From 06e792bd97d5535a44182ffa55fdde41b23e3b94 Mon Sep 17 00:00:00 2001
From: Kemi-Elizabeth <97071326+Kemi-Elizabeth@users.noreply.github.com>
Date: Tue, 16 Dec 2025 15:29:25 +0000
Subject: [PATCH 1/8] feat: added notes and new pages

Added managed fastly and fastly WAF pages and also added premium service banners to elasticsearch and mongodb pages
---
 sites/upsun/src/add-services/elasticsearch.md | 13 ++-
 sites/upsun/src/add-services/mongodb.md       |  8 ++
 sites/upsun/src/domains/cdn/managed-fastly.md | 95 +++++++++++++++++++
 sites/upsun/src/security/fasty-waf.md         | 41 ++++++++
 4 files changed, 152 insertions(+), 5 deletions(-)
 create mode 100644 sites/upsun/src/domains/cdn/managed-fastly.md
 create mode 100644 sites/upsun/src/security/fasty-waf.md

diff --git a/sites/upsun/src/add-services/elasticsearch.md b/sites/upsun/src/add-services/elasticsearch.md
index 9507b7d753..76faa66be8 100644
--- a/sites/upsun/src/add-services/elasticsearch.md
+++ b/sites/upsun/src/add-services/elasticsearch.md
@@ -13,11 +13,6 @@ See the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsea
 
 ## Supported versions
 
-{{% note title="Premium Service" theme="info" %}}
-Elasticsearch versions 7.11 or later are no longer included in any {{< vendor/name >}} plan.
-You need to add it separately at an additional cost.
-To add Elasticsearch, [contact Sales]({{< vendor/urlraw "sales" >}}).
-{{% /note %}}
 
 You can select the major and minor version.
 
@@ -25,6 +20,14 @@ Patch versions are applied periodically for bug fixes and the like. When you dep
 
 {{< image-versions image="elasticsearch" status="supported" environment="grid" >}}
 
+### Enterprise edition
+
+{{% note title="Premium Service" theme="info" %}}
+Elasticsearch versions 7.11 or later are no longer included in any {{< vendor/name >}} plan.
+You need to add it separately at an additional cost.
+To add Elasticsearch, [contact Sales]({{< vendor/urlraw "sales" >}}).
+{{% /note %}}
+
 ## Deprecated versions
 
 The following versions are still available in your projects for free,
diff --git a/sites/upsun/src/add-services/mongodb.md b/sites/upsun/src/add-services/mongodb.md
index 80efaad067..a440e531c7 100644
--- a/sites/upsun/src/add-services/mongodb.md
+++ b/sites/upsun/src/add-services/mongodb.md
@@ -21,6 +21,14 @@ When you deploy your app, you always get the latest available patches.
 
 {{< image-versions image="mongodb-enterprise" status="deprecated" environment="grid" >}}
 
+### Enterprise edition
+
+{{% note title="Premium Service" theme="info" %}}
+MongoDB Enterprise isn’t included in any {{< vendor/name >}} plan.
+You need to add it separately at an additional cost.
+To add MongoDB Enterprise, [contact Sales](https://upsun.com/contact-us/).
+{{% /note %}}
+
 ### Legacy edition
 
 Previous non-Enterprise versions are available in your projects (and are listed below),
diff --git a/sites/upsun/src/domains/cdn/managed-fastly.md b/sites/upsun/src/domains/cdn/managed-fastly.md
new file mode 100644
index 0000000000..895875cb24
--- /dev/null
+++ b/sites/upsun/src/domains/cdn/managed-fastly.md
@@ -0,0 +1,95 @@
+---
+title: "Managed Fastly CDN"
+sidebarTitle: "Managed Fastly CDN"
+weight: 2
+description: Bring your content closer to users with a Fastly CDN fully managed by {{% vendor/name %}}.
+banner:
+    type: tiered-feature
+keywords:
+  - mTLS
+---
+
+Instead of starting your own Fastly subscription and [managing your CDN yourself](/domains/cdn/fastly.md),
+you can take advantage of a Fastly CDN provided by {{% vendor/name %}}.
+For example, Dedicated projects include a managed Fastly CDN by default.
+These CDNs are exclusively set up and managed by {{% vendor/name %}}.
+
+To modify any settings for a managed Fastly CDN, open a [support ticket](/learn/overview/get-support.md).
+To add a managed Fastly CDN to your project,[contact sales](https://upsun.com/contact-us/).
+
+{{< note theme="Info" >}}
+{{% vendor/name %}} does not write nor debug any custom VCL on Managed Fastly CDN services.
+{{< /note >}}
+
+{{< note theme="note" title="Monitor CDN metrics">}}
+
+You can access a summary of your monthly traffic usage under the "Traffic this month" section at the Project level inside [Console](https://console.upsun.com/). This will help you monitor your monthly bandwidth and requests consumption. 
+
+In this summary, you will find specific details about:
+
+- **Origin Bandwidth:** Data transferred from origin servers (in TB).
+
+- **Origin Requests:** Requests served by origin servers (in millions of requests).
+
+- **CDN Bandwidth & CDN Requests:** Shown if you have Fastly CDN enabled.
+
+This data is updated daily and will reflect your traffic usage throughout the billing period. 
+
+{{< /note >}}
+
+{{< note theme="info" title="Set up traffic alerts">}}
+
+You can also set up consumption alerts for your resource usage. Click the Alert button in the "Traffic this month" block within [Console](https://console.upsun.com/) to configure usage thresholds. For more information, head to the [Pricing docs page](/administration/pricing.html#monthly-traffic-alerts).
+
+{{< /note >}}
+
+### Domain control validation
+
+When you request for a new domain to be added to your Fastly service,
+{{% vendor/name %}} support provides you with a [`CNAME` record](/domains/steps/dns.md) for [domain control validation](/domains/troubleshoot.md#ownership-verification).
+To add this `CNAME` record to your domain settings,
+see how to [configure your DNS provider](/domains/steps/_index.md#2-configure-your-dns-provider).
+
+### Transport Layer Security (TLS) certificates
+
+By default, Enterprise and Elite plans include two [TLS certificates](/glossary/_index.md#transport-layer-security-tls),
+an apex and a wildcard one.
+This allows for encryption of all traffic between your users and your app.
+
+If you use a Fastly CDN provided by {{% vendor/name %}},
+you can provide your own third-party TLS certificates for an additional fee.
+
+To do so, if you don't have one,
+set up a [mount](/create-apps/image-properties/mounts.md) that isn't accessible to the web.
+Use an environment with access limited to {{% vendor/name %}} support and trusted users.
+[Transfer](/development/file-transfer.md) each certificate, its unencrypted private key,
+and the intermediate certificate to the mount.
+To notify {{% vendor/name %}} that a certificate is to be added to your CDN configuration,
+open a [support ticket](/learn/overview/get-support.md).
+
+If you need an Extended Validation TLS certificate,
+you can get it from any TLS provider.
+To add it to your CDN configuration, open a [support ticket](/learn/overview/get-support.md).
+
+Note that when you add your own third-party TLS certificates,
+you are responsible for renewing them in due time.
+Failure to do so may result in outages and compromised security for your site.
+
+### Retrieve your Fastly API token
+
+The API token for your managed Fastly CDN is stored in the `FASTLY_API_TOKEN` or the `FASTLY_KEY` environment variables.
+
+This variable is usually set in the `/master/settings/variables` folder of your project,
+and you can access it [from a shell](/development/variables/use-variables.md#access-variables-in-a-shell)
+or directly [in your app](/development/variables/use-variables.md#access-variables-in-your-app).
+
+{{% note %}}
+
+Dedicated (gen2) projects may not have the `FASTLY_*` environment variable(s) set.</br>
+In this case, the Fastly API token is stored in a text file called `fastly_tokens.txt` on the server,
+typically located at `/mnt/shared/fastly_tokens.txt`.
+
+{{% /note %}}
+
+## Dynamic ACL and rate limiting
+For details about updating an access control list (ACL) and applying rate limiting, check out the [Working with {{% vendor/name %}} rate-limiting implementation](https://support.platform.sh/hc/en-us/articles/29528777071890-Upsun-Fastly-Rate-Limiting-How-it-works-how-to-tune-it) article in the {{% vendor/name %}} Community.
\ No newline at end of file
diff --git a/sites/upsun/src/security/fasty-waf.md b/sites/upsun/src/security/fasty-waf.md
new file mode 100644
index 0000000000..e56841cb91
--- /dev/null
+++ b/sites/upsun/src/security/fasty-waf.md
@@ -0,0 +1,41 @@
+---
+title: Fastly WAF
+description: "Find out about the offers you can choose from to subscribe to the Fastly Next-Gen Web Application Firewall (WAF) through {{% vendor/name %}}."
+weight: 2
+banner:
+    type: tiered-feature
+---
+
+On top of the [{{% vendor/name %}} Web Application Firewall (WAF)](/security/web-application-firewall/waf.md) included in {{% vendor/name %}} Enterprise and Elite plans, you can subscribe to the Fastly Next-Gen WAF to further protect your app from security threats.
+
+## Available offers
+
+If you want to subscribe to the Fastly Next-Gen WAF through {{% vendor/name %}},
+you can choose from two offers:
+
+- If you subscribe to the **Basic** offer, your WAF is fully managed by {{% vendor/name %}}
+- If you subscribe to the **Basic configurable** offer, your WAF is fully managed by {{% vendor/name %}} too, but with additional flexibility and visibility provided
+
+To view a list of all the features included in each offer, see the following table.
+
+{{< note theme="info" >}}
+
+Links to the official [Fastly Next-Gen WAF documentation](https://docs.fastly.com/products/fastly-next-gen-waf) are provided for reference only.
+The offers described on this page have been designed specifically for {{% vendor/name %}} customers.
+Included features may present limitations compared to those advertised by Fastly to their direct customers.
+
+{{< /note >}}
+
+| Capability                                                                                                                                          | Basic offer     | Basic configurable offer          |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|-----------------------------------|
+| Available modes                                                                                                                                     | Block mode only | Block, not blocking, off modes    |
+| [Default attack signals](https://docs.fastly.com/signalsciences/using-signal-sciences/signals/using-system-signals/#attacks)                        | Yes             | Yes                               |
+| [Default anomaly signals](https://docs.fastly.com/signalsciences/using-signal-sciences/signals/using-system-signals/#anomalies)                     | Yes             | Yes                               |
+| [Virtual patching](https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/working-with-templated-rules/#virtual-patching-rules) | No              | Yes, in block mode only           |
+| [Default dashboards](https://docs.fastly.com/signalsciences/using-signal-sciences/web-interface/about-the-site-overview-page/)                      | No              | During quarterly business reviews |
+| [Custom response codes](https://docs.fastly.com/signalsciences/using-signal-sciences/custom-response-codes/)                                        | No              | No                                |
+| [Custom signals](https://docs.fastly.com/signalsciences/using-signal-sciences/signals/working-with-custom-signals/)                                 | No              | No                                |
+| [Standard API & ATO signals](https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/working-with-templated-rules/)              | No              | No                                |
+
+To subscribe to a Fastly Next-Gen WAF offer through {{% vendor/name %}},
+[contact Sales](https://upsun.com/contact-us/).

From ced11847295642a9d83e025f6104269842613afc Mon Sep 17 00:00:00 2001
From: Kemi-Elizabeth <97071326+Kemi-Elizabeth@users.noreply.github.com>
Date: Tue, 16 Dec 2025 17:27:24 +0000
Subject: [PATCH 2/8] added fixed org page

added page about how to get a fixed organization
---
 .../src/administration/organizations.md       | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index 9b8b303b6c..efc302e486 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -171,6 +171,30 @@ Ideal for workloads that evolve over time or have dynamic resource requirements.
 ### What can you do?
 When creating a new organization, users will be able to select the organization type from a drop-down option based on their preference. Once the organization is created, users can manage their organizations like they do today.
 
+# Requesting a Fixed organization
+
+Customers with existing contracts that include eligibility for a Fixed organization can request one through our [support team](/learn/overview/get-support.md).
+
+## How to request a Fixed organization
+
+To request a Fixed organization, follow these steps:
+
+### 1. Submit a Support Ticket
+
+Open a [support ticket](/learn/overview/get-support.md) and specify that you would like a Fixed organization.
+
+- **Category:** Access  
+- **Priority:** Low / Normal (as required)  
+- **Description:** Make sure to include the **organisation name** you would like.
+
+Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you once the organization is ready, and your ticket will be closed.
+
+{{< note theme="info" title="Availability">}}
+
+Fixed organizations are available only to existing Fixed customers under current contracts. New customers will receive the Flex organization type.
+
+{{< /note >}}
+
 ### Feature differences
 
 #### Developer experience
@@ -248,6 +272,7 @@ When creating a new organization, users will be able to select the organization
 | PCI DSS Level 1-compatible | Yes | Yes |
 | HIPAA | Enterprise and Elite only in specific regions | Coming soon |
 
+
 ### Fixed and Flex FAQs
 
 #### What happens to my URL?

From fa5637f55bb7dcc0cbb474e67b6cca8c14e4a721 Mon Sep 17 00:00:00 2001
From: Kemi-Elizabeth <97071326+Kemi-Elizabeth@users.noreply.github.com>
Date: Tue, 16 Dec 2025 17:28:21 +0000
Subject: [PATCH 3/8] feat: fixed capitals

fixed capitals in heading
---
 sites/platform/src/administration/organizations.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index efc302e486..bbf41ac325 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -179,7 +179,7 @@ Customers with existing contracts that include eligibility for a Fixed organizat
 
 To request a Fixed organization, follow these steps:
 
-### 1. Submit a Support Ticket
+### 1. Submit a support ticket
 
 Open a [support ticket](/learn/overview/get-support.md) and specify that you would like a Fixed organization.
 

From 02e943c3f01355448e64babfe17810e0bd76f072 Mon Sep 17 00:00:00 2001
From: C T <215163593+catplat@users.noreply.github.com>
Date: Fri, 19 Dec 2025 06:14:12 -0500
Subject: [PATCH 4/8] Apply suggestions from code review

---
 .../src/administration/organizations.md         | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index bbf41ac325..0611db0fcd 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -168,30 +168,25 @@ Ideal for workloads that evolve over time or have dynamic resource requirements.
 
 {{< /note >}}
 
-### What can you do?
-When creating a new organization, users will be able to select the organization type from a drop-down option based on their preference. Once the organization is created, users can manage their organizations like they do today.
 
-# Requesting a Fixed organization
+## Create a Fixed organization
 
-Customers with existing contracts that include eligibility for a Fixed organization can request one through our [support team](/learn/overview/get-support.md).
 
-## How to request a Fixed organization
 
-To request a Fixed organization, follow these steps:
 
-### 1. Submit a support ticket
 
-Open a [support ticket](/learn/overview/get-support.md) and specify that you would like a Fixed organization.
+To create a Fixed organization, please open a [support ticket](/learn/overview/get-support.md), and indicate the following information in your ticket:
 
+- Indicate that you are requesting the creation of a Fixed organization.
 - **Category:** Access  
 - **Priority:** Low / Normal (as required)  
-- **Description:** Make sure to include the **organisation name** you would like.
+- **Description:** Make sure to include the **organization name** you would like.
 
-Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you once the organization is ready, and your ticket will be closed.
+Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you when the organization is ready, and your ticket will be closed.
 
 {{< note theme="info" title="Availability">}}
 
-Fixed organizations are available only to existing Fixed customers under current contracts. New customers will receive the Flex organization type.
+Only Upsun Fixed customers under current contracts can request the creation of a Fixed organization. For new and existing Upsun Flex customers, all new organization types are Flex organizations, which you can create yourself in the Console.
 
 {{< /note >}}
 

From d490a76c213653386c7e3a9b08d18626bc86133b Mon Sep 17 00:00:00 2001
From: C T <215163593+catplat@users.noreply.github.com>
Date: Fri, 19 Dec 2025 06:40:50 -0500
Subject: [PATCH 5/8] Apply suggestions from code review

---
 sites/platform/src/administration/organizations.md | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index 0611db0fcd..5bc2f29502 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -171,9 +171,9 @@ Ideal for workloads that evolve over time or have dynamic resource requirements.
 
 ## Create a Fixed organization
 
+**Only {{% vendor/name %}} customers under current contracts can create a Fixed organization, and this is accomplished by opening a support ticket as described below.** 
 
-
-
+For all other customers, all new organization types are Flex organizations, which you can create yourself by using the Console or CLI as described above.
 
 To create a Fixed organization, please open a [support ticket](/learn/overview/get-support.md), and indicate the following information in your ticket:
 
@@ -184,11 +184,6 @@ To create a Fixed organization, please open a [support ticket](/learn/overview/g
 
 Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you when the organization is ready, and your ticket will be closed.
 
-{{< note theme="info" title="Availability">}}
-
-Only Upsun Fixed customers under current contracts can request the creation of a Fixed organization. For new and existing Upsun Flex customers, all new organization types are Flex organizations, which you can create yourself in the Console.
-
-{{< /note >}}
 
 ### Feature differences
 

From 7f752c0e526894f6254588d2d1254bf5464f9069 Mon Sep 17 00:00:00 2001
From: C T <215163593+catplat@users.noreply.github.com>
Date: Fri, 19 Dec 2025 06:44:14 -0500
Subject: [PATCH 6/8] Add Flex to subtitle

---
 sites/platform/src/administration/organizations.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index 5bc2f29502..e5dbd298e8 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -61,7 +61,7 @@ title=Using the Console
 
 {{< /codetabs >}}
 
-## Create a new organization
+## Create a Flex organization {#create-flex-organization}
 
 You can create new organizations with different payment methods and billing addresses
 and organize your projects as you want.

From 5ea4d5450977c6049b2470f52fd2eef7dfe8fab1 Mon Sep 17 00:00:00 2001
From: C T <215163593+catplat@users.noreply.github.com>
Date: Fri, 19 Dec 2025 07:09:09 -0500
Subject: [PATCH 7/8] Move Create a Fixed org section

---
 .../src/administration/organizations.md       | 31 +++++++++----------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/sites/platform/src/administration/organizations.md b/sites/platform/src/administration/organizations.md
index e5dbd298e8..677c090b49 100644
--- a/sites/platform/src/administration/organizations.md
+++ b/sites/platform/src/administration/organizations.md
@@ -61,6 +61,21 @@ title=Using the Console
 
 {{< /codetabs >}}
 
+## Create a Fixed organization
+
+**This option is available only to {{% vendor/name %}} customers under current contracts.** 
+
+For all other customers, all new organization types are Flex organizations, which you can create yourself by using the Console or CLI as described in [Create a Flex organization](#create-flex-organization) below.
+
+To create a Fixed organization, please open a [support ticket](/learn/overview/get-support.md), and indicate the following information in your ticket:
+
+- Indicate that you are requesting the creation of a Fixed organization.
+- **Category:** Access  
+- **Priority:** Low / Normal (as required)  
+- **Description:** Make sure to include the **organization name** you would like.
+
+Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you when the organization is ready, and your ticket will be closed.
+
 ## Create a Flex organization {#create-flex-organization}
 
 You can create new organizations with different payment methods and billing addresses
@@ -169,22 +184,6 @@ Ideal for workloads that evolve over time or have dynamic resource requirements.
 {{< /note >}}
 
 
-## Create a Fixed organization
-
-**Only {{% vendor/name %}} customers under current contracts can create a Fixed organization, and this is accomplished by opening a support ticket as described below.** 
-
-For all other customers, all new organization types are Flex organizations, which you can create yourself by using the Console or CLI as described above.
-
-To create a Fixed organization, please open a [support ticket](/learn/overview/get-support.md), and indicate the following information in your ticket:
-
-- Indicate that you are requesting the creation of a Fixed organization.
-- **Category:** Access  
-- **Priority:** Low / Normal (as required)  
-- **Description:** Make sure to include the **organization name** you would like.
-
-Our Support team will verify your eligibility for a Fixed organization. Once approved, a Fixed organization will be created on your behalf. Support will notify you when the organization is ready, and your ticket will be closed.
-
-
 ### Feature differences
 
 #### Developer experience

From bce06a8d2cab9b635699cca1d3d9578e91b9ccbf Mon Sep 17 00:00:00 2001
From: C T <215163593+catplat@users.noreply.github.com>
Date: Fri, 19 Dec 2025 17:53:18 -0500
Subject: [PATCH 8/8] Copy approved changes from Fixed content in PR5280 to
 Flex content

---
 sites/upsun/src/domains/cdn/managed-fastly.md |  75 +++++++++---
 sites/upsun/src/security/fasty-waf.md         | 107 +++++++++++++++++-
 2 files changed, 165 insertions(+), 17 deletions(-)

diff --git a/sites/upsun/src/domains/cdn/managed-fastly.md b/sites/upsun/src/domains/cdn/managed-fastly.md
index 895875cb24..cac279f13a 100644
--- a/sites/upsun/src/domains/cdn/managed-fastly.md
+++ b/sites/upsun/src/domains/cdn/managed-fastly.md
@@ -3,19 +3,16 @@ title: "Managed Fastly CDN"
 sidebarTitle: "Managed Fastly CDN"
 weight: 2
 description: Bring your content closer to users with a Fastly CDN fully managed by {{% vendor/name %}}.
-banner:
-    type: tiered-feature
 keywords:
   - mTLS
 ---
 
 Instead of starting your own Fastly subscription and [managing your CDN yourself](/domains/cdn/fastly.md),
 you can take advantage of a Fastly CDN provided by {{% vendor/name %}}.
-For example, Dedicated projects include a managed Fastly CDN by default.
 These CDNs are exclusively set up and managed by {{% vendor/name %}}.
 
 To modify any settings for a managed Fastly CDN, open a [support ticket](/learn/overview/get-support.md).
-To add a managed Fastly CDN to your project,[contact sales](https://upsun.com/contact-us/).
+To add a managed Fastly CDN to your project, [contact sales](https://upsun.com/contact-us/).
 
 {{< note theme="Info" >}}
 {{% vendor/name %}} does not write nor debug any custom VCL on Managed Fastly CDN services.
@@ -43,17 +40,32 @@ You can also set up consumption alerts for your resource usage. Click the Alert
 
 {{< /note >}}
 
+## How Managed Fastly works
+
+{{% vendor/name %}}’s Managed Fastly CDN routes incoming traffic through the Fastly edge network before requests reach your application. This enables global caching, edge logic (VCL), performance optimisation, and optional security features.
+
+The Fastly CDN must be provisioned and managed by {{% vendor/name %}}. Features such as the {{% vendor/name %}} Web Application Firewall (WAF), edge rate limiting, and image optimization depend on this managed integration and cannot be used with a customer-managed Fastly account.
+
+Once enabled, Fastly operates as the first point of contact for all HTTP requests, allowing requests to be cached, filtered, transformed, or blocked entirely at the edge.
+
+{{< note theme="info" title="Feature dependencies">}}
+
+- The {{% vendor/name %}} WAF requires the {{% vendor/name %}} Managed Fastly CDN.
+- Customers cannot attach the WAF to an existing third-party Fastly service.
+- Advanced Fastly features such as virtual patching and per-project logging require a configurable Fastly workspace.
+
+{{< /note >}}
+
 ### Domain control validation
 
 When you request for a new domain to be added to your Fastly service,
-{{% vendor/name %}} support provides you with a [`CNAME` record](/domains/steps/dns.md) for [domain control validation](/domains/troubleshoot.md#ownership-verification).
+{{% vendor/name %}} [support](/learn/overview/get-support.md) provides you with a [`CNAME` record](/domains/steps/dns.md) for [domain control validation](/domains/troubleshoot.md#ownership-verification).
 To add this `CNAME` record to your domain settings,
 see how to [configure your DNS provider](/domains/steps/_index.md#2-configure-your-dns-provider).
 
 ### Transport Layer Security (TLS) certificates
 
-By default, Enterprise and Elite plans include two [TLS certificates](/glossary/_index.md#transport-layer-security-tls),
-an apex and a wildcard one.
+By default, two [TLS certificates](/glossary/_index.md#transport-layer-security-tls) are included: an apex and a wildcard one.
 This allows for encryption of all traffic between your users and your app.
 
 If you use a Fastly CDN provided by {{% vendor/name %}},
@@ -83,13 +95,48 @@ This variable is usually set in the `/master/settings/variables` folder of your
 and you can access it [from a shell](/development/variables/use-variables.md#access-variables-in-a-shell)
 or directly [in your app](/development/variables/use-variables.md#access-variables-in-your-app).
 
-{{% note %}}
 
-Dedicated (gen2) projects may not have the `FASTLY_*` environment variable(s) set.</br>
-In this case, the Fastly API token is stored in a text file called `fastly_tokens.txt` on the server,
-typically located at `/mnt/shared/fastly_tokens.txt`.
+## Dynamic ACL and rate limiting
+
+For details about updating an access control list (ACL) and applying rate limiting, check out the [Working with {{% vendor/name %}} rate-limiting implementation](https://support.platform.sh/hc/en-us/articles/29528777071890-Upsun-Fastly-Rate-Limiting-How-it-works-how-to-tune-it) article in the Upsun Community.
 
-{{% /note %}}
+## Edge-level rate limiting
 
-## Dynamic ACL and rate limiting
-For details about updating an access control list (ACL) and applying rate limiting, check out the [Working with {{% vendor/name %}} rate-limiting implementation](https://support.platform.sh/hc/en-us/articles/29528777071890-Upsun-Fastly-Rate-Limiting-How-it-works-how-to-tune-it) article in the {{% vendor/name %}} Community.
\ No newline at end of file
+{{% vendor/name %}} provides edge-level rate limiting through Fastly, allowing you to control how many requests a single IP address or network can make within a given time window.
+
+Rate limiting is applied at the edge, before requests reach your application, helping to reduce load and mitigate abusive traffic patterns.
+
+### What Edge-level rate limiting can do
+
+- Protect sensitive endpoints such as `/login`, `/admin`, or checkout paths
+- Limit request floods from a single IP or IP range
+- Reduce application load during traffic spikes
+- Enable {{% vendor/company_name %}} Support to better handle attacks or high-traffic events by throttling traffic at the edge
+
+Edge-level rate limiting is available as a standalone add-on (without the WAF).
+<!-- VERIFY: Is the first bullet below only for Fixed? If so, confirm the sentence above is correct (it's written to include only the info in the 2nd bullet). If both bullets apply to Flex, delete the sentence above and uncomment this content, which is copied from Fixed.
+Edge-level rate limiting is:
+- Included with all {{% vendor/company_name %}} Fastly Next-Gen WAF tiers 
+- Available as a standalone add-on (without the WAF)
+-->
+
+### Configuration and defaults
+
+There are no default rate-limiting rules applied automatically. Rate limiting is configured during onboarding, or by request via {{% vendor/name %}} [Support](/learn/overview/get-support.md).
+
+Rules can be scoped by:
+
+- Request path
+- Request type
+- IP address or network
+- Custom thresholds and actions (block, allow, log)
+
+### Limitations
+
+Edge-level rate limiting is a rule-based control mechanism, not an automated bot-detection system. It does not:
+
+- Identify bots automatically
+- Present CAPTCHA or JavaScript challenges
+- Provide AI-driven mitigation
+
+For advanced bot and scraper protection, {{% vendor/name %}} offers separate third-party integrations.
\ No newline at end of file
diff --git a/sites/upsun/src/security/fasty-waf.md b/sites/upsun/src/security/fasty-waf.md
index e56841cb91..742aec77bf 100644
--- a/sites/upsun/src/security/fasty-waf.md
+++ b/sites/upsun/src/security/fasty-waf.md
@@ -6,15 +6,16 @@ banner:
     type: tiered-feature
 ---
 
-On top of the [{{% vendor/name %}} Web Application Firewall (WAF)](/security/web-application-firewall/waf.md) included in {{% vendor/name %}} Enterprise and Elite plans, you can subscribe to the Fastly Next-Gen WAF to further protect your app from security threats.
+On top of the [{{% vendor/name %}} Web Application Firewall (WAF)](/security/web-application-firewall/waf.md),
+you can subscribe to the Fastly Next-Gen Web Application Firewall (Next-Gen WAF) to further protect your app from security threats.
 
 ## Available offers
 
 If you want to subscribe to the Fastly Next-Gen WAF through {{% vendor/name %}},
 you can choose from two offers:
 
-- If you subscribe to the **Basic** offer, your WAF is fully managed by {{% vendor/name %}}
-- If you subscribe to the **Basic configurable** offer, your WAF is fully managed by {{% vendor/name %}} too, but with additional flexibility and visibility provided
+- If you subscribe to the **Basic** offer, your WAF is fully managed by {{% vendor/name %}}.
+- If you subscribe to the **Basic configurable** offer, your WAF is fully managed by {{% vendor/name %}} too, but with additional flexibility and visibility provided.
 
 To view a list of all the features included in each offer, see the following table.
 
@@ -39,3 +40,103 @@ Included features may present limitations compared to those advertised by Fastly
 
 To subscribe to a Fastly Next-Gen WAF offer through {{% vendor/name %}},
 [contact Sales](https://upsun.com/contact-us/).
+
+## Next-Gen WAF Tier Comparison
+
+#### Basic 
+
+- Block-only mode
+- Default attack and anomaly signals enabled
+- No virtual patching
+- No default dashboards
+- No custom signals, response codes, or API/ATO signals
+
+This tier is best suited for baseline protection with minimal configuration requirements.
+
+#### Basic Configurable 
+
+- Block, not blocking, and off modes
+- Default attack and anomaly signals enabled
+- Virtual patching available in block mode
+- Default dashboards reviewed during quarterly business reviews
+- No custom signals, response codes, or API/ATO signals 
+
+This tier is best for customers needing custom rules, CVE protection, per-project visibility, or log integration.
+
+## How the Fastly Next-Gen WAF Works
+
+The Fastly Next-Gen WAF evaluates incoming requests using a combination of signals, conditions, actions, and thresholds.
+
+### Signals
+
+Signals classify and tag requests based on observed patterns, such as:
+
+- SQL injection attempts
+- Cross-site scripting payloads
+- Repeated 404 requests
+- Known attack signatures
+
+Signals are informational and are not inherently “good” or “bad”.
+
+### Conditions
+
+Conditions define where and when a rule applies. Examples include:
+
+- Specific URL paths
+- Request methods
+- Geographic origin
+- Presence of certain signals
+
+### Actions
+
+Actions define what happens when a rule matches (allow/log apply to the configurable offer):
+
+- Block the request
+- Allow the request
+- Log the request for analysis
+
+{{< note theme="info" >}}
+
+The Basic Next-Gen WAF offer operates in block-only mode.
+
+{{< /note >}}
+
+### Thresholds
+
+Thresholds define volume-based triggers. For example, block if more than `N` suspicious requests occur from the same IP within a defined time window to distinguish normal user behaviour from automated probing or attacks.
+
+### Virtual Patching
+
+Virtual patches are temporary WAF rules provided by Fastly to block known CVEs at the edge. They:
+
+- Protect against specific, identified vulnerabilities
+- Buy time while application dependencies are patched
+- Do not replace proper application updates
+
+{{< note theme="info" >}}
+
+Virtual patching is available only in the Basic Configurable Next-Gen WAF tier.
+
+{{< /note >}}
+
+## Scope and Limitations
+
+The Fastly Next-Gen WAF mitigates many common web-based attacks, including parts of the OWASP Top 10. However, it does not replace application-level security. The WAF does not automatically protect against:
+
+- Weak authentication or password policies
+- Insecure application design
+- Business-logic flaws
+- All bot or scraper traffic
+- All DDoS attack types
+
+Some attacks are mitigated at the CDN network layer, while others require identifiable patterns that can be enforced via WAF or rate-limiting rules.
+
+{{< note theme="info" title="No automatic challenges">}}
+
+{{% vendor/name %}}’s Fastly Next-Gen WAF does not provide automatic CAPTCHA or JavaScript challenges. Traffic is evaluated using rule-based signals, thresholds, and actions configured during onboarding or [via Support](/learn/overview/get-support.md).
+
+{{< /note >}}
+
+## Configuration and enablement
+
+Fastly Next-Gen WAF features are not self-service. Enablement and configuration occur during customer onboarding, or via a [Support request](/learn/overview/get-support.md) after purchase.