diff --git a/manifests/network.pp b/manifests/network.pp
index 1a2c9847..86415f9b 100644
--- a/manifests/network.pp
+++ b/manifests/network.pp
@@ -73,7 +73,7 @@ class cloud::network(
     tenant_network_types    => ['gre'],
     mechanism_drivers       => ['openvswitch'],
     tunnel_id_ranges        => ['1:10000'],
-    enable_security_group   => true
+    enable_security_group   => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
   }
 
 }
diff --git a/spec/classes/cloud_network_compute_spec.rb b/spec/classes/cloud_network_compute_spec.rb
index fd3c594b..8da7bc5e 100644
--- a/spec/classes/cloud_network_compute_spec.rb
+++ b/spec/classes/cloud_network_compute_spec.rb
@@ -58,12 +58,12 @@ describe 'cloud::network::compute' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron on compute node' do
diff --git a/spec/classes/cloud_network_controller_spec.rb b/spec/classes/cloud_network_controller_spec.rb
index 1929ff8c..024448f8 100644
--- a/spec/classes/cloud_network_controller_spec.rb
+++ b/spec/classes/cloud_network_controller_spec.rb
@@ -62,12 +62,12 @@ describe 'cloud::network::controller' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron server' do
diff --git a/spec/classes/cloud_network_dhcp_spec.rb b/spec/classes/cloud_network_dhcp_spec.rb
index 584c48c1..636e463e 100644
--- a/spec/classes/cloud_network_dhcp_spec.rb
+++ b/spec/classes/cloud_network_dhcp_spec.rb
@@ -56,12 +56,12 @@ describe 'cloud::network::dhcp' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron dhcp' do
diff --git a/spec/classes/cloud_network_l3_spec.rb b/spec/classes/cloud_network_l3_spec.rb
index 60dd798a..151593f5 100644
--- a/spec/classes/cloud_network_l3_spec.rb
+++ b/spec/classes/cloud_network_l3_spec.rb
@@ -57,12 +57,12 @@ describe 'cloud::network::l3' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron l3' do
diff --git a/spec/classes/cloud_network_lbaas_spec.rb b/spec/classes/cloud_network_lbaas_spec.rb
index 3193a8b5..e69e0c27 100644
--- a/spec/classes/cloud_network_lbaas_spec.rb
+++ b/spec/classes/cloud_network_lbaas_spec.rb
@@ -56,12 +56,12 @@ describe 'cloud::network::lbaas' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron lbaas' do
diff --git a/spec/classes/cloud_network_metadata_spec.rb b/spec/classes/cloud_network_metadata_spec.rb
index bd1fd38c..27688356 100644
--- a/spec/classes/cloud_network_metadata_spec.rb
+++ b/spec/classes/cloud_network_metadata_spec.rb
@@ -63,12 +63,12 @@ describe 'cloud::network::metadata' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron metadata' do
diff --git a/spec/classes/cloud_network_vpn_spec.rb b/spec/classes/cloud_network_vpn_spec.rb
index f54f61e6..2ada0f39 100644
--- a/spec/classes/cloud_network_vpn_spec.rb
+++ b/spec/classes/cloud_network_vpn_spec.rb
@@ -52,12 +52,12 @@ describe 'cloud::network::vpn' do
           :local_ip         => '10.0.1.1'
       )
       should contain_class('neutron::plugins::ml2').with(
-          :type_drivers         => ['gre'],
-          :tenant_network_types => ['gre'],
-          :mechanism_drivers    => ['openvswitch'],
-          :tunnel_id_ranges     => ['1:10000']
+          :type_drivers           => ['gre'],
+          :tenant_network_types   => ['gre'],
+          :mechanism_drivers      => ['openvswitch'],
+          :tunnel_id_ranges       => ['1:10000'],
+          :enable_security_group  => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
       )
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value(true)
     end
 
     it 'configure neutron vpnaas' do