[CF1 IA] Start Networks folder

.github/CODEOWNERS

@@ -59,8 +59,8 @@
 /src/content/docs/cloudflare-one/applications/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/identity/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/policies/access/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-devices/ @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-networks/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/team-and-resources/devices/ @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/applications/casb/ @maxvp @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/policies/gateway/ @maxvp @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/policies/browser-isolation/ @maxvp @ranbel @cloudflare/pcx-technical-writing

public/__redirects

@@ -2352,6 +2352,8 @@
 /logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
 /logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301
 /speed/optimization/other/* /speed/optimization/ 301
+/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices 301
+/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/ 301
 
 # AI Crawl Control
 /ai-audit/* /ai-crawl-control/:splat 301
@@ -2360,6 +2362,7 @@
 /autorag/* /ai-search/:splat 301
 
 # Cloudflare One / Zero Trust
+/cloudflare-one/connections/ /cloudflare-one/ 301
 /cloudflare-one/applications/configure-apps/dash-sso-apps/ /fundamentals/account/account-security/dashboard-sso/ 301
 /cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/local/as-a-service/* /cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/:splat 301
 /cloudflare-one/connections/connect-apps/install-and-setup/deployment-guides/* /cloudflare-one/connections/connect-networks/deployment-guides/:splat 301

src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx

@@ -8,7 +8,7 @@ products:
 
 Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs.
 
-SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/).
+SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-warp-to-tunnel/).
 
 SSH with Access for Infrastructure enables you to:
 
@@ -18,4 +18,4 @@ SSH with Access for Infrastructure enables you to:
 
 ![Example of an infrastructure Access application](~/assets/images/changelog/access/infrastructure-app.png)
 
-To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
+To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/).

src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-[Browser-based RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
 
 With browser-based RDP, you can:
 
@@ -17,4 +17,4 @@ With browser-based RDP, you can:
 
 ![Example of a browsed-based RDP Access application](~/assets/images/changelog/access/browser-based-rdp-access-app.png)
 
-To get started, see [Connect to RDP in a browser](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To get started, see [Connect to RDP in a browser](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).

src/content/changelog/access/2025-08-15-sftp.mdx

@@ -6,4 +6,4 @@ products:
   - access
 ---
 
-[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.
+[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.

src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx

@@ -6,11 +6,11 @@ products:
   - access
 ---
 
-[Browser-based RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
 
 Since we announced our [open beta](/changelog/access/#2025-06-30), we've made a few improvements:
 - Support for targets with IPv6.
-- Support for [Magic WAN](/magic-wan/) and [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) as on-ramps.
+- Support for [Magic WAN](/magic-wan/) and [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) as on-ramps.
 - More robust error messaging on the login page to help you if you encounter an issue.
 - Worldwide keyboard support. Whether your day-to-day is in Portuguese, Chinese, or something in between, your browser-based RDP experience will look and feel exactly like you are using a desktop RDP client.
 - Cleaned up some other miscellaneous issues, including but not limited to enhanced support for Entra ID accounts and support for usernames with spaces, quotes, and special characters.
@@ -24,4 +24,4 @@ As a refresher, here are some benefits browser-based RDP provides:
 
 ![Example of a browser-based RDP Access application](~/assets/images/changelog/access/browser-based-rdp-access-app.png)
 
-To get started, refer to [Connect to RDP in a browser](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To get started, refer to [Connect to RDP in a browser](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).

src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx

@@ -12,4 +12,4 @@ A diagnostic report collects data from a single instance of `cloudflared` runnin
 
 <Render file="tunnel/tunnel-diag-file" product="cloudflare-one" />
 
-For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/).
+For more information, refer to [Diagnostic logs](/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/).

src/content/changelog/cloudflare-tunnel/2025-07-15-udp-improvements.mdx

@@ -6,12 +6,12 @@ date: 2025-07-15
 
 import { Render } from "~/components";
 
-Your real-time applications running over [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.
+Your real-time applications running over [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.
 
 This is a foundational improvement to Cloudflare Tunnel, delivered automatically to all customers. There are no settings to configure — your UDP traffic is already flowing faster and more reliably.
 
 **What’s new:**
 - **Faster UDP performance**: We've significantly reduced the latency for establishing new UDP sessions, making applications like private DNS much more responsive.
 - **Greater reliability for mixed traffic**: UDP packets are no longer affected by heavy TCP traffic, preventing timeouts and connection drops for your real-time services.
 
-Learn more about running [TCP or UDP applications](/reference-architecture/architectures/sase/#connecting-applications) and [private networks](/cloudflare-one/connections/connect-networks/private-net/) through [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/).
+Learn more about running [TCP or UDP applications](/reference-architecture/architectures/sase/#connecting-applications) and [private networks](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) through [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/).

src/content/changelog/cloudflare-tunnel/2025-09-02-tunnel-networks-list-endpoints-new-default.mdx

@@ -13,8 +13,8 @@ No action is required if you already explicitly set `is_deleted=false` or if you
 
 This change affects the following API endpoints:
 * List all tunnels: [`GET /accounts/{account_id}/tunnels`](/api/resources/zero_trust/subresources/tunnels/methods/list/)
-* List [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/): [`GET /accounts/{account_id}/cfd_tunnel`](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/methods/list/)
-* List [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) tunnels: [`GET /accounts/{account_id}/warp_connector`](/api/resources/zero_trust/subresources/tunnels/subresources/warp_connector/methods/list/)
+* List [Cloudflare Tunnels](/cloudflare-one/networks/connectors/cloudflare-tunnel/): [`GET /accounts/{account_id}/cfd_tunnel`](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/methods/list/)
+* List [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) tunnels: [`GET /accounts/{account_id}/warp_connector`](/api/resources/zero_trust/subresources/tunnels/subresources/warp_connector/methods/list/)
 * List tunnel routes: [`GET /accounts/{account_id}/teamnet/routes`](/api/resources/zero_trust/subresources/networks/subresources/routes/methods/list/)
 * List subnets: [`GET /accounts/{account_id}/zerotrust/subnets`](/api/resources/zero_trust/subresources/networks/subresources/subnets/methods/list/)
 * List virtual networks: [`GET /accounts/{account_id}/teamnet/virtual_networks`](/api/resources/zero_trust/subresources/networks/subresources/virtual_networks/methods/list/)

src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx

@@ -6,9 +6,9 @@ date: 2025-09-18
 
 import { Render } from "~/components";
 
-You can now route private traffic to [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) based on a hostname or domain, moving beyond the limitations of IP-based routing. This new capability is **free for all Cloudflare One customers**.
+You can now route private traffic to [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) based on a hostname or domain, moving beyond the limitations of IP-based routing. This new capability is **free for all Cloudflare One customers**.
 
-Previously, Tunnel routes could only be defined by IP address or [CIDR range](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/). This created a challenge for modern applications with dynamic or ephemeral IP addresses, often forcing administrators to maintain complex and brittle IP lists.
+Previously, Tunnel routes could only be defined by IP address or [CIDR range](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-cidr/). This created a challenge for modern applications with dynamic or ephemeral IP addresses, often forcing administrators to maintain complex and brittle IP lists.
 
 ![Hostname-based routing in Cloudflare Tunnel](~/assets/images/changelog/cloudflare-one/tunnel-hostname-routing.webp)
 
@@ -18,6 +18,6 @@ Previously, Tunnel routes could only be defined by IP address or [CIDR range](/c
 - **Precise Egress Control**: Route traffic for public hostnames (e.g., `bank.example.com`) through a specific Tunnel to enforce a dedicated source IP, solving the IP allowlist problem for third-party services.
 - **No More IP Lists**: This feature makes the workaround of maintaining dynamic IP Lists for Tunnel connections obsolete.
 
-Get started in the Tunnels section of the Zero Trust dashboard with your first [private hostname](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname/) or [public hostname](/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared/) route.
+Get started in the Tunnels section of the Zero Trust dashboard with your first [private hostname](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname/) or [public hostname](/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared/) route.
 
 Learn more in our [blog post](https://blog.cloudflare.com/tunnel-hostname-routing/).

src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx

@@ -7,14 +7,14 @@ products:
 hidden: false
 ---
 
-We're excited to introduce the [**Cloudflare Zero Trust Secure DNS Locations Write role**](/cloudflare-one/connections/connect-devices/agentless/dns/locations/#secure-dns-locations), designed to provide DNS filtering customers with granular control over third-party access when configuring their Protective DNS (PDNS) solutions.
+We're excited to introduce the [**Cloudflare Zero Trust Secure DNS Locations Write role**](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations), designed to provide DNS filtering customers with granular control over third-party access when configuring their Protective DNS (PDNS) solutions.
 
 Many DNS filtering customers rely on external service partners to manage their DNS location endpoints. This role allows you to grant access to external parties to administer DNS locations without overprovisioning their permissions.
 
 **Secure DNS Location Requirements:**
 
-- Mandate usage of [Bring your own DNS resolver IP addresses](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#bring-your-own-dns-resolver-ip) if available on the account.
+- Mandate usage of [Bring your own DNS resolver IP addresses](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips/#bring-your-own-dns-resolver-ip) if available on the account.
 
 - Require source network filtering for IPv4/IPv6/DoT endpoints; token authentication or source network filtering for the DoH endpoint.
 
-You can assign the new role via Cloudflare Dashboard (`Manage Accounts > Members`) or via API. For more information, refer to the [Secure DNS Locations documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/#secure-dns-locations).
+You can assign the new role via Cloudflare Dashboard (`Manage Accounts > Members`) or via API. For more information, refer to the [Secure DNS Locations documentation](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations).

src/content/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx

@@ -8,7 +8,7 @@ products:
 date: "2025-09-11"
 ---
 
-[Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-internet/#configure-dns-resolver-on-devices) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.
+[Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/site-to-internet/#configure-dns-resolver-on-devices) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.
 
 Routing DNS traffic to the Gateway resolver allows DNS resolution and filtering for traffic coming from private networks while preserving source internal IP visibility. This ensures Magic WAN users have full integration with our Cloudflare One features, including [Internal DNS](/cloudflare-one/policies/gateway/resolver-policies/#internal-dns) and [hostname-based policies](/cloudflare-one/policies/gateway/egress-policies/#selector-prerequisites).
 

src/content/changelog/load-balancing/2025-05-06-private-health-monitoring-methods.mdx

@@ -12,6 +12,6 @@ Cloudflare Load Balancing now supports **UDP (Layer 4)** and **ICMP (Layer 3)**
 - Use **UDP monitors** for lightweight health checks on non-TCP workloads, such as DNS, VoIP, or custom UDP-based services.
 - Gain better visibility and uptime guarantees for services running behind **Private Network Load Balancing**, without requiring public IP addresses.
 
-This enhancement is ideal for internal applications that rely on low-level protocols, especially when used in conjunction with [**Cloudflare Tunnel**](/cloudflare-one/connections/connect-networks/), [**WARP**](/cloudflare-one/connections/connect-devices/warp/), and [**Magic WAN**](/magic-wan/) to create a secure and observable private network.
+This enhancement is ideal for internal applications that rely on low-level protocols, especially when used in conjunction with [**Cloudflare Tunnel**](/cloudflare-one/networks/connectors/cloudflare-tunnel/), [**WARP**](/cloudflare-one/team-and-resources/devices/warp/), and [**Magic WAN**](/magic-wan/) to create a secure and observable private network.
 
 Learn more about [Private Network Load Balancing](/load-balancing/private-network/) or view the full list of [supported health monitor protocols](/load-balancing/monitors/#supported-protocols).

src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-android.mdx

@@ -4,10 +4,10 @@ description: Cloudflare One Agent for Android (version 2.4)
 date: 2025-03-17
 ---
 
-A new GA release for the Android Cloudflare One Agent is now available in the [Google Play Store](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
+A new GA release for the Android Cloudflare One Agent is now available in the [Google Play Store](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
 
 **Changes and improvements**
 
 - Improved in-app error messages.
-- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url).
+- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url).
 - Fixed an issue preventing admin split tunnel settings taking priority for traffic from certain applications.