docs: add transparent proxy visual aid (#12211)

Co-authored-by: Paul Banks <banks@banksco.de>

website/content/docs/connect/transparent-proxy.mdx

@@ -9,6 +9,35 @@ description: |-
 
 # Transparent Proxy
 
+Transparent proxy allows applications to communicate through the mesh without changing their configuration.
+Transparent proxy also hardens application security by preventing direct inbound connections that bypass the mesh.
+
+#### Without Transparent Proxy
+
+![Diagram demonstrating that without transparent proxy, applications must "opt in" to connecting to their dependencies through the mesh](/img/consul-connect/without-transparent-proxy.png)
+
+Without transparent proxy, application owners need to:
+
+1. Explicitly configure upstream services, choosing a local port to access them.
+1. Change application to access `localhost:<chosen port>`.
+1. Configure application to listen only on the loopback interface to prevent unauthorized
+   traffic from bypassing the mesh.
+
+#### With Transparent Proxy
+
+![Diagram demonstrating that with transparent proxy, connections are automatically routed through the mesh](/img/consul-connect/with-transparent-proxy.png)
+
+With transparent proxy:
+
+1. Upstreams are inferred from service intentions, so no explicit configuration
+   is needed.
+1. Outbound connections pointing to a KubeDNS name "just work" — network rules
+   redirect them through the proxy.
+1. Inbound traffic is forced to go through the proxy to prevent unauthorized
+   direct access to the application.
+
+#### Overview
+
 Transparent proxy allows users to reach other services in the service mesh while ensuring that inbound and outbound
 traffic for services in the mesh are directed through the sidecar proxy. Traffic is secured
 and only reaches intended destinations since the proxy can enforce security and policy like TLS and Service Intentions.