diff --git a/.image_mappings/unifi-vlan-migration-to-zone-based-architecture.txt b/.image_mappings/unifi-vlan-migration-to-zone-based-architecture.txt
new file mode 100644
index 0000000..91c5d05
--- /dev/null
+++ b/.image_mappings/unifi-vlan-migration-to-zone-based-architecture.txt
@@ -0,0 +1,2 @@
+image-167d5cef9e79e622fff779f3671492a8a5a343ea.png|472bf0cd504f4cd7ab7a33cd3322a5f1.png|36ef949c96dde80394f9ad066f5972a5
+image-4b9dbea5f7ceb0446d517305bc281b74e7f22ffc.png|663d732d14fc4fa8ad051c6926523efb.png|39263412375da54265b588e204fe5f6d
diff --git a/content/posts/unifi-vlan-migration-to-zone-based-architecture.md b/content/posts/unifi-vlan-migration-to-zone-based-architecture.md
index 0b82917..25f7832 100644
--- a/content/posts/unifi-vlan-migration-to-zone-based-architecture.md
+++ b/content/posts/unifi-vlan-migration-to-zone-based-architecture.md
@@ -55,12 +55,12 @@ The final configuration groups the individual VLANs into distinct zones, forming
 *   **DMZ:** Contains the `dns` and `prod` networks for semi-trusted, exposed services.
 *   **IoT:** Contains the `iot` network. This is a low-trust zone for smart devices.
 *   **Management:** Contains the `management` network. This is a highly privileged, isolated zone for network infrastructure.
-![S3 File](http://localhost:4998/attachments/image-167d5cef9e79e622fff779f3671492a8a5a343ea.png?client=default&bucket=obsidian)
+![S3 File](/images/unifi-vlan-migration-to-zone-based-architecture/472bf0cd504f4cd7ab7a33cd3322a5f1.png)
 
 #### The Security Policy Matrix
 
 The true power of this model is realized in the firewall's zone matrix, which dictates the default traffic flow between each zone.
-![S3 File](http://localhost:4998/attachments/image-4b9dbea5f7ceb0446d517305bc281b74e7f22ffc.png?client=default&bucket=obsidian)
+![S3 File](/images/unifi-vlan-migration-to-zone-based-architecture/663d732d14fc4fa8ad051c6926523efb.png)
 
 This matrix enforces the desired security policy with clear, high-level rules:
 *   **Complete IoT Isolation:** The `IoT` row shows that devices in this zone are blocked from initiating any communication with any other internal zone. Their only allowed path is out to the internet.
diff --git a/static/images/unifi-vlan-migration-to-zone-based-architecture/472bf0cd504f4cd7ab7a33cd3322a5f1.png b/static/images/unifi-vlan-migration-to-zone-based-architecture/472bf0cd504f4cd7ab7a33cd3322a5f1.png
new file mode 100644
index 0000000..dddd94c
Binary files /dev/null and b/static/images/unifi-vlan-migration-to-zone-based-architecture/472bf0cd504f4cd7ab7a33cd3322a5f1.png differ
diff --git a/static/images/unifi-vlan-migration-to-zone-based-architecture/663d732d14fc4fa8ad051c6926523efb.png b/static/images/unifi-vlan-migration-to-zone-based-architecture/663d732d14fc4fa8ad051c6926523efb.png
new file mode 100644
index 0000000..25fa1e4
Binary files /dev/null and b/static/images/unifi-vlan-migration-to-zone-based-architecture/663d732d14fc4fa8ad051c6926523efb.png differ