diff --git a/ace_pro/docs/images/lab9-newrule10.png b/ace_pro/docs/images/lab9-newrule10.png
index 32cfb3fa..1d91fd0c 100644
Binary files a/ace_pro/docs/images/lab9-newrule10.png and b/ace_pro/docs/images/lab9-newrule10.png differ
diff --git a/ace_pro/docs/images/lab911-new.png b/ace_pro/docs/images/lab911-new.png
index c513ecc6..ded5f728 100644
Binary files a/ace_pro/docs/images/lab911-new.png and b/ace_pro/docs/images/lab911-new.png differ
diff --git a/ace_pro/docs/images/lab911-new33.png b/ace_pro/docs/images/lab911-new33.png
new file mode 100644
index 00000000..f5c010ec
Binary files /dev/null and b/ace_pro/docs/images/lab911-new33.png differ
diff --git a/ace_pro/docs/images/lab96-newrule-commit.png b/ace_pro/docs/images/lab96-newrule-commit.png
new file mode 100644
index 00000000..d6ce6192
Binary files /dev/null and b/ace_pro/docs/images/lab96-newrule-commit.png differ
diff --git a/ace_pro/docs/images/lab96-newrule44.png b/ace_pro/docs/images/lab96-newrule44.png
new file mode 100644
index 00000000..2428205e
Binary files /dev/null and b/ace_pro/docs/images/lab96-newrule44.png differ
diff --git a/ace_pro/docs/lab8.md b/ace_pro/docs/lab8.md
index e7a619e7..cc456862 100644
--- a/ace_pro/docs/lab8.md
+++ b/ace_pro/docs/lab8.md
@@ -256,7 +256,7 @@ align: center
LX Terminal
```
-Now execute the ping command towards the private IP address of the **aws-us-east-2-spoke1-test1** instance.
+Now execute the ping command towards the private IP address of the **aws-us-east-2-spoke1-test1** instance (**i.e. 10.0.1.100**).
```{figure} images/lab8-edge22.png
---
diff --git a/ace_pro/docs/lab9.md b/ace_pro/docs/lab9.md
index 3c1dd001..9443473b 100644
--- a/ace_pro/docs/lab9.md
+++ b/ace_pro/docs/lab9.md
@@ -114,6 +114,7 @@ Retrieve the Public IP address of **_aws-us-east-1-spoke1-test1_** instance:
---
align: center
---
+height: 250px
Public IP address
```
@@ -146,7 +147,9 @@ Curl towards the malicious IP
The traffic will be permitted... Let's now enforce the `ThreatIQ mechanism`!
```{note}
-The IP shown in these screenshots might not be deemed a threat when you read this. Please use the malicious IP provided by the instructor.
+The IP shown in these screenshots might not be deemed a threat when you read this.
+
+Please use the malicious IP provided by the instructor.
```
## 6.0 Create a new SmartGroup
@@ -186,6 +189,7 @@ Do not forget to click on **Save**.
```{figure} images/lab9-smart003.png
---
+height: 250px
align: center
---
SmartGroups List
@@ -204,7 +208,7 @@ New Rule
Insert the following parameters
-- **Name**: PSF-Rule
+- **Name**: PSF-Deny-Rule-from-aws-us-east-1-spoke1-test1
- **Source Groups**: aws-us-east-1-spoke1-test1
- **Destination Groups**: DeafultThreatGroup
- **Protocol**: Any
@@ -221,13 +225,47 @@ align: center
Saving the new Rule
```
-Click on the **Commit** button!
+Now before committing, create another DCF rule for blocking also the traffic sourced from any Malicious IP addresses towards
+
+```{important}
+These two rules will protect the `bi-directional communication`: traffic will be blocked if **aws-us-east-1-spoke1-test1** will try to reach any **M**alcious IPs** (by _ProfPoint's DB_), and likewise traffic will be blocked if any **Malicious IPs** (by _ProfPoint's DB_) will try to reach the **aws-us-east-1-spoke1-test1**.
+```
+
+Create a new rule clicking on the `"+ Rule"` button:
-```{figure} images/lab96-newrule11.png
+```{figure} images/lab911-new33.png
---
align: center
---
-PSF-Rule
+New Rule
+```
+
+Insert the following parameters
+
+- **Name**: PSF-Deny-Rule-from-malicious-ips
+- **Source Groups**: DeafultThreatGroup
+- **Destination Groups**: aws-us-east-1-spoke1-test1
+- **Protocol**: Any
+- **Enforcement**: **On**
+- **Logging**: On
+- **Action**: **Deny**
+
+Do not forget to click on **Save In Drafts**.
+
+```{figure} images/lab96-newrule44.png
+---
+align: center
+---
+PSF-Deny-Rule-from-malicious-ips
+```
+
+Do not forget now to **Commit** your new rules!
+
+```{figure} images/lab96-newrule-commit.png
+---
+align: center
+---
+Commit the new rules
```
```{important}