ZTIA-507: Update docs to match new Gateway selectors for Access infra apps

Author: Michael9127

src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx

@@ -122,3 +122,18 @@ The following [Access policy selectors](/cloudflare-one/policies/access/#selecto
 - Authentication method
 - Device posture
 - Entra group, GitHub organization, Google Workspace group, Okta group
+
+## Modify order of precedence in Gateway
+
+By default, Cloudflare will evaluate an Infrastructure application's Access policies after evaluating all Gateway network policies. To evaluate Access private applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
+
+
+| Selector | Operator | Value        | Action |
+| -------- | -------- | ------------ | ------ |
+| All Access App Targets | is       | `Enabled` | Allow  |
+
+You can now drag and drop this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
+
+:::note
+Users must pass the policies in your Access application before they are granted access. The Gateway Allow policy is strictly for routing and connectivity purposes.
+:::

src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx

@@ -78,7 +78,7 @@ By default, Cloudflare will evaluate a private application's Access policies aft
 
 | Selector | Operator | Value        | Action |
 | -------- | -------- | ------------ | ------ |
-| All Access Private Apps | is       | `Enabled` | Allow  |
+| All Access Private App Destinations | is       | `Enabled` | Allow  |
 
 You can now drag and drop this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
 

src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx

@@ -39,6 +39,7 @@ API value: `allow`
 **Traffic**
 
 - [All Access Private Apps](#all-access-private-apps)
+- [All Access App Targets](#all-access-app-targets)
 - [Application](#application)
 - [Content Categories](#content-categories)
 - [Destination Continent IP Geolocation](#destination-continent)
@@ -237,6 +238,14 @@ All destination IPs and hostnames associated with an [Access self-hosted private
 | ----------- | -------------------------- |
 | All Access Private App Destinations | `access.private_app` |
 
+### All Access App Targets
+
+All destination IPs and hostnames associated with an [Access Infrastructure application](/cloudflare-one/applications/non-http/infrastructure-apps/#modify-order-of-precedence-in-gateway).
+
+| UI name     | API example                |
+| ----------- | -------------------------- |
+| All Access App Targets | `access.target` |
+
 ### Application
 
 <Render file="gateway/selectors/application" params={{ one: "network" }} />