diff --git a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
index e4e2d24c7..3d40f5655 100644
--- a/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
+++ b/neutron_fwaas/services/firewall/service_drivers/agents/agents.py
@@ -326,9 +326,10 @@ class FirewallAgentDriver(driver_api.FirewallDriverDB,
         )
 
         # last-port drives agent to ack with status to set state to INACTIVE
-        fwg_with_rules['last-port'] = not (
-            set(new_firewall_group['ports']) - set(old_firewall_group['ports'])
-        )
+        # Set last-port to True if there are no ports in the new group,
+        # but the old group had ports
+        fwg_with_rules['last-port'] = (old_firewall_group['ports'] and
+                                       not(new_firewall_group['ports']))
 
         LOG.debug("update_firewall_group %s: Add Ports: %s, Del Ports: %s",
             new_firewall_group['id'],
diff --git a/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py b/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py
index fa5cbb95c..20989b98d 100644
--- a/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py
+++ b/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py
@@ -473,7 +473,8 @@ class FWaaSL3AgentExtension(l3_extension.L3AgentExtension):
                            "for firewall group: %s")
                     LOG.exception(msg, firewall_group['id'])
                     status = nl_constants.ERROR
-            else:
+            elif not status:
+                # if status not set by now, set it to INACTIVE
                 status = nl_constants.INACTIVE
 
         # Return status to plugin.
diff --git a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py
index 273645720..68ff8e123 100644
--- a/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py
+++ b/neutron_fwaas/tests/unit/services/firewall/service_drivers/agents/l3reference/test_firewall_l3_agent_v2.py
@@ -278,6 +278,27 @@ class TestFWaaSL3AgentExtension(base.BaseTestCase):
         self.api.update_firewall_group(self.context, firewall_group,
                                        host='host')
 
+    def test_update_firewall_group_with_only_ports_removed(self):
+        firewall_group = {'id': 0, 'project_id': 1,
+                          'admin_state_up': True,
+                          'ports': [1, 2],
+                          'add-port-ids': [],
+                          'del-port-ids': ['1'],
+                          'last-port': False
+                          }
+        self.api.plugin_rpc = mock.Mock()
+        with mock.patch.object(self.api.fwaas_driver, 'update_firewall_group'
+                               ) as mock_driver_update_firewall_group, \
+                mock.patch.object(self.api.fwplugin_rpc,
+                                  'set_firewall_group_status'
+                                  ) as mock_set_firewall_group_status:
+
+            mock_driver_update_firewall_group.return_value = True
+            self.api.update_firewall_group(self.context, firewall_group,
+                                           host='host')
+            mock_set_firewall_group_status.assert_called_once_with(
+                    self.context, firewall_group['id'], 'ACTIVE')
+
     def test_delete_firewall_group(self):
         firewall_group = {'id': 0, 'project_id': 1,
                           'admin_state_up': True,