out the network Name and Description as shown in the image below and click `Continue`:
-
-
-
-
-
-### Add a routing peer
-Next we are asked to add a routing peer to the network. Let's click on `Add routing peer` and select a node from that VPC:
-
-
-
-
-Click on `Continue` and then accept the defaults to add a routing peer by clicking on `Add Routing Peer`:
-
-
-
-### Add a resource
-Following the guide, we are asked to add a new resource.
-
-Click on `Add Resource` and enter the domain name of the `accounting website` in this case, `accounting.example.com`:
-
-
-
-
-We can also assign a group to this resource; in this case, we will assign the group `accounting-server` to it. This way, we can create a policy that allows only the finance team to access this resource.
-
-### Add an access control policy
-Next, in the guide, we will be asked to create an access control policy. Here, we will create a policy that allows access to the `accounting-server` group of the `accounting.example.com`
-resource to peers in the `Finance team` group. They will be able to access the service ports `TCP/80` and `TCP/443`.
-
-Click on `Create Policy` and fill out the fields as shown in the image below:
-
-
-
-
-Click on `Continue` 2 times and then click on `Add Policy` to save the policy:
-
-
-
-
-### View the network
-After completing the wizard, you will be able to see the network you just created in the Networks list:
-
-
-
-
-To access a detailed view of the network, click on the network name:
-
-
-
-
-You can edit or add more resources or routing peers to the network by clicking on the `Edit` buttons of each section in the detailed view.
-
-## Get started
-
-
-
-
-- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
-- Follow us [on Twitter](https://twitter.com/netbird)
-- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-2utg2ncdz-W7LEB6toRBLE1Jca37dYpg)
-- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
\ No newline at end of file
diff --git a/src/pages/how-to/multi-factor-authentication.mdx b/src/pages/how-to/multi-factor-authentication.mdx
index 085d51e8..8f64309c 100644
--- a/src/pages/how-to/multi-factor-authentication.mdx
+++ b/src/pages/how-to/multi-factor-authentication.mdx
@@ -16,7 +16,7 @@ NetBird MFA is primarily for users with **email / password login**. It is availa
Navigate to the Dashboard's `Settings` page and the `Authentication` tab and enable or disable MFA.
After enabling, you can `Logout` and log back in to see the MFA prompt.
-- When disabling MFA, the current active MFA devices of all users will not be removed and will be re-used when MFA is enabled again. To remove MFA devices from users, check the [Reset MFA](#reset-mfa) section below.
+- When disabling MFA, the current active MFA devices of all users will not be removed and will be reused when MFA is enabled again. To remove MFA devices from users, check the [Reset MFA](#reset-mfa) section below.
- If a user is not part of the account and MFA is enabled, the first-time `Sign Up` will not require MFA. Only subsequent logins will require MFA.
-
-
-
-
-
-
-
-
-