diff --git a/Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md b/Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md
index 62b2bb9..d87e62a 100644
--- a/Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md	
+++ b/Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md	
@@ -39,21 +39,21 @@ Navigate to "**Configure > Site-to-Site VPN > Add**"
 !!! tip "Best Practices - Initiators / Responders"
     If you have a hub-and-spoke network, where one location acts as a central authority (e.g. domain controllers, auth servers, identity providers, headquarters, etc), you will set up the central "hub" as a VPN responder on its side of the VPN tunnel, and all the remote "spoke" locations would behave as VPN initiators.
 
-``` mermaid
-graph TB
-    Responder((Responder))
-    Initiator1((Initiator 1))
-    Initiator2((Initiator 2))
-    Initiator3((Initiator 3))
-    Initiator4((Initiator 4))
-    Initiator5((Initiator 5))
+    ``` mermaid
+    graph TB
+        Responder((Responder))
+        Initiator1((Initiator (Remote Site)))
+        Initiator2((Initiator (Remote Site)))
+        Initiator3((Initiator (Remote Site)))
+        Initiator4((Initiator (Remote Site)))
+        Initiator5((Initiator (Remote Site)))
 
-    Responder --> Initiator1
-    Responder --> Initiator2
-    Responder --> Initiator3
-    Responder --> Initiator4
-    Responder --> Initiator5
-```
+        Responder --> Initiator1
+        Responder --> Initiator2
+        Responder --> Initiator3
+        Responder --> Initiator4
+        Responder --> Initiator5
+    ```
 
 !!! note "Tunnel IDs / Subnets"
     If one side of the tunnel indicates a Local ID, you need to input that as the Remote ID on the other end of the tunnel.  While Tunnel IDs are generally optional, if one side uses them, both need to.