diff --git a/deployment_scripts/puppet/manifests/neutron_conf.pp b/deployment_scripts/puppet/manifests/neutron_conf.pp
deleted file mode 100644
index cb264d1..0000000
--- a/deployment_scripts/puppet/manifests/neutron_conf.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# Copyright 2016 6WIND S.A.
-
-notice('MODULAR: virtual_accelerator/neutron_conf.pp')
-
-include virtual_accelerator
-class { 'virtual_accelerator::neutron_conf': }
\ No newline at end of file
diff --git a/deployment_scripts/puppet/manifests/neutron_conf_compute.pp b/deployment_scripts/puppet/manifests/neutron_conf_compute.pp
new file mode 100644
index 0000000..df40064
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/neutron_conf_compute.pp
@@ -0,0 +1,7 @@
+#
+# Copyright 2016 6WIND S.A.
+
+notice('MODULAR: virtual_accelerator/neutron_conf_compute.pp')
+
+include virtual_accelerator
+class { 'virtual_accelerator::neutron_conf_compute': }
diff --git a/deployment_scripts/puppet/manifests/neutron_conf_controller.pp b/deployment_scripts/puppet/manifests/neutron_conf_controller.pp
new file mode 100644
index 0000000..db8749d
--- /dev/null
+++ b/deployment_scripts/puppet/manifests/neutron_conf_controller.pp
@@ -0,0 +1,7 @@
+#
+# Copyright 2016 6WIND S.A.
+
+notice('MODULAR: virtual_accelerator/neutron_conf_controller.pp')
+
+include virtual_accelerator
+class { 'virtual_accelerator::neutron_conf_controller': }
diff --git a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp
index aa50370..69913a0 100644
--- a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp
@@ -14,7 +14,7 @@ class virtual_accelerator {
   $fp_mem = $settings['fp_mem']
   $vm_mem = $settings['vm_mem']
   $va_conf_file = ''
-  $disable_ipset = $settings['disable_ipset']
+  $disable_secgroup = $settings['disable_secgroup']
   $enable_host_cpu = $settings['enable_host_cpu']
   $va_version = $settings['va_version']
   $mellanox_support = $settings['mellanox_support']
diff --git a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf.pp b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_compute.pp
similarity index 50%
rename from deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf.pp
rename to deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_compute.pp
index f4e1f26..1f2dc03 100644
--- a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf.pp
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_compute.pp
@@ -1,21 +1,22 @@
 #
 # Copyright 2016 6WIND S.A.
 
-class virtual_accelerator::neutron_conf inherits virtual_accelerator {
+class virtual_accelerator::neutron_conf_compute inherits virtual_accelerator {
 
-  $advanced_params = $virtual_accelerator::advanced_params
+  $disable_secgroup = $virtual_accelerator::disable_secgroup
 
-  $disable_ipset = $virtual_accelerator::disable_ipset
-  $va_version = $virtual_accelerator::va_version
-
-  if $disable_ipset == true or $va_version == '1.3' {
-      $OVS_CONF_FILE = "/etc/neutron/plugins/ml2/ml2_conf.ini"
+  if $disable_secgroup == true {
+      $OVS_CONF_FILE = "/etc/neutron/plugins/ml2/openvswitch_agent.ini"
 
       package { 'crudini':
          ensure => 'latest',
+      }
+
+      exec { 'disable_secgroup':
+         command => "crudini --set ${OVS_CONF_FILE} securitygroup enable_security_group False",
       } ->
-      exec { 'disable_ipset':
-         command => "crudini --set ${OVS_CONF_FILE} securitygroup enable_ipset False",
+      exec { 'disable_firewall':
+         command => "crudini --set ${OVS_CONF_FILE} securitygroup firewall_driver noop",
          notify => Service['openvswitch-switch'],
       }
 
@@ -30,4 +31,3 @@ class virtual_accelerator::neutron_conf inherits virtual_accelerator {
   }
 
 }
-
diff --git a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_controller.pp b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_controller.pp
new file mode 100644
index 0000000..274b8e8
--- /dev/null
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf_controller.pp
@@ -0,0 +1,26 @@
+#
+# Copyright 2016 6WIND S.A.
+
+class virtual_accelerator::neutron_conf_controller inherits virtual_accelerator {
+
+  $disable_secgroup = $virtual_accelerator::disable_secgroup
+
+  if $disable_secgroup == true {
+      $OVS_CONF_FILE = "/etc/neutron/plugins/ml2/ml2_conf.ini"
+
+      package { 'crudini':
+         ensure => 'latest',
+         notify => Exec['disable_firewall'],
+      }
+
+      exec { 'disable_firewall':
+         command => "crudini --set ${OVS_CONF_FILE} securitygroup firewall_driver noop",
+         notify => Service['neutron-server'],
+      }
+
+      service { 'neutron-server':
+         ensure => 'running',
+      }
+  }
+
+}
diff --git a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/nova_conf.pp b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/nova_conf.pp
index 7bdf23c..a9d0d94 100644
--- a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/nova_conf.pp
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/nova_conf.pp
@@ -19,6 +19,13 @@ class virtual_accelerator::nova_conf inherits virtual_accelerator {
     install_options => ['--allow-unauthenticated'],
   }
 
+  if $disable_secgroup == true {
+    exec { 'disable_secgroup':
+        command => "crudini --del ${NOVA_CONF_FILE} DEFAULT security_group_api",
+        notify => Exec['vcpu_pin'],
+    }
+  }
+
   exec { 'vcpu_pin':
       command => "crudini --set ${NOVA_CONF_FILE} DEFAULT vcpu_pin_set $(python /usr/local/bin/get_vcpu_pin_set.py)",
   }
diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml
index e0a0b33..83da1d9 100644
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@@ -57,13 +57,23 @@
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 3600
 
-- id: 6wind-virtual-accelerator-neutron-conf
+- id: 6wind-virtual-accelerator-neutron-conf-compute
   type: puppet
-  role: ['primary-controller', '6wind-virtual-accelerator']
+  role: [6wind-virtual-accelerator]
+  required_for: [6wind-virtual-accelerator-start]
+  requires: [post_deployment_start]
+  parameters:
+    puppet_manifest: puppet/manifests/neutron_conf_compute.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 3600
+
+- id: 6wind-virtual-accelerator-neutron-conf-controller
+  type: puppet
+  role: [primary-controller]
   required_for: [post_deployment_end]
   requires: [post_deployment_start]
   parameters:
-    puppet_manifest: puppet/manifests/neutron_conf.pp
+    puppet_manifest: puppet/manifests/neutron_conf_controller.pp
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 3600
 
diff --git a/doc/source/user-guide.rst b/doc/source/user-guide.rst
index 0265689..886ef00 100644
--- a/doc/source/user-guide.rst
+++ b/doc/source/user-guide.rst
@@ -101,6 +101,18 @@ This plugin offers the possibility to enable/disable such configuration in Nova
 with a specific option (`Host cpu emulation for guests`) in the advanced
 parameters.
 
+Disable security groups
+-----------------------
+
+By default Fuel installs Openstack with security groups active to enable
+traffic filtering between virtual machines.
+In many cases (including NFV) such filtering is not really necessary
+and it heavily affects vm to vm traffic performances.
+
+6WIND Virtual Accelerator Fuel plugin makes possible to disable such
+security group configuration in both Nova/Neutron via the specific option
+(`Disable neutron securty groups`) in the advanced parameters.
+
 Configure hugepages support for virtual machines
 ------------------------------------------------
 
diff --git a/environment_config.yaml b/environment_config.yaml
index 6b015df..0406eec 100644
--- a/environment_config.yaml
+++ b/environment_config.yaml
@@ -94,11 +94,11 @@ attributes:
       - condition: "settings:6wind-virtual-accelerator.advanced_params_enabled.value == false"
         action: hide
 
-  disable_ipset:
+  disable_secgroup:
     value: false
-    label: 'Disable neutron ipset'
-    description: 'Set/unset support for ipset when using security groups'
-    weight: 80
+    label: 'Disable neutron security groups'
+    description: 'Enable/disable security groups for some cases such as NFV'
+    weight: 76
     type: "checkbox"
     restrictions:
       - condition: "settings:6wind-virtual-accelerator.advanced_params_enabled.value == false"