diff --git a/manifests/plugins/ml2.pp b/manifests/plugins/ml2.pp
index a033780bf..81d72469c 100644
--- a/manifests/plugins/ml2.pp
+++ b/manifests/plugins/ml2.pp
@@ -93,10 +93,6 @@
 #   It should be false when you use nova security group.
 #   Defaults to $::os_service_default.
 #
-# [*firewall_driver*]
-#   (optional) Firewall driver for realizing neutron security group function.
-#   Defaults to $::os_service_default
-#
 # [*package_ensure*]
 #   (optional) Ensure state for package.
 #   Defaults to 'present'.
@@ -127,6 +123,12 @@
 #   are 4 and 6.
 #   Defaults to $::os_service_default
 #
+# DEPRECATED PARAMETERS
+#
+# [*firewall_driver*]
+#   (optional) Firewall driver for realizing neutron security group function.
+#   Defaults to undef
+#
 class neutron::plugins::ml2 (
   $type_drivers              = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'],
   $extension_drivers         = $::os_service_default,
@@ -138,24 +140,27 @@ class neutron::plugins::ml2 (
   $vxlan_group               = '224.0.0.1',
   $vni_ranges                = '10:100',
   $enable_security_group     = $::os_service_default,
-  $firewall_driver           = $::os_service_default,
   $package_ensure            = 'present',
   $physical_network_mtus     = $::os_service_default,
   $path_mtu                  = 0,
   $purge_config              = false,
   $max_header_size           = $::os_service_default,
   $overlay_ip_version        = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $firewall_driver           = undef,
 ) {
 
   include neutron::deps
   include neutron::params
 
-  if ! $mechanism_drivers {
-    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
+  if $firewall_driver != undef {
+    warning('Using "firewall_driver" option in the ml2 plugin is deprecated \
+and have no any effect. This option should be set in the L2 agent. \
+It will be removed in the future releases.')
   }
 
-  if !is_service_default($enable_security_group) and $enable_security_group and is_service_default($firewall_driver) {
-    warning('Security groups will not work without properly set firewall_driver')
+  if ! $mechanism_drivers {
+    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
   }
 
   # lint:ignore:only_variable_string
@@ -218,7 +223,6 @@ class neutron::plugins::ml2 (
     'ml2/extension_drivers':                value => join(any2array($extension_drivers), ',');
     'ml2/overlay_ip_version':               value => $overlay_ip_version;
     'securitygroup/enable_security_group':  value => $enable_security_group;
-    'securitygroup/firewall_driver':        value => $firewall_driver;
   }
 
   if is_service_default($physical_network_mtus) {
diff --git a/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml b/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
new file mode 100644
index 000000000..a7931c1aa
--- /dev/null
+++ b/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
@@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    Usage of config option ``firewall_driver`` in the ``neutron::plugins::ml2``
+    class is now deprecated and has no effect on the deployment.
+    Config option ``firewall_driver`` should be set in the classes for agents'
+    configuration like ``neutron::agents::ml2::ovs`` instead.
+    Usage of this option in the Neutron server was there just for backward
+    compatibility with old agents which can't report what driver they are using.
+    Since Newton all Neutron drivers are reporting that in heartbeat messages and
+    there is no need to keep configure this in the neutron server's side.
diff --git a/spec/classes/neutron_plugins_ml2_spec.rb b/spec/classes/neutron_plugins_ml2_spec.rb
index 1b3ab673b..b37d2891f 100644
--- a/spec/classes/neutron_plugins_ml2_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_spec.rb
@@ -73,7 +73,6 @@ describe 'neutron::plugins::ml2' do
       should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu])
       should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent')
       should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>')
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('<SERVICE DEFAULT>')
       should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>')
     end
 
@@ -100,12 +99,10 @@ describe 'neutron::plugins::ml2' do
       before :each do
         params.merge!(
           :enable_security_group => true,
-          :firewall_driver       => 'iptables_hybrid',
         )
       end
       it 'configures enable_security_group and firewall_driver options' do
         should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true')
-        should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('iptables_hybrid')
       end
     end