diff --git a/docs/en-US/add-gateway-vpc.xml b/docs/en-US/add-gateway-vpc.xml
index 9a270f9d794..486cf84a824 100644
--- a/docs/en-US/add-gateway-vpc.xml
+++ b/docs/en-US/add-gateway-vpc.xml
@@ -144,10 +144,11 @@
ACL on Private Gateway
The traffic on the VPC private gateway is controlled by creating both ingress and egress
- network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the
- ingress traffic to the private gateway interface and all the egress traffic out from the
- private gateway interface are blocked. You can change this default behaviour while creating a
- private gateway.
+ network ACL rules. The ACLs contains both allow and deny rules. In addition to the default ACL
+ rules, rules you might have created are also listed in the ACL drop-down list. As per the
+ rule, all the ingress traffic to the private gateway interface and all the egress traffic out
+ from the private gateway interface are blocked. You can change this default behaviour while
+ creating a private gateway.
Creating a Static Route
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index e7459e68dbf..1def9ea65cc 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -25,119 +25,197 @@
default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
you must create a new network ACL. The network ACLs can be created for the tiers only if the
NetworkACL service is supported.
-
-
- Log in to the &PRODUCT; UI as an administrator or end user.
-
-
- In the left navigation, choose Network.
-
-
- In the Select view, select VPC.
- All the VPCs that you have created for the account is listed in the page.
-
-
- Click the Configure button of the VPC, for which you want to configure load balancing
- rules.
- For each tier, the following options are displayed:
-
-
- Internal LB
-
-
- Public LB IP
-
-
- Static NAT
-
-
- Virtual Machines
-
-
- CIDR
-
-
- The following router information is displayed:
-
-
- Private Gateways
-
-
- Public IP Addresses
-
-
- Site-to-Site VPNs
-
-
- Network ACL Lists
-
-
-
-
- Select Network ACL Lists.
- The following default rules are displayed in the Network ACLs page: default_allow,
- default_deny.
-
-
- Click Add ACL Lists, and specify the following:
-
-
- ACL List Name: A name for the ACL list.
-
-
- Description: A short description of the ACL list
- that can be displayed to users.
-
-
-
-
- Select the ACL list.
-
-
- Select the ACL List Rules tab.
- To add an ACL rule, fill in the following fields to specify what kind of network traffic
- is allowed in the VPC.
-
-
- CIDR: The CIDR acts as the Source CIDR for the
- Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or
- to the IP addresses within a particular address block, enter a CIDR or a comma-separated
- list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example,
- 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.
-
-
- Protocol: The networking protocol that sources use
- to send traffic to the tier. The TCP and UDP protocols are typically used for data
- exchange and end-user communications. The ICMP protocol is typically used to send error
- messages or network monitoring data. All supports all the traffic. Other option is
- Protocol Number.
-
-
- Start Port, End
- Port (TCP, UDP only): A range of listening ports that are the destination
- for the incoming traffic. If you are opening a single port, use the same number in both
- fields.
-
-
- Protocol Number: The protocol number associated
- with IPv4 or IPv6. For more information, see Protocol
- Numbers.
-
-
- ICMP Type, ICMP
- Code (ICMP only): The type of message and error code that will be
- sent.
-
-
- Action: What action to be taken.
-
-
-
-
- Click Add. The ACL rule is added.
- You can edit the tags assigned to the ACL rules and delete the ACL rules you have
- created. Click the appropriate button in the Details tab.
-
-
+
+ Creating ACL Lists
+
+
+ Log in to the &PRODUCT; UI as an administrator or end user.
+
+
+ In the left navigation, choose Network.
+
+
+ In the Select view, select VPC.
+ All the VPCs that you have created for the account is listed in the page.
+
+
+ Click the Configure button of the VPC.
+ For each tier, the following options are displayed:
+
+
+ Internal LB
+
+
+ Public LB IP
+
+
+ Static NAT
+
+
+ Virtual Machines
+
+
+ CIDR
+
+
+ The following router information is displayed:
+
+
+ Private Gateways
+
+
+ Public IP Addresses
+
+
+ Site-to-Site VPNs
+
+
+ Network ACL Lists
+
+
+
+
+ Select Network ACL Lists.
+ The following default rules are displayed in the Network ACLs page: default_allow,
+ default_deny.
+
+
+ Click Add ACL Lists, and specify the following:
+
+
+ ACL List Name: A name for the ACL list.
+
+
+ Description: A short description of the ACL list
+ that can be displayed to users.
+
+
+
+
+
+
+ Creating an ACL Rule
+
+
+ Log in to the &PRODUCT; UI as an administrator or end user.
+
+
+ In the left navigation, choose Network.
+
+
+ In the Select view, select VPC.
+ All the VPCs that you have created for the account is listed in the page.
+
+
+ Click the Configure button of the VPC.
+
+
+ Select Network ACL Lists.
+ In addition to the custom ACL lists you have created, the following default rules are
+ displayed in the Network ACLs page: default_allow, default_deny.
+
+
+ Select the desired ACL list.
+
+
+ Select the ACL List Rules tab.
+ To add an ACL rule, fill in the following fields to specify what kind of network
+ traffic is allowed in the VPC.
+
+
+ CIDR: The CIDR acts as the Source CIDR for the
+ Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from
+ or to the IP addresses within a particular address block, enter a CIDR or a
+ comma-separated list of CIDRs. The CIDR is the base IP address of the incoming
+ traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.
+
+
+ Protocol: The networking protocol that sources
+ use to send traffic to the tier. The TCP and UDP protocols are typically used for data
+ exchange and end-user communications. The ICMP protocol is typically used to send
+ error messages or network monitoring data. All supports all the traffic. Other option
+ is Protocol Number.
+
+
+ Start Port, End
+ Port (TCP, UDP only): A range of listening ports that are the destination
+ for the incoming traffic. If you are opening a single port, use the same number in
+ both fields.
+
+
+ Protocol Number: The protocol number associated
+ with IPv4 or IPv6. For more information, see Protocol
+ Numbers.
+
+
+ ICMP Type, ICMP
+ Code (ICMP only): The type of message and error code that will be
+ sent.
+
+
+ Action: What action to be taken.
+
+
+
+
+ Click Add. The ACL rule is added.
+ You can edit the tags assigned to the ACL rules and delete the ACL rules you have
+ created. Click the appropriate button in the Details tab.
+
+
+
+
+ Assigning a Custom ACL List to a Tier
+
+
+ Create a VPC.
+
+
+ Create a custom ACL list.
+
+
+ Add ACL rules to the ACL list.
+
+
+ Create a tier in the VPC.
+ Select the desired ACL list while creating a tier.
+
+ Click OK.
+
+
+
+ Assigning a Custom ACL List to a Tier
+
+
+ Create a VPC.
+
+
+ Create a tier in the VPC.
+
+
+ Associate the tier with the default ACL rule.
+
+
+ Create a custom ACL list.
+
+
+ Add ACL rules to the ACL list.
+
+
+ Select the tier for which you want to assign the custom ACL.
+
+ Click the Replace ACL List icon.
+
+
+
+
+ replace-acl-icon.png: button to replace an ACL list
+
+
+ The Replace ACL List dialog is displayed.
+ Select the desired ACL list.
+ Click OK.
+
+
diff --git a/docs/en-US/images/replace-acl-icon.png b/docs/en-US/images/replace-acl-icon.png
new file mode 100644
index 00000000000..6a15d4565dd
Binary files /dev/null and b/docs/en-US/images/replace-acl-icon.png differ
diff --git a/docs/en-US/images/replace-acl-list.png b/docs/en-US/images/replace-acl-list.png
new file mode 100644
index 00000000000..33750173b18
Binary files /dev/null and b/docs/en-US/images/replace-acl-list.png differ