update for pro

ace_pro/docs/lab1.md

@@ -20,6 +20,12 @@ align: center
 POD portal
 ```
 
+```{caution}
+You will get only access to the **AWS** Console!
+
+Access to both the _Azure_ console and the _GCP_ console are not granted.
+```
+
 ## 2. Azure VNet
 ### 2.1. Create Azure VNet
 

ace_pro/docs/lab2.md

@@ -682,7 +682,7 @@ Please pay close attention that the following pending elements will be completed
 
 ## 5. Verification
 
-### 5.1. Verification of Transit Peerings on CoPilot(Cloud Fabric)
+### 5.1. Verification of Transit Peerings on CoPilot (Cloud Fabric)
 
 Go to **CoPilot > Cloud Fabric > Gateways > Transit Gateways**, select the Transit Gateway **_aws-us-east-2-transit_**, then select the `Attachments"` tab and finally select the `"Transit-Transit Peering"` tab: you will see **one** connection per each peering, that correspond to the `two IPSec tunnels`.
 

ace_pro/docs/lab4.md

@@ -366,7 +366,7 @@ Disable "Gateway Single AZ HA
 ```{caution}
 The `Gateway Single AZ HA` feature enables the **Aviatrix Controller** to monitor the health of the gateway instance and restart the gateway instance if it becomes unreachable. 
 
-Gateway Single AZ HA is enabled by default.
+<ins>Gateway Single AZ HA is enabled by default</ins>.
 
 When Gateway Single AZ HA status is **On**, the Aviatrix Controller attempts to restart the gateway instance. When status is **Off**, Controller does **NOT** attempt to restart the gateway instance.
 ```

ace_pro/docs/lab5.md

@@ -390,7 +390,7 @@ However, on the SSH client, you will **NOT** see any outputs, this is because th
 height: 200px
 align: center
 ---
-SSH client output
+SSH client outputs
 ```
 
 Go to **CoPilot > Security > Egress > Overview (default)**
@@ -452,7 +452,7 @@ The purpose of this **WebGroup** is to authorize traffic only towards both the D
 ```
 
 ### 5.2 Create an _"editable"_ Explicit -Deny-Rule 
-### 5.2.1 Enforce the Egree-Rule
+#### 5.2.1 Enforce the Egress-Rule
 
 Go to **CoPilot > Security > Distributed Cloud Firewall > Rules**, click on the **pencil** button on the right-hand side of the `Egress-Rule`.
 
@@ -481,7 +481,7 @@ Commit the changes
 - **Publlic Internet** = Represents non-RFC 1918 IP ranges, or the public Internet
 ```
 
-After having enforced the Egress-Rule you will notice that automatically ther Controller has applied at the very bottom, the `DefaultDenyAll` rule. 
+After having successfully enforced the **Egress-Rule** you will notice that automatically ther Controller has applied at the very bottom, the `DefaultDenyAll` rule. 
 
 ```{figure} images/lab6-webgroup23456.png
 ---
@@ -501,7 +501,7 @@ align: center
 Not editable
 ```
 
-### 5.2.2 Create an _ad-hoc_ Explicit-Deny-Rule
+#### 5.2.2 Create an _ad-hoc_ Explicit-Deny-Rule
 
 Go to **CoPilot > Security > Distributed Cloud Firewall > Rules (default tab)** and create a new rule clicking on the `"+ Rule"` button.
 
@@ -596,14 +596,14 @@ Permit
 ## 6. IDS
 ### 6.1 Create a New Rule
 
-Let's now test the **_IDS_** feature (i.e. Intrusion Detection System). 
+Let's now test the **_IDS_** feature (i.e. Intrusion Detection System), from the **aws-us-east-2spoke1-test2** instance.
 
 Go to **CoPilot > Security > Distributed Cloud Firewall > Rules** and click on the `"+ Rule"` button.
 
 Create a new DCF Rule with the following parameters:
 
 - **Name**: <span style='color:#479608'>Inspect-DNS</span>
-- **Source Smartgroups**: <span style='color:#479608'>Anywhere(0.0.0.0/0)</span>
+- **Source Smartgroups**: <span style='color:#479608'>us-east-2-private-subnet</span>
 - **Destination Smartgroups**: <span style='color:#479608'>Public Internet</span>
 - **Protocol**: <span style='color:#479608'>Any</span>
 - **Logging**: <span style='color:#479608'>On</span>