diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index c89210b3c50..3ac2b7462c4 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -22,9 +22,11 @@
Configuring Network Access Control List
Define Network Access Control List (ACL) on the VPC virtual router to control incoming
(ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By
- default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
- you must create a new network ACL. The network ACLs can be created for the tiers only if the
- NetworkACL service is supported.
+ default, all incoming traffic to the guest networks is blocked and all outgoing traffic from
+ guest networks is allowed, once you add an ACL rule for outgoing traffic, then only outgoing
+ traffic specified in this ACL rule is allowed, the rest is blocked. To open the ports, you must
+ create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL
+ service is supported.
About Network ACL Lists
In &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items
@@ -35,8 +37,8 @@
VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier
can be associated with only one ACL.
The default Network ACL is used when no ACL is associated. Default behavior is all the
- incoming and outgoing traffic is blocked to the tiers. Default network ACL cannot be removed
- or modified. Contents of the default Network ACL is:
+ incoming traffic is blocked and outgoing traffic is allowed from the tiers. Default network
+ ACL cannot be removed or modified. Contents of the default Network ACL is:
@@ -222,7 +224,7 @@
- Assigning a Custom ACL List to a Tier
+ Creating a Tier with Custom ACL List
Create a VPC.
diff --git a/docs/en-US/images/add-tier.png b/docs/en-US/images/add-tier.png
index 881671e2133..0994dbd0a5a 100644
Binary files a/docs/en-US/images/add-tier.png and b/docs/en-US/images/add-tier.png differ