Added screenshot and some corrections

Author: harikrishna-patnala

source/_static/images/firewall_rule_in_vpc.png

@@ -945,10 +945,11 @@ function only if they are defined on the default network.
 Adding Firewall rules on a public IP address in a VPC
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In a VPC, once the public IP address is associated with a tier, you can
-create firewall rules for the public IP address. Firewall rules are created
-to allow traffic from the Internet to a tier. For example, you can create a
-firewall rule to allow HTTP traffic from the Internet to the Web tier.
+In a VPC, once the public IP address is acquired, you can create firewall rules
+for the public IP address. Firewall rules are created to allow traffic from
+specified source CIDRs to a tier through the selected public IP address. For
+example, you can create a firewall rule to allow SSH or HTTP traffic to the Web
+tier.
 
 #. Log in to the CloudStack UI.
 #. In the left navigation, choose Network.
@@ -957,11 +958,15 @@ firewall rule to allow HTTP traffic from the Internet to the Web tier.
    Public IP Address to which you want to add firewall rules.
 #. Click the Firewall Rules tab, which will appear only if the public IP address is associated with a tier.
 #. Click Add Firewall Rule and specify the following:
+
    - *Source CIDR* - The CIDR that defines the source of the traffic.
+
    - *Protocol* - The protocol that defines the type of traffic.
+
    - *Start Port* and *End Port* - The port range that defines the destination of the traffic.
      If you are opening a single port, use the same number in both fields.
 
+   |firewall_rule_in_vpc.png|
 
 Adding Load Balancing Rules on a VPC
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -1525,3 +1530,5 @@ is not required.
    :alt: button to remove a VPC
 .. |restart-vpc.png| image:: /_static/images/restart-vpc.png
    :alt: button to restart a VPC
+.. |firewall_rule_in_vpc.png| image:: /_static/images/firewall_rule_in_vpc.png
+   :alt: Firewall rule in VPC.