Disabling network access

modules/ROOT/pages/platform/security/secure-connections.adoc

@@ -7,24 +7,52 @@
 label:AuraDB-Virtual-Dedicated-Cloud[]
 label:AuraDS-Enterprise[]
 
-AuraDB Virtual Dedicated Cloud and AuraDS Enterprise run in a dedicated cloud Account (AWS), Subscription (Azure) or Project (GCP) to achieve complete isolation for your deployment.
+AuraDB Virtual Dedicated Cloud and AuraDS Enterprise run in a dedicated AWS cloud account, Azure subscription or GCP project to achieve complete isolation for your deployment.
+Additional Virtual Private Cloud (VPC) boundaries enable you to operate within an isolated section of the service, where your processing, networking, and storage are further protected. 
+The Aura console resides in a separate VPC, isolated from the rest of the Aura services.
 
-Additional VPC boundaries enable you to operate within an isolated section of the service, where your processing, networking, and storage are further protected.
+== Network access
 
-The Aura Console runs in a separate VPC, separate from the rest of Aura.
+An Aura instance can be publicly available, completely private, or configured to allow both public and private access.
+To configure network access, you need to be authorized to access the part of [your system's?] infrastructure that runs and handles these instances as well as the networking used to establish secure connections between the database and the application's VPC. This includes the ability to connect over the cloud provider's private link and private endpoint.
 
-== Network access
+=== Configure network access
 
-An Aura instance can be publicly available, completely private, or both.
-To configure this, you need to be authorized to access the part of the infrastructure that runs and handles these instances as well as the networking used to establish secure connections between the database and the application's VPC.
-This includes the ability to connect over the cloud provider's private link and private endpoint.
+To configure settings for network access to your instance go to *Aura console* > *Security* > *Network access* > *New network access configuration*
+From there, you can either set up a new network access configuration, or edit current configuration settings.
 
-If your Aura instances are public, traffic to them is allowed to traverse the public internet and they are accessible with the correct username and password.
+The Aura console provides a step-by-step configuration guide to:
 
-For your instance to be completely private, turn public traffic off, use the cloud provider's network, and create a private endpoint inside your VPC, which gives you a private connection to Aura.
-The only way to connect to your database is from inside your network (your VPC in your AWS/Azure/GCP account) using an internal IP address you choose and DNS records you create.
+. Choose your Aura instance details
+. Create a VPC endpoint
+. Accept endpoint connection requests and enable private DNS in the cloud provider's console
+. Disable public traffic (optional). 
+If you disable public traffic it is highly recommended to link:https://support.neo4j.com/s/article/13174783967507-How-To-Test-Connectivity-Through-The-Private-Endpoint[Test Connectivity Through The Private Endpoint]
+
+==== Disabling public traffic
+
+You can return to Step 4 at any time to disable public traffic, even if you’ve already completed the network access configuration and initially allowed public traffic. 
+To do this, click through the steps in the network access configuration guide until you reach Step 4, where you’ll find the option to disable public traffic.
+
+Note: after disabling public traffic - the disabling does not happen immediately, you will see the status change in the console when it is complete [see Fig.1].
+
+.Network access visual
+[.shadow]
+image::network_access.png[]
 
-To select network access settings go to *Aura Console* > *Security* > *Network Access*.
+To continue accessing Browser and Bloom, you can configure a VPN in your VPC and connect to these services over the VPN. 
+There’s more information available in the KB https://support.neo4j.com/s/article/13174783967507-How-To-Test-Connectivity-Through-The-Private-Endpoint[How to test connectivity through the private endpoint].
+
+=== Public traffic
+
+If private traffic is enabled, your Aura instances are public and traffic to them is allowed to traverse the public internet and they are accessible with the correct username and password.
+
+=== Private traffic
+
+To make your instance private:
+
+For your instance to be completely private, disable public traffic, use the cloud provider's network, and create a private endpoint inside your VPC, which gives you a private connection to Aura.
+The only way to connect to your database is from inside your network (your VPC in your AWS/Azure/GCP account) using an internal IP address you choose and DNS records you create.
 
 == Private endpoints
 
@@ -65,7 +93,7 @@ Aura VPCs can't initiate connections back to your VPCs.
 ==== Browser and Bloom access over private endpoints
 
 To connect to your instance via Browser or Bloom, you must use a dedicated VPN.
-This is because when you disable public access to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
+This is because when you xref:[disable public access] to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
 
 Without private endpoints, you access Browser and Bloom over the internet:
 
@@ -124,7 +152,7 @@ Aura VPCs can't initiate connections back to your VPCs.
 ==== Browser and Bloom access over private endpoints
 
 To connect to your instance via Browser or Bloom, you must use a dedicated VPN.
-This is because when you disable public access to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
+This is because when you xref[disable public access] to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
 
 Without private endpoints, you access Browser and Bloom over the internet:
 
@@ -182,7 +210,7 @@ Aura VNets can't initiate connections back to your VNets.
 ==== Browser and Bloom access over private endpoints
 
 To connect to your instance via Browser or Bloom, you must use a dedicated VPN.
-This is because when you disable public access to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
+This is because when you xref[disable public access] to your instance, this applies to all connections, including those from your computer when using Browser or Bloom.
 
 Without private endpoints, you access Browser and Bloom over the internet:
 
@@ -260,6 +288,24 @@ The private ingress then directs the connection to the Aura instance with dbid:
 |role: read
 |=== 
 
+=== Disable public access / disable public traffic
+
+To Disable Public Acces in the Aura console, go to Security > Network Access.
+
+After clicking the checkbox for Disable Public Traffic on page 4 of 4.
+
+The change is not immediate after closing the modal.
+
+
+
+
+
+
+
+
+
+
+
 == Supported TLS cipher suites
 
 For additional security, client communications are carried via TLS v1.2 and TLS v1.3.