diff --git a/app/_includes/md/konnect/cloud-gateway-networking.md b/app/_includes/md/konnect/cloud-gateway-networking.md
new file mode 100644
index 000000000000..9839832dd260
--- /dev/null
+++ b/app/_includes/md/konnect/cloud-gateway-networking.md
@@ -0,0 +1,54 @@
+<!--vale off -->
+{% mermaid %}
+flowchart LR
+
+A(API or service)
+B(API or service)
+C(API or service)
+D(<img src="/assets/images/icons/third-party/aws-transit-gateway-attachment.svg" style="max-height:32px" class="no-image-expand"/>AWS \n Transit Gateway \n attachment)
+E(<img src="/assets/images/icons/third-party/aws-transit-gateway.svg" style="max-height:32px" class="no-image-expand"/> AWS \n Transit Gateway)
+F(<img src="/assets/images/icons/third-party/aws-transit-gateway-attachment.svg" style="max-height:32px" class="no-image-expand"/>AWS \n Transit Gateway \n attachment)
+G(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+H(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+I(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+J(fa:fa-wifi \n Internet)
+
+subgraph 1 [User AWS Cloud]
+    subgraph 2 [Region]
+        subgraph 3 [Virtual Private Cloud #40;VPC#41;]
+        A
+        B
+        C
+        end
+        A & B & C <--> D
+    end
+   D<-->E
+end
+
+subgraph 4 [Kong AWS Cloud]
+    subgraph 5 [Region]
+        E<-->F
+        F <--private API \n access--> G & H & I
+        subgraph 6 [Virtual Private Cloud #40;VPC#41;]
+        G
+        H
+        I
+        end
+    end
+end
+
+G & H & I <--public API \n access--> J
+
+style A stroke:#e07113
+style B stroke:#e07113
+style C stroke:#e07113
+style D stroke:#8c4fff
+style E stroke:#8c4fff,fill:#8c4fff,color:#fff
+style F stroke:#8c4fff
+style 2 stroke:#167eba,color:#167eba,stroke-dasharray:3
+style 5 stroke:#167eba,color:#167eba,stroke-dasharray:3
+style 3 stroke:#238813,color:#238813,stroke-dasharray:3
+style 6 stroke:#238813,color:#238813,stroke-dasharray:3
+
+{% endmermaid %}
+<!--vale on-->
\ No newline at end of file
diff --git a/app/assets/images/icons/third-party/aws-transit-gateway-attachment.svg b/app/assets/images/icons/third-party/aws-transit-gateway-attachment.svg
new file mode 100644
index 000000000000..32975fc060ff
--- /dev/null
+++ b/app/assets/images/icons/third-party/aws-transit-gateway-attachment.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>Icon-Resource/Networking-and-Content-Delivery/Res_AWS-Transit-Gateway_Attachment_48</title>
+    <g id="Icon-Resource/Networking-and-Content-Delivery/Res_AWS-Transit-Gateway_Attachment_48" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <path d="M24,44 C12.972,44 4,35.028 4,24 C4,12.972 12.972,4 24,4 C35.028,4 44,12.972 44,24 C44,35.028 35.028,44 24,44 M24,2 C11.869,2 2,11.869 2,24 C2,36.131 11.869,46 24,46 C36.131,46 46,36.131 46,24 C46,11.869 36.131,2 24,2 M36,27 C34.346,27 33,25.654 33,24 C33,22.346 34.346,21 36,21 C37.654,21 39,22.346 39,24 C39,25.654 37.654,27 36,27 M12,27 C10.346,27 9,25.654 9,24 C9,22.346 10.346,21 12,21 C13.654,21 15,22.346 15,24 C15,25.654 13.654,27 12,27 M36,19 C33.586,19 31.566,20.721 31.101,23 L16.899,23 C16.434,20.721 14.414,19 12,19 C9.243,19 7,21.243 7,24 C7,26.757 9.243,29 12,29 C14.414,29 16.434,27.279 16.899,25 L31.101,25 C31.566,27.279 33.586,29 36,29 C38.757,29 41,26.757 41,24 C41,21.243 38.757,19 36,19" id="Fill-1" fill="#8C4FFF"></path>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/app/assets/images/icons/third-party/aws-transit-gateway.svg b/app/assets/images/icons/third-party/aws-transit-gateway.svg
new file mode 100644
index 000000000000..59e9d06714c1
--- /dev/null
+++ b/app/assets/images/icons/third-party/aws-transit-gateway.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="40px" height="40px" viewBox="0 0 40 40" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>Icon-Architecture/32/Arch_AWS-Transit-Gateway_32</title>
+    <g id="Icon-Architecture/32/Arch_AWS-Transit-Gateway_32" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <g id="Icon-Architecture-BG/32/Networking-Content-Delivery" fill="#8C4FFF">
+            <rect id="Rectangle" x="0" y="0" width="40" height="40"></rect>
+        </g>
+        <path d="M21.631,31.876 C22.114,31.433 22.423,30.802 22.423,30.096 C22.423,28.931 21.597,27.957 20.5,27.726 L20.5,23.509 C22.06,23.287 23.287,22.06 23.509,20.5 L27.727,20.5 C27.957,21.597 28.932,22.423 30.096,22.423 C30.802,22.423 31.433,22.114 31.876,21.631 C31.149,26.942 26.943,31.149 21.631,31.876 M8.124,21.631 C8.568,22.114 9.198,22.423 9.904,22.423 C11.068,22.423 12.043,21.597 12.274,20.5 L16.491,20.5 C16.713,22.06 17.941,23.287 19.5,23.509 L19.5,27.726 C18.403,27.957 17.577,28.931 17.577,30.096 C17.577,30.802 17.886,31.433 18.369,31.876 C13.058,31.149 8.852,26.942 8.124,21.631 M11.327,20 C11.327,20.785 10.689,21.423 9.904,21.423 C9.119,21.423 8.481,20.785 8.481,20 C8.481,19.215 9.119,18.577 9.904,18.577 C10.689,18.577 11.327,19.215 11.327,20 M18.369,8.124 C17.886,8.567 17.577,9.198 17.577,9.904 C17.577,11.069 18.403,12.043 19.5,12.274 L19.5,16.491 C17.941,16.713 16.713,17.94 16.491,19.5 L12.274,19.5 C12.043,18.403 11.068,17.577 9.904,17.577 C9.198,17.577 8.568,17.886 8.124,18.369 C8.852,13.058 13.058,8.851 18.369,8.124 M20,8.481 C20.784,8.481 21.423,9.119 21.423,9.904 C21.423,10.689 20.784,11.327 20,11.327 C19.216,11.327 18.577,10.689 18.577,9.904 C18.577,9.119 19.216,8.481 20,8.481 M20,22.56 C18.589,22.56 17.441,21.411 17.441,20 C17.441,18.589 18.589,17.44 20,17.44 C21.411,17.44 22.56,18.589 22.56,20 C22.56,21.411 21.411,22.56 20,22.56 M20,31.519 C19.216,31.519 18.577,30.881 18.577,30.096 C18.577,29.312 19.216,28.673 20,28.673 C20.784,28.673 21.423,29.312 21.423,30.096 C21.423,30.881 20.784,31.519 20,31.519 M31.52,20 C31.52,20.785 30.881,21.423 30.096,21.423 C29.312,21.423 28.673,20.785 28.673,20 C28.673,19.215 29.312,18.577 30.096,18.577 C30.881,18.577 31.52,19.215 31.52,20 M31.876,18.369 C31.433,17.886 30.802,17.577 30.096,17.577 C28.932,17.577 27.957,18.403 27.727,19.5 L23.509,19.5 C23.287,17.94 22.06,16.713 20.5,16.491 L20.5,12.274 C21.597,12.043 22.423,11.069 22.423,9.904 C22.423,9.198 22.114,8.567 21.631,8.124 C26.943,8.851 31.149,13.058 31.876,18.369 M20,7 C12.832,7 7,12.832 7,20 C7,27.168 12.832,33 20,33 C27.168,33 33,27.168 33,20 C33,12.832 27.168,7 20,7" id="AWS-Transit-Gateway_Icon_32_Squid" fill="#FFFFFF"></path>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/app/konnect/gateway-manager/data-plane-nodes/transit-gateways.md b/app/konnect/gateway-manager/data-plane-nodes/transit-gateways.md
index c302ac7ea231..7318c8209211 100644
--- a/app/konnect/gateway-manager/data-plane-nodes/transit-gateways.md
+++ b/app/konnect/gateway-manager/data-plane-nodes/transit-gateways.md
@@ -5,6 +5,16 @@ title: How to configure Transit Gateway
 
 This guide walks you through connecting your {{site.konnect_short_name}}-managed Dedicated Cloud Gateways to AWS Transit Gateway, providing a secure and private channel for your API traffic.
 
+## How do Transit Gateways work?
+
+{% include_cached /md/konnect/cloud-gateway-networking.md %}
+
+> _**Figure 3:** In this diagram, the User AWS account represents you are running your microservices, APIs, or applications. 
+You can connect your infrastructure securely to {{site.konnect_short_name}} through an AWS Transit Gateway. 
+On the Kong side, the Kong AWS Cloud is the cloud account running your Dedicated Cloud Gateways, which ingests traffic coming in from the Transit Gateway and securely exposes it to the internet._
+
+To establish private connectivity between the {{site.konnect_short_name}} network and your account or VPC, you need to allow traffic via the [AWS RAM shared resource flow](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html). 
+
 ## Prerequisites 
 
 
diff --git a/app/konnect/gateway-manager/dedicated-cloud-gateways.md b/app/konnect/gateway-manager/dedicated-cloud-gateways.md
index 493fd6caaa6f..2cfbd9d85282 100644
--- a/app/konnect/gateway-manager/dedicated-cloud-gateways.md
+++ b/app/konnect/gateway-manager/dedicated-cloud-gateways.md
@@ -17,7 +17,7 @@ Dedicated Cloud Gateways offer the following benefits:
 You can manage your Dedicated Cloud Gateway nodes in [Gateway Manager](https://cloud.konghq.com/gateway-manager/).
 
 <img src="/assets/images/products/konnect/gateway-manager/konnect-control-plane-cloud-gateway-wizard.png" alt="cloud gateway wizard" width="1080">
-> _**Figure 3:** The Dedicated Cloud Gateway wizard in the {{site.konnect_short_name}} UI. The wizard allows you to configure the {{site.base_gateway}} version, mode, cluster region, and API access level._
+> _**Figure 1:** The Dedicated Cloud Gateway wizard in the {{site.konnect_short_name}} UI. The wizard allows you to configure the {{site.base_gateway}} version, mode, cluster region, and API access level._
 
 
 ## How do Dedicated Cloud Gateways work? {#dedicated-features}
@@ -37,7 +37,13 @@ Because data plane nodes in Autopilot configuration mode automatically scale, yo
 
 Control planes in {{site.konnect_short_name}} **cannot** contain both Dedicated Cloud Gateway and self-managed data plane nodes.
 
+## Private vs public networks
 
+Dedicated Cloud Gateways support public and private networking.
+* **Public networking:** Easy access to services and APIs, but low security. We recommend only using this option for testing.
+* **Private networking:** A secure way to expose your APIs to the internet.
+ 
+You can set up private networking for Dedicated Cloud Gateways with [AWS Transit Gateways](/konnect/gateway-manager/data-plane-nodes/transit-gateways/).
 
 ## More information