Update establishment section

maxvp · maxvp · commit d7a319281546 · 2025-06-26T15:37:07.000-05:00
diff --git a/src/content/partials/cloudflare-one/gateway/order-of-enforcement.mdx b/src/content/partials/cloudflare-one/gateway/order-of-enforcement.mdx
@@ -137,21 +137,24 @@ flowchart TB
 
 ## Connection establishment
 
-When a user connects to a server with Gateway, Gateway first establishes a TCP connection with the destination server on the port the user requested. If the connection is successful, Gateway will apply policies. If Gateway policies allow the connection, Gateway will connect the user to the destination. If Gateway policies block the connection, Gateway will end the connection and will not send any data between the user and the destination. If the TCP connection to the destination is unsuccessful, Gateway will not run any policies nor accept further TCP connections from the user.
+When a user connects to a server with Gateway, Gateway first establishes a TCP connection with the destination server on the port the user requested. If the connection is successful, Gateway will apply policies. If Gateway policies allow the connection, Gateway will connect the user to the destination server. If Gateway policies block the connection, Gateway will end the connection and will not send any data between the user and the destination server. If the TCP connection to the destination server is unsuccessful, Gateway will not run any policies nor accept further TCP connections from the user to the server.
 
 ```mermaid
 flowchart TB
-    A["User initiates connection"] --> B["Gateway attempts TCP connection to Destination Server on requested port"]
-    B -- Connection Successful --> C["Gateway applies policies"]
-    B -- Connection Unsuccessful --> E["Gateway does not run policies and rejects user TCP connections"]
-    C -- Policies Allow --> D["Gateway connects User to Destination Server"]
-    C -- Policies Block --> F["Gateway ends connection and sends no data"]
+    A(["User"]) -- Initiates connection --> B["Gateway TCP connection to destination server"]
+    B -- Connection success --> C["Gateway applies policies"]
+    B -- Connection failure --> E["Gateway rejects user TCP connections"]
+    C -- Allow policies --> D["Gateway connects user to destination server"]
+    C -- Block policies --> F["Gateway ends connection and sends no data"]
 
     B@{ shape: hex}
     C@{ shape: hex}
+    style E stroke:#D50000
+    style D stroke:#00C853
+    style F stroke:#D50000
 ```
 
-Connections to Zero Trust will always appear in your [Zero Trust network session logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) regardless of success or failure. Because Gateway does not inspect failed connections, they will not appear in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/).
+Connections to Zero Trust will always appear in your [Zero Trust network session logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) regardless of connection success. Because Gateway does not inspect failed connections, they will not appear in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/).
 
 ## Priority between policy builders
 
