diff --git a/deployment/puppet/fuel/manifests/iptables.pp b/deployment/puppet/fuel/manifests/iptables.pp
index fc0afb7176..e731d1079f 100644
--- a/deployment/puppet/fuel/manifests/iptables.pp
+++ b/deployment/puppet/fuel/manifests/iptables.pp
@@ -2,25 +2,26 @@ class fuel::iptables (
   $network_address,
   $network_cidr,
 
-  $admin_iface           = $::fuel::params::admin_interface,
-  $ssh_port              = '22',
-  $ssh_network           = '0.0.0.0/0',
-  $ssh_rseconds          = 60,
-  $ssh_rhitcount         = 4,
-  $nailgun_web_port      = $::fuel::params::nailgun_port,
-  $nailgun_internal_port = $::fuel::params::nailgun_internal_port,
-  $nailgun_repo_port     = $::fuel::params::repo_port,
-  $postgres_port         = $::fuel::params::db_port,
-  $ostf_port             = $::fuel::params::ostf_port,
-  $rsync_port            = '873',
-  $rsyslog_port          = '514',
-  $ntp_port              = '123',
-  $rabbitmq_ports        = ['4369','5672','61613'],
-  $rabbitmq_admin_port   = '15672',
-  $fuelweb_port          = $::fuel::params::nailgun_ssl_port,
-  $keystone_port         = $::fuel::params::keystone_port,
-  $keystone_admin_port   = $::fuel::params::keystone_admin_port,
-  $chain                 = 'INPUT',
+  $admin_iface                = $::fuel::params::admin_interface,
+  $ssh_port                   = '22',
+  $ssh_network                = '0.0.0.0/0',
+  $ssh_rseconds               = 60,
+  $ssh_rhitcount              = 4,
+  $nailgun_web_port           = $::fuel::params::nailgun_port,
+  $nailgun_internal_port      = $::fuel::params::nailgun_internal_port,
+  $nailgun_serialization_port = $::fuel::params::nailgun_serialization_port,
+  $nailgun_repo_port          = $::fuel::params::repo_port,
+  $postgres_port              = $::fuel::params::db_port,
+  $ostf_port                  = $::fuel::params::ostf_port,
+  $rsync_port                 = '873',
+  $rsyslog_port               = '514',
+  $ntp_port                   = '123',
+  $rabbitmq_ports             = ['4369','5672','61613'],
+  $rabbitmq_admin_port        = '15672',
+  $fuelweb_port               = $::fuel::params::nailgun_ssl_port,
+  $keystone_port              = $::fuel::params::keystone_port,
+  $keystone_admin_port        = $::fuel::params::keystone_admin_port,
+  $chain                      = 'INPUT',
   ) inherits fuel::params {
 
   #Enable cobbler's iptables rules even if Cobbler not called
@@ -185,6 +186,16 @@ class fuel::iptables (
     state   => ['NEW'],
   }
 
+  firewall { '065 nailgun_serialization_port':
+    chain   => $chain,
+    table   => 'filter',
+    dport   => $nailgun_serialization_port,
+    proto   => 'tcp',
+    iniface => $admin_iface,
+    action  => 'accept',
+    state   => ['NEW'],
+  }
+
   firewall { '070 nailgun_internal_block_ext':
     chain  => $chain,
     table  => 'filter',
diff --git a/deployment/puppet/fuel/manifests/params.pp b/deployment/puppet/fuel/manifests/params.pp
index e82a6af602..fe5847724e 100644
--- a/deployment/puppet/fuel/manifests/params.pp
+++ b/deployment/puppet/fuel/manifests/params.pp
@@ -120,6 +120,7 @@ class fuel::params {
   $nailgun_host                  = '127.0.0.1'
   $nailgun_port                  = '8000'
   $nailgun_internal_port         = '8001'
+  $nailgun_serialization_port    = '8002'
   $nailgun_ssl_port              = '8443'
 
   $ostf_host                     = '127.0.0.1'