diff --git a/deployment_scripts/puppet/manifests/midonet-install-agent.pp b/deployment_scripts/puppet/manifests/midonet-install-agent.pp
index c985b3e..7c062f5 100644
--- a/deployment_scripts/puppet/manifests/midonet-install-agent.pp
+++ b/deployment_scripts/puppet/manifests/midonet-install-agent.pp
@@ -55,6 +55,8 @@ class {'::midonet::midonet_cli':
 # Firewall rule to allow the udp port used for vxlan tunnelling of overlay
 #  traffic from midolman hosts to other midolman hosts.
 
+class { 'firewall': }
+
 if $segmentation_type =='tun' {
   firewall {'6677 vxlan port':
     port   => '6677',
diff --git a/deployment_scripts/puppet/manifests/midonet-install-api.pp b/deployment_scripts/puppet/manifests/midonet-install-api.pp
index 6bb3f22..00617e6 100644
--- a/deployment_scripts/puppet/manifests/midonet-install-api.pp
+++ b/deployment_scripts/puppet/manifests/midonet-install-api.pp
@@ -60,6 +60,7 @@ exec { 'haproxy reload':
 Haproxy::Listen <||> -> Exec['haproxy reload']
 Haproxy::Balancermember <||> -> Exec['haproxy reload']
 
+class { 'firewall': }
 
 firewall {'502 Midonet api':
   port => '8081',
diff --git a/deployment_scripts/puppet/manifests/midonet-nsdb.pp b/deployment_scripts/puppet/manifests/midonet-nsdb.pp
index 4cc4e9c..f1d7f07 100644
--- a/deployment_scripts/puppet/manifests/midonet-nsdb.pp
+++ b/deployment_scripts/puppet/manifests/midonet-nsdb.pp
@@ -30,6 +30,8 @@ class {'::cassandra':
   seed_address => $nsdb_mgmt_map["${::hostname}"]
 }
 
+class { 'firewall': }
+
 firewall {'500 zookeeper ports':
   port    => '2888-3888',
   proto   => 'tcp',